Remmer/stiftung-management-system
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
905e5a7d6ca7d4bcac1dcd43b071b90ff9f5c2b1
stiftung-management-system/deploy-production/docker-compose.prod.yml
SysAdmin Agent 905e5a7d6c
Some checks failed
CI/CD Pipeline / test (push) Has been cancelled
Details
CI/CD Pipeline / deploy (push) Has been cancelled
Details
Code Quality / quality (push) Has been cancelled
Details
Fix GrampsWeb subpath: patch location.href redirects to root (STI-90) 
GrampsWeb JS has 6 instances of location.href="/" that redirect users
to the root domain (Django app) instead of /ahnenforschung/. These
are now patched at container startup alongside the API path rewrites.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-24 10:08:35 +00:00

216 lines
7.8 KiB
YAML
Raw Blame History

# Production Docker Compose Configuration
# This file is used for production deployment via GitHub Actions
# For local development, use: docker-compose -f compose.dev.yml up
#
# IMPORTANT: This configuration requires ALL environment variables to be
# provided via the production server's .env file. No fallback values are
# included for security reasons.
services:
db:
image: postgres:16-alpine
restart: unless-stopped
environment:
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- dbdata:/var/lib/postgresql/data
- ./scripts/init-paperless-db.sh:/docker-entrypoint-initdb.d/init-paperless-db.sh
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 10s
timeout: 5s
retries: 5
redis:
image: redis:7-alpine
restart: unless-stopped
web:
image: ghcr.io/remmerinio/stiftung-management-system:latest
restart: unless-stopped
depends_on:
db:
condition: service_healthy
redis:
condition: service_started
environment:
- POSTGRES_DB=${POSTGRES_DB}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- DB_HOST=${DB_HOST}
- DB_PORT=${DB_PORT}
- DJANGO_SECRET_KEY=${DJANGO_SECRET_KEY}
- DJANGO_DEBUG=${DJANGO_DEBUG}
- DJANGO_ALLOWED_HOSTS=${DJANGO_ALLOWED_HOSTS}
- LANGUAGE_CODE=${LANGUAGE_CODE}
- TIME_ZONE=${TIME_ZONE}
- REDIS_URL=${REDIS_URL}
- PAPERLESS_API_URL=${PAPERLESS_API_URL}
- PAPERLESS_API_TOKEN=${PAPERLESS_API_TOKEN}
- GRAMPS_URL=${GRAMPS_URL}
- GRAMPS_USERNAME=${GRAMPS_USERNAME}
- GRAMPS_PASSWORD=${GRAMPS_PASSWORD}
- GRAMPS_API_TOKEN=${GRAMPS_API_TOKEN}
ports:
- "8081:8000"
volumes:
- media_files:/app/media
command: ["gunicorn", "core.wsgi:application", "--bind", "0.0.0.0:8000", "--workers", "3"]
worker:
image: ghcr.io/remmerinio/stiftung-management-system:latest
restart: unless-stopped
environment:
- POSTGRES_DB=${POSTGRES_DB}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- DB_HOST=${DB_HOST}
- DB_PORT=${DB_PORT}
- DJANGO_SECRET_KEY=${DJANGO_SECRET_KEY}
- DJANGO_DEBUG=${DJANGO_DEBUG}
- REDIS_URL=${REDIS_URL}
- IMAP_HOST=${IMAP_HOST}
- IMAP_PORT=${IMAP_PORT}
- IMAP_USER=${IMAP_USER}
- IMAP_PASSWORD=${IMAP_PASSWORD}
- IMAP_FOLDER=${IMAP_FOLDER}
- IMAP_USE_SSL=${IMAP_USE_SSL}
- PAPERLESS_API_URL=${PAPERLESS_API_URL}
- PAPERLESS_API_TOKEN=${PAPERLESS_API_TOKEN}
- PAPERLESS_DESTINATAERE_TAG_ID=${PAPERLESS_DESTINATAERE_TAG_ID}
depends_on:
- redis
- db
volumes:
- media_files:/app/media
command: ["celery", "-A", "core", "worker", "-l", "info"]
beat:
image: ghcr.io/remmerinio/stiftung-management-system:latest
restart: unless-stopped
environment:
- POSTGRES_DB=${POSTGRES_DB}
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- DB_HOST=${DB_HOST}
- DB_PORT=${DB_PORT}
- DJANGO_SECRET_KEY=${DJANGO_SECRET_KEY}
- DJANGO_DEBUG=${DJANGO_DEBUG}
- REDIS_URL=${REDIS_URL}
- IMAP_HOST=${IMAP_HOST}
- IMAP_PORT=${IMAP_PORT}
- IMAP_USER=${IMAP_USER}
- IMAP_PASSWORD=${IMAP_PASSWORD}
- IMAP_FOLDER=${IMAP_FOLDER}
- IMAP_USE_SSL=${IMAP_USE_SSL}
- PAPERLESS_API_URL=${PAPERLESS_API_URL}
- PAPERLESS_API_TOKEN=${PAPERLESS_API_TOKEN}
- PAPERLESS_DESTINATAERE_TAG_ID=${PAPERLESS_DESTINATAERE_TAG_ID}
depends_on:
- redis
- db
command: ["celery", "-A", "core", "beat", "-l", "info"]
grampsweb:
image: ghcr.io/gramps-project/grampsweb:latest
restart: unless-stopped
ports:
- "8090:5000"
environment:
- GRAMPSWEB_SECRET_KEY=${GRAMPSWEB_SECRET_KEY}
- GRAMPSWEB_ADMIN_EMAIL=${GRAMPSWEB_ADMIN_EMAIL}
- GRAMPSWEB_ADMIN_PASSWORD=${GRAMPSWEB_ADMIN_PASSWORD}
- GRAMPSWEB_TREE=${GRAMPSWEB_TREE:-Stiftung}
- GRAMPSWEB_BASE_URL=${GRAMPSWEB_BASE_URL:-/}
- GRAMPSWEB_CELERY_CONFIG__broker_url=redis://redis:6379/0
- GRAMPSWEB_CELERY_CONFIG__result_backend=redis://redis:6379/0
- GRAMPSWEB_RATELIMIT_STORAGE_URI=redis://redis:6379/1
- GRAMPSWEB_NEW_DB_BACKEND=sqlite
- GRAMPSWEB_SUBPATH=${GRAMPSWEB_SUBPATH:-/ahnenforschung}
command:
- sh
- -c
- |
if [ -n "$$GRAMPSWEB_SUBPATH" ] && [ "$$GRAMPSWEB_SUBPATH" != "/" ]; then
SUBPATH="$$GRAMPSWEB_SUBPATH"
case "$$SUBPATH" in */) ;; *) SUBPATH="$${SUBPATH}/" ;; esac
echo "[grampsweb] Patching static files for subpath $$SUBPATH ..."
find / -name index.html -path "*/gramps*" -o -name index.html -path "*/static/*" 2>/dev/null | while read f; do
if grep -q '<base href="/">' "$$f" 2>/dev/null; then
sed -i "s|<base href=\"/\">|<base href=\"$$SUBPATH\">|g" "$$f"
echo "[grampsweb] patched base href: $$f"
fi
done
for f in /app/static/*.js; do
if [ -f "$$f" ] && grep -q '/api/' "$$f" 2>/dev/null; then
sed -i "s|\"/api/|\"$${SUBPATH}api/|g" "$$f"
sed -i 's|`/api/|`'"$${SUBPATH}"'api/|g' "$$f"
sed -i "s|\"/lang/|\"$${SUBPATH}lang/|g" "$$f"
sed -i 's|`/lang/|`'"$${SUBPATH}"'lang/|g' "$$f"
sed -i "s|\"/fonts/|\"$${SUBPATH}fonts/|g" "$$f"
sed -i 's|`/fonts/|`'"$${SUBPATH}"'fonts/|g' "$$f"
sed -i "s|\"/assets/|\"$${SUBPATH}assets/|g" "$$f"
sed -i 's|`/assets/|`'"$${SUBPATH}"'assets/|g' "$$f"
sed -i "s|location\.href=\"/\"|location.href=\"$$SUBPATH\"|g" "$$f"
sed -i "s|document\.location\.href=\"/\"|document.location.href=\"$$SUBPATH\"|g" "$$f"
echo "[grampsweb] patched JS paths: $$f"
fi
done
for f in /app/static/*.css; do
if [ -f "$$f" ] && grep -q '"/fonts/' "$$f" 2>/dev/null; then
sed -i "s|\"/fonts/|\"$${SUBPATH}fonts/|g" "$$f"
echo "[grampsweb] patched CSS paths: $$f"
fi
done
echo "[grampsweb] Done."
fi
exec gunicorn -w $${GUNICORN_NUM_WORKERS:-8} -b 0.0.0.0:5000 \
gramps_webapi.wsgi:app --timeout $${GUNICORN_TIMEOUT:-120} \
--limit-request-line 8190
volumes:
- gramps_data:/app/data
depends_on:
- redis
paperless:
image: ghcr.io/paperless-ngx/paperless-ngx:latest
ports:
- "8080:8000"
environment:
- PAPERLESS_REDIS=redis://redis:6379
- PAPERLESS_DBHOST=db
- PAPERLESS_DBPORT=5432
- PAPERLESS_DBNAME=${PAPERLESS_DBNAME:-paperless}
- PAPERLESS_DBUSER=${POSTGRES_USER}
- PAPERLESS_DBPASS=${POSTGRES_PASSWORD}
- PAPERLESS_SECRET_KEY=${PAPERLESS_SECRET_KEY}
- PAPERLESS_URL=https://vhtv-stiftung.de
- PAPERLESS_ALLOWED_HOSTS=vhtv-stiftung.de,localhost,paperless
- PAPERLESS_CORS_ALLOWED_HOSTS=https://vhtv-stiftung.de
- PAPERLESS_FORCE_SCRIPT_NAME=/paperless
- PAPERLESS_STATIC_URL=/paperless/static/
- PAPERLESS_LOGIN_REDIRECT_URL=/paperless/
- PAPERLESS_LOGOUT_REDIRECT_URL=/paperless/
- PAPERLESS_ADMIN_USER=${PAPERLESS_ADMIN_USER}
- PAPERLESS_ADMIN_PASSWORD=${PAPERLESS_ADMIN_PASSWORD}
- PAPERLESS_ADMIN_MAIL=${PAPERLESS_ADMIN_MAIL}
volumes:
- paperless_data:/usr/src/paperless/data
- paperless_media:/usr/src/paperless/media
- paperless_export:/usr/src/paperless/export
- paperless_consume:/usr/src/paperless/consume
depends_on:
- db
- redis
volumes:
dbdata:
gramps_data:
paperless_data:
paperless_media:
paperless_export:
paperless_consume:
media_files:
Reference in New Issue View Git Blame Copy Permalink