mirror of
https://github.com/velocitatem/cvfs.git
synced 2026-05-31 08:43:37 +00:00
aa419cde0d
- Replace ReportLab PDF export with LibreOffice headless for proper DOCX formatting preservation - Add libreoffice-writer + fonts-liberation to backend Dockerfile - Proxy public CV PDFs through frontend (/cv/[slug]) instead of redirecting to MinIO storage directly - Fix docker-compose: route backend/worker to internal MinIO URL (http://cvfs-minio:9000), remove MinIO from public network, parameterize all domain/env vars - Add storage cleanup (MinIO artifact deletion) when a document is deleted - Add docker-compose.standalone.yml for self-deployment without Traefik/dokploy - Update .env.example with comprehensive self-deployment documentation https://claude.ai/code/session_017HGM9VPptZG52asT5pbL6Y
149 lines
4.5 KiB
YAML
149 lines
4.5 KiB
YAML
version: "3.8"
|
|
|
|
# Standalone deployment — no Traefik/reverse-proxy required.
|
|
# Usage: docker compose -f docker-compose.standalone.yml up -d
|
|
# Configure via a .env file (copy .env.example and fill in values).
|
|
|
|
networks:
|
|
cvfs-network:
|
|
|
|
services:
|
|
webapp:
|
|
container_name: "cvfs-webapp"
|
|
build:
|
|
context: ./
|
|
dockerfile: ./docker/webapp.Dockerfile
|
|
args:
|
|
NEXT_PUBLIC_AUTHENTIK_ISSUER: ${NEXT_PUBLIC_AUTHENTIK_ISSUER:-}
|
|
NEXT_PUBLIC_AUTHENTIK_CLIENT_ID: ${NEXT_PUBLIC_AUTHENTIK_CLIENT_ID:-}
|
|
NEXT_PUBLIC_BASE_URL: ${PUBLIC_BASE_URL:-http://localhost:3000}
|
|
API_BASE_URL: http://cvfs-backend:8080
|
|
environment:
|
|
- API_BASE_URL=http://cvfs-backend:8080
|
|
- AUTHENTIK_ISSUER=${AUTHENTIK_ISSUER:-}
|
|
- AUTHENTIK_CLIENT_ID=${AUTHENTIK_CLIENT_ID:-}
|
|
- AUTHENTIK_CLIENT_SECRET=${AUTHENTIK_CLIENT_SECRET:-}
|
|
- NEXT_PUBLIC_AUTHENTIK_ISSUER=${NEXT_PUBLIC_AUTHENTIK_ISSUER:-}
|
|
- NEXT_PUBLIC_AUTHENTIK_CLIENT_ID=${NEXT_PUBLIC_AUTHENTIK_CLIENT_ID:-}
|
|
- NEXT_PUBLIC_BASE_URL=${PUBLIC_BASE_URL:-http://localhost:3000}
|
|
ports:
|
|
- "${WEBAPP_PORT:-3000}:3000"
|
|
networks:
|
|
- cvfs-network
|
|
depends_on:
|
|
- backend
|
|
restart: unless-stopped
|
|
|
|
backend:
|
|
container_name: "cvfs-backend"
|
|
build:
|
|
context: ./
|
|
dockerfile: ./docker/backend-fastapi.Dockerfile
|
|
environment:
|
|
- BACKEND_PORT=8080
|
|
- DATABASE_URL=postgresql+asyncpg://postgres:${POSTGRES_PASSWORD:-postgres}@cvfs-postgres:5432/resume_branches
|
|
- MINIO_ENDPOINT=http://cvfs-minio:9000
|
|
- MINIO_BUCKET=${MINIO_BUCKET:-resume-branches}
|
|
- MINIO_REGION=${MINIO_REGION:-us-east-1}
|
|
- MINIO_ROOT_USER=${MINIO_ROOT_USER:-minioadmin}
|
|
- MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-minioadmin}
|
|
- PUBLIC_BASE_URL=${PUBLIC_BASE_URL:-http://localhost:3000}
|
|
- CV_PUBLIC_DOMAIN=${CV_PUBLIC_DOMAIN:-localhost}
|
|
- CORS_ORIGINS=${CORS_ORIGINS:-http://localhost:3000}
|
|
- REDIS_URL=redis://cvfs-redis:6379/0
|
|
- CELERY_BROKER_URL=redis://cvfs-redis:6379/0
|
|
- CELERY_RESULT_BACKEND=redis://cvfs-redis:6379/0
|
|
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
|
|
- AUTH_OIDC_ISSUER=${AUTH_OIDC_ISSUER:-}
|
|
- AUTH_OIDC_AUDIENCE=${AUTH_OIDC_AUDIENCE:-}
|
|
- AUTH_DISABLE_VERIFICATION=${AUTH_DISABLE_VERIFICATION:-true}
|
|
ports:
|
|
- "${BACKEND_PORT:-8080}:8080"
|
|
depends_on:
|
|
- postgres
|
|
- minio
|
|
- redis
|
|
networks:
|
|
- cvfs-network
|
|
restart: unless-stopped
|
|
|
|
worker:
|
|
container_name: "cvfs-worker"
|
|
build:
|
|
context: ./
|
|
dockerfile: ./docker/worker.Dockerfile
|
|
environment:
|
|
- REDIS_URL=redis://cvfs-redis:6379/0
|
|
- CELERY_BROKER_URL=redis://cvfs-redis:6379/0
|
|
- CELERY_RESULT_BACKEND=redis://cvfs-redis:6379/0
|
|
- MINIO_ENDPOINT=http://cvfs-minio:9000
|
|
- MINIO_BUCKET=${MINIO_BUCKET:-resume-branches}
|
|
- MINIO_REGION=${MINIO_REGION:-us-east-1}
|
|
- MINIO_ROOT_USER=${MINIO_ROOT_USER:-minioadmin}
|
|
- MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-minioadmin}
|
|
- PYTHONPATH=/app
|
|
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
|
|
depends_on:
|
|
- redis
|
|
- minio
|
|
networks:
|
|
- cvfs-network
|
|
restart: unless-stopped
|
|
|
|
redis:
|
|
container_name: "cvfs-redis"
|
|
image: redis:7-alpine
|
|
volumes:
|
|
- redis_data:/data
|
|
networks:
|
|
- cvfs-network
|
|
restart: unless-stopped
|
|
|
|
postgres:
|
|
image: postgres:15-alpine
|
|
container_name: "cvfs-postgres"
|
|
environment:
|
|
POSTGRES_DB: resume_branches
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
networks:
|
|
- cvfs-network
|
|
restart: unless-stopped
|
|
|
|
minio:
|
|
image: minio/minio:latest
|
|
container_name: "cvfs-minio"
|
|
environment:
|
|
- MINIO_ROOT_USER=${MINIO_ROOT_USER:-minioadmin}
|
|
- MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-minioadmin}
|
|
volumes:
|
|
- minio_data:/data
|
|
command: server /data --console-address ":9001"
|
|
ports:
|
|
- "${MINIO_CONSOLE_PORT:-9001}:9001"
|
|
networks:
|
|
- cvfs-network
|
|
restart: unless-stopped
|
|
|
|
create-bucket:
|
|
image: minio/mc
|
|
container_name: "cvfs-create-bucket"
|
|
depends_on:
|
|
- minio
|
|
networks:
|
|
- cvfs-network
|
|
entrypoint: >
|
|
/bin/sh -c "
|
|
sleep 5;
|
|
mc alias set myminio http://cvfs-minio:9000 $${MINIO_ROOT_USER:-minioadmin} $${MINIO_ROOT_PASSWORD:-minioadmin};
|
|
mc mb myminio/$${MINIO_BUCKET:-resume-branches} --ignore-existing;
|
|
exit 0;
|
|
"
|
|
|
|
volumes:
|
|
redis_data:
|
|
postgres_data:
|
|
minio_data:
|