marco/buildmymcpserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8a7ffe673d
buildmymcpserver/infra/traefik/docker-compose.traefik.yml
Marco Sadjadi 8a7ffe673d feat(deploy): production Dockerfiles, compose stack, and runbook 
- Multi-stage Dockerfiles for web/api/generator (pnpm workspace install,
  tsx runtime — workspace packages are raw TS, same model as runner-template).
- docker-compose.prod.yml: postgres + redis + the three app services.
  api/generator/web use host networking so the generator's host-port probe
  is correct and every service shares one address space; api + generator
  mount the Docker socket. Binds nothing on 80/443 — safe beside other apps.
- Optional Traefik reverse proxy in infra/traefik/ (heavily gated — only if
  the box has no existing proxy).
- .env.production.example, .dockerignore, DEPLOY.md (Cloudflare zone, GoDaddy
  nameserver switch, server deploy, Google Cloud Console OAuth app).
- api/generator `start` now runs via tsx; `node dist/index.js` could never
  resolve the raw-TS workspace imports.

All three images verified building clean; the API container boots under tsx.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-21 00:37:02 +02:00

38 lines
1.5 KiB
YAML
Raw Blame History

# OPTIONAL reverse proxy — use ONLY if the server has no existing proxy.
#
# !! DANGER: this binds host ports 80 and 443. If another reverse proxy
# !! (nginx / Caddy / another Traefik) is already serving the other live apps
# !! on this box, starting this WILL conflict and can take those apps offline.
# !! Check first: sudo ss -ltnp '( sport = :80 or sport = :443 )'
# !! If something already listens there, DO NOT run this. Instead add a vhost
# !! to the existing proxy pointing at 127.0.0.1:3001 (web) and 127.0.0.1:4000
# !! (api). See DEPLOY.md.
#
# Run with:
# docker compose --env-file .env -f docker-compose.traefik.yml up -d
name: buildmymcp-traefik
services:
traefik:
image: traefik:v3.2
restart: unless-stopped
network_mode: host
command:
- --providers.file.filename=/etc/traefik/dynamic.yml
- --providers.file.watch=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --certificatesresolvers.le.acme.httpchallenge=true
- --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.le.acme.email=${ACME_EMAIL:?set ACME_EMAIL in infra/traefik/.env}
- --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
volumes:
- ./dynamic.yml:/etc/traefik/dynamic.yml:ro
- bmm_letsencrypt:/letsencrypt
volumes:
bmm_letsencrypt:
Reference in New Issue View Git Blame Copy Permalink