marco/buildmymcpserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a54f6218a7
buildmymcpserver/docker-compose.prod.yml
Marco Sadjadi 8a7ffe673d feat(deploy): production Dockerfiles, compose stack, and runbook 
- Multi-stage Dockerfiles for web/api/generator (pnpm workspace install,
  tsx runtime — workspace packages are raw TS, same model as runner-template).
- docker-compose.prod.yml: postgres + redis + the three app services.
  api/generator/web use host networking so the generator's host-port probe
  is correct and every service shares one address space; api + generator
  mount the Docker socket. Binds nothing on 80/443 — safe beside other apps.
- Optional Traefik reverse proxy in infra/traefik/ (heavily gated — only if
  the box has no existing proxy).
- .env.production.example, .dockerignore, DEPLOY.md (Cloudflare zone, GoDaddy
  nameserver switch, server deploy, Google Cloud Console OAuth app).
- api/generator `start` now runs via tsx; `node dist/index.js` could never
  resolve the raw-TS workspace imports.

All three images verified building clean; the API container boots under tsx.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-21 00:37:02 +02:00

101 lines
2.9 KiB
YAML
Raw Blame History

# Production stack for buildmymcp.com — Linux host only.
#
# Run with:
# docker compose --env-file .env.production -f docker-compose.prod.yml up -d --build
#
# Topology notes:
# - api / web / generator use host networking. The generator allocates host
# ports (4100-4999) for generated MCP containers and probes them with a local
# socket bind — that probe is only correct in the host network namespace.
# Host networking also keeps every service on one address space (127.0.0.1).
# - postgres / redis stay on the compose bridge network and publish to loopback
# only, so the host-networked services reach them at 127.0.0.1.
# - api and generator mount the Docker socket: the API removes containers, the
# generator builds + runs them. Generated MCP containers are host siblings.
# - Nothing here binds 0.0.0.0:80/443. Front this with the box's existing
# reverse proxy, or the optional one in infra/traefik/. See DEPLOY.md.
name: buildmymcp
services:
postgres:
image: postgres:16-alpine
restart: unless-stopped
environment:
POSTGRES_USER: ${POSTGRES_USER:-bmm}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?set POSTGRES_PASSWORD in .env.production}
POSTGRES_DB: ${POSTGRES_DB:-bmm}
ports:
- "127.0.0.1:${POSTGRES_PORT:-5440}:5432"
volumes:
- bmm_pg:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-bmm} -d ${POSTGRES_DB:-bmm}"]
interval: 5s
timeout: 5s
retries: 20
redis:
image: redis:7-alpine
restart: unless-stopped
command: ["redis-server", "--appendonly", "yes"]
ports:
- "127.0.0.1:${REDIS_PORT:-6390}:6379"
volumes:
- bmm_redis:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 5s
retries: 20
api:
build:
context: .
dockerfile: apps/api/Dockerfile
restart: unless-stopped
network_mode: host
env_file: .env.production
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- bmm_keys:/app/apps/api/keys
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
generator:
build:
context: .
dockerfile: apps/generator/Dockerfile
restart: unless-stopped
network_mode: host
env_file: .env.production
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- bmm_build_context:/app/build-context
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
web:
build:
context: .
dockerfile: apps/web/Dockerfile
args:
NEXT_PUBLIC_API_URL: ${NEXT_PUBLIC_API_URL:?set NEXT_PUBLIC_API_URL in .env.production}
restart: unless-stopped
network_mode: host
env_file: .env.production
depends_on:
- api
volumes:
bmm_pg:
bmm_redis:
bmm_keys:
bmm_build_context:
Reference in New Issue View Git Blame Copy Permalink