本番用Docker Compose作成
This commit is contained in:
CyberRex
37
README.md
37
README.md
@@ -25,6 +25,39 @@ Frontend: http://127.0.0.1:5173/
|
||||
API: http://127.0.0.1:3000
|
||||
```
|
||||
|
||||
## Docker Compose
|
||||
|
||||
Production-like startup:
|
||||
|
||||
```text
|
||||
docker compose up -d --build
|
||||
```
|
||||
|
||||
If your Docker CLI does not provide the Compose v2 subcommand, use `docker-compose` with the same arguments.
|
||||
|
||||
Production URL:
|
||||
|
||||
```text
|
||||
App: http://127.0.0.1:3000/
|
||||
```
|
||||
|
||||
This starts PostgreSQL, the Web/API application, and the hourly certificate monitor worker. The application container serves the built React assets from `dist` through the Hono server.
|
||||
|
||||
Docker-based development startup:
|
||||
|
||||
```text
|
||||
docker compose -f docker-compose.yml -f docker-compose.dev.yml up --build
|
||||
```
|
||||
|
||||
Development URLs:
|
||||
|
||||
```text
|
||||
Frontend: http://127.0.0.1:5173/
|
||||
API: http://127.0.0.1:3000
|
||||
```
|
||||
|
||||
The Compose application port mappings bind to `127.0.0.1` only, so the application ports are not published on external network interfaces. PostgreSQL is not published to the host; only the `app` and `monitor-worker` services can reach it through the internal Compose network. Inside containers, the application binds to `0.0.0.0` through `HOST=0.0.0.0`; host exposure is controlled by Compose.
|
||||
|
||||
Run the one-shot certificate monitor:
|
||||
|
||||
```text
|
||||
@@ -58,6 +91,7 @@ Copy `.env.example` to `.env` for local development.
|
||||
| Name | Required | Default | Purpose |
|
||||
| --- | --- | --- | --- |
|
||||
| `NODE_ENV` | No | `development` | Runtime mode. `production` enables secure cookies. |
|
||||
| `HOST` | No | `127.0.0.1` | Server listen host. Compose sets this to `0.0.0.0` inside containers. |
|
||||
| `PORT` | No | `3000` | API server port. |
|
||||
| `DATABASE_URL` | No | `postgres://certremind:certremind@localhost:5432/certremind` | PostgreSQL connection string. |
|
||||
| `COOKIE_SECRET` | Reserved | none | Reserved for future signed-cookie support. |
|
||||
@@ -66,9 +100,12 @@ Copy `.env.example` to `.env` for local development.
|
||||
| `VAPID_SUBJECT` | For Push | `mailto:admin@example.com` | VAPID contact subject. |
|
||||
| `OPENSSL_PATH` | No | `openssl` | OpenSSL executable path. On Windows, the app can also detect Git's bundled `openssl.exe`. |
|
||||
|
||||
For local host execution, `DATABASE_URL` normally points to `localhost:5432`. For Docker Compose services, it points to the internal service name: `postgres://certremind:certremind@postgres:5432/certremind`.
|
||||
|
||||
## Operational Notes
|
||||
|
||||
- Run `pnpm monitor:worker` as a long-lived Node process for hourly certificate checks.
|
||||
- `docker compose up -d --build` runs the monitor worker as the `monitor-worker` service.
|
||||
- `pnpm monitor:once` remains available for manual checks or external schedulers.
|
||||
- The monitor limits concurrent external certificate checks and records per-site failures without stopping the whole run.
|
||||
- Webhook URLs and monitored site URLs must be HTTPS and reject localhost/private IPv4 targets.
|
||||
|
||||
Reference in New Issue
Block a user