mirror of
https://github.com/velocitatem/cvfs.git
synced 2026-05-31 08:43:37 +00:00
aa419cde0d
- Replace ReportLab PDF export with LibreOffice headless for proper DOCX formatting preservation - Add libreoffice-writer + fonts-liberation to backend Dockerfile - Proxy public CV PDFs through frontend (/cv/[slug]) instead of redirecting to MinIO storage directly - Fix docker-compose: route backend/worker to internal MinIO URL (http://cvfs-minio:9000), remove MinIO from public network, parameterize all domain/env vars - Add storage cleanup (MinIO artifact deletion) when a document is deleted - Add docker-compose.standalone.yml for self-deployment without Traefik/dokploy - Update .env.example with comprehensive self-deployment documentation https://claude.ai/code/session_017HGM9VPptZG52asT5pbL6Y
154 lines
4.9 KiB
YAML
154 lines
4.9 KiB
YAML
version: "3.8"
|
|
|
|
networks:
|
|
dokploy-network:
|
|
external: true
|
|
cvfs-network:
|
|
|
|
services:
|
|
webapp:
|
|
container_name: "cvfs-webapp"
|
|
build:
|
|
context: ./
|
|
dockerfile: ./docker/webapp.Dockerfile
|
|
args:
|
|
NEXT_PUBLIC_AUTHENTIK_ISSUER: ${NEXT_PUBLIC_AUTHENTIK_ISSUER}
|
|
NEXT_PUBLIC_AUTHENTIK_CLIENT_ID: ${NEXT_PUBLIC_AUTHENTIK_CLIENT_ID}
|
|
NEXT_PUBLIC_BASE_URL: ${NEXT_PUBLIC_BASE_URL:-https://cv.alves.world}
|
|
API_BASE_URL: ${API_BASE_URL:-http://cvfs-backend:8080}
|
|
environment:
|
|
- API_BASE_URL=http://cvfs-backend:8080
|
|
- AUTHENTIK_ISSUER=${AUTHENTIK_ISSUER}
|
|
- AUTHENTIK_CLIENT_ID=${AUTHENTIK_CLIENT_ID}
|
|
- AUTHENTIK_CLIENT_SECRET=${AUTHENTIK_CLIENT_SECRET}
|
|
- NEXT_PUBLIC_AUTHENTIK_ISSUER=${NEXT_PUBLIC_AUTHENTIK_ISSUER}
|
|
- NEXT_PUBLIC_AUTHENTIK_CLIENT_ID=${NEXT_PUBLIC_AUTHENTIK_CLIENT_ID}
|
|
- NEXT_PUBLIC_BASE_URL=${NEXT_PUBLIC_BASE_URL:-https://cv.alves.world}
|
|
networks:
|
|
- dokploy-network
|
|
- cvfs-network
|
|
restart: unless-stopped
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.cvfs-webapp.rule=Host(`cv.alves.world`)"
|
|
- "traefik.http.services.cvfs-webapp.loadbalancer.server.port=3000"
|
|
- "traefik.http.routers.cvfs-webapp.entrypoints=websecure"
|
|
- "traefik.http.routers.cvfs-webapp.tls.certresolver=letsencrypt"
|
|
|
|
backend:
|
|
container_name: "cvfs-backend"
|
|
build:
|
|
context: ./
|
|
dockerfile: ./docker/backend-fastapi.Dockerfile
|
|
environment:
|
|
- BACKEND_PORT=8080
|
|
- DATABASE_URL=postgresql+asyncpg://postgres:postgres@cvfs-postgres:5432/resume_branches
|
|
- MINIO_ENDPOINT=http://cvfs-minio:9000
|
|
- MINIO_BUCKET=${MINIO_BUCKET:-resume-branches}
|
|
- MINIO_REGION=${MINIO_REGION:-us-east-1}
|
|
- MINIO_ROOT_USER=${MINIO_ROOT_USER:-minioadmin}
|
|
- MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-minioadmin}
|
|
- PUBLIC_BASE_URL=${PUBLIC_BASE_URL:-https://cv.alves.world}
|
|
- CV_PUBLIC_DOMAIN=${CV_PUBLIC_DOMAIN:-cv.alves.world}
|
|
- CORS_ORIGINS=${CORS_ORIGINS:-https://cv.alves.world}
|
|
- REDIS_URL=redis://cvfs-redis:6379/0
|
|
- CELERY_BROKER_URL=redis://cvfs-redis:6379/0
|
|
- CELERY_RESULT_BACKEND=redis://cvfs-redis:6379/0
|
|
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
|
|
- AUTH_OIDC_ISSUER=${AUTH_OIDC_ISSUER:-}
|
|
- AUTH_OIDC_AUDIENCE=${AUTH_OIDC_AUDIENCE:-}
|
|
- AUTH_DISABLE_VERIFICATION=${AUTH_DISABLE_VERIFICATION:-false}
|
|
depends_on:
|
|
- postgres
|
|
- minio
|
|
- redis
|
|
networks:
|
|
- dokploy-network
|
|
- cvfs-network
|
|
restart: unless-stopped
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.cvfs-backend.rule=Host(`api.cv.alves.world`)"
|
|
- "traefik.http.services.cvfs-backend.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.cvfs-backend.entrypoints=websecure"
|
|
- "traefik.http.routers.cvfs-backend.tls.certresolver=letsencrypt"
|
|
|
|
worker:
|
|
container_name: "cvfs-worker"
|
|
build:
|
|
context: ./
|
|
dockerfile: ./docker/worker.Dockerfile
|
|
environment:
|
|
- REDIS_URL=redis://cvfs-redis:6379/0
|
|
- CELERY_BROKER_URL=redis://cvfs-redis:6379/0
|
|
- CELERY_RESULT_BACKEND=redis://cvfs-redis:6379/0
|
|
- MINIO_ENDPOINT=http://cvfs-minio:9000
|
|
- MINIO_BUCKET=${MINIO_BUCKET:-resume-branches}
|
|
- MINIO_REGION=${MINIO_REGION:-us-east-1}
|
|
- MINIO_ROOT_USER=${MINIO_ROOT_USER:-minioadmin}
|
|
- MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-minioadmin}
|
|
- PYTHONPATH=/app
|
|
- ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY:-}
|
|
depends_on:
|
|
- redis
|
|
- minio
|
|
networks:
|
|
- cvfs-network
|
|
restart: unless-stopped
|
|
|
|
redis:
|
|
container_name: "cvfs-redis"
|
|
image: redis:7-alpine
|
|
volumes:
|
|
- redis_data:/data
|
|
networks:
|
|
- cvfs-network
|
|
restart: unless-stopped
|
|
|
|
postgres:
|
|
image: postgres:15-alpine
|
|
container_name: "cvfs-postgres"
|
|
environment:
|
|
POSTGRES_DB: resume_branches
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
networks:
|
|
- cvfs-network
|
|
restart: unless-stopped
|
|
|
|
minio:
|
|
image: minio/minio:latest
|
|
container_name: "cvfs-minio"
|
|
environment:
|
|
- MINIO_ROOT_USER=${MINIO_ROOT_USER:-minioadmin}
|
|
- MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-minioadmin}
|
|
volumes:
|
|
- minio_data:/data
|
|
command: server /data --console-address ":9001"
|
|
networks:
|
|
- cvfs-network
|
|
restart: unless-stopped
|
|
|
|
create-bucket:
|
|
image: minio/mc
|
|
container_name: "cvfs-create-bucket"
|
|
depends_on:
|
|
- minio
|
|
networks:
|
|
- cvfs-network
|
|
entrypoint: >
|
|
/bin/sh -c "
|
|
sleep 5;
|
|
mc alias set myminio http://cvfs-minio:9000 $${MINIO_ROOT_USER:-minioadmin} $${MINIO_ROOT_PASSWORD:-minioadmin};
|
|
mc mb myminio/resume-branches --ignore-existing;
|
|
mc anonymous set public myminio/resume-branches;
|
|
exit 0;
|
|
"
|
|
|
|
volumes:
|
|
redis_data:
|
|
postgres_data:
|
|
minio_data:
|