Files
Momento/docker-compose.yml
Sepehr Ramezani 97163bfb89
Some checks failed
Deploy to Production / Deploy to 192.168.1.190 (push) Has been cancelled
fix: production deployment hardening
Docker:
- Restrict PostgreSQL port to 127.0.0.1 only (not exposed to LAN)
- Add APP_BASE_URL for MCP server to reach Next.js via Docker network
- Fix MCP healthcheck (remove always-passing fallback)
- Add resource limits to mcp-server container

Dockerfile:
- Remove full node_modules copy (standalone already includes deps)
  Reduces image size by ~500MB+

Config:
- Add MCP_SERVER_MODE and MCP_SERVER_URL to deploy.sh and .env.docker.example
- Deploy script now auto-sets MCP_SERVER_URL based on NEXTAUTH_URL

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-04-21 23:09:22 +02:00

146 lines
4.0 KiB
YAML

services:
# ============================================
# PostgreSQL - Shared Database
# ============================================
postgres:
image: postgres:16-alpine
container_name: memento-postgres
restart: unless-stopped
environment:
POSTGRES_USER: ${POSTGRES_USER:-memento}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-memento}
POSTGRES_DB: ${POSTGRES_DB:-memento}
volumes:
- postgres-data:/var/lib/postgresql/data
ports:
- "127.0.0.1:5432:5432"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-memento}"]
interval: 5s
timeout: 5s
retries: 5
networks:
- memento-network
# ============================================
# memento-note - Next.js Web Application
# ============================================
memento-note:
build:
context: ./memento-note
dockerfile: Dockerfile
container_name: memento-web
env_file:
- .env.docker
ports:
- "3000:3000"
environment:
# DATABASE_URL is auto-constructed from PostgreSQL credentials (not in .env.docker)
- DATABASE_URL=postgresql://${POSTGRES_USER:-memento}:${POSTGRES_PASSWORD:-memento}@postgres:5432/${POSTGRES_DB:-memento}
- NODE_ENV=production
- NEXT_TELEMETRY_DISABLED=1
volumes:
- uploads-data:/app/public/uploads
depends_on:
postgres:
condition: service_healthy
restart: unless-stopped
healthcheck:
test: ["CMD", "node", "-e", "fetch('http://localhost:3000').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
networks:
- memento-network
deploy:
resources:
limits:
cpus: '2'
memory: 2G
reservations:
cpus: '0.5'
memory: 512M
# ============================================
# mcp-server - MCP Protocol Server
# ============================================
mcp-server:
build:
context: ./mcp-server
dockerfile: Dockerfile
container_name: memento-mcp
env_file:
- .env.docker
ports:
# SSE mode exposes port 3001, stdio mode doesn't need ports
- "3001:3001"
environment:
# DATABASE_URL is auto-constructed from PostgreSQL credentials (not in .env.docker)
- DATABASE_URL=postgresql://${POSTGRES_USER:-memento}:${POSTGRES_PASSWORD:-memento}@postgres:5432/${POSTGRES_DB:-memento}
- NODE_ENV=production
- APP_BASE_URL=http://memento-note:3000
depends_on:
postgres:
condition: service_healthy
restart: unless-stopped
networks:
- memento-network
deploy:
resources:
limits:
cpus: '1'
memory: 512M
reservations:
cpus: '0.25'
memory: 128M
healthcheck:
test: ["CMD-SHELL", "wget --spider -q http://localhost:3001/ || exit 1"]
interval: 30s
timeout: 10s
retries: 3
start_period: 10s
# ============================================
# Ollama - Local LLM Provider (Optional)
# ============================================
ollama:
image: ollama/ollama:latest
container_name: memento-ollama
ports:
- "11434:11434"
volumes:
- ollama-data:/root/.ollama
restart: unless-stopped
networks:
- memento-network
deploy:
resources:
limits:
cpus: '4'
memory: 8G
reservations:
cpus: '2'
memory: 4G
# Ollama is optional - only enable if you set AI_PROVIDER_TAGS=ollama
profiles:
- ollama
# ============================================
# Volumes - Data Persistence
# ============================================
volumes:
postgres-data:
driver: local
uploads-data:
driver: local
ollama-data:
driver: local
# ============================================
# Networks - Service Communication
# ============================================
networks:
memento-network:
driver: bridge