chore: audit and fix service configurations and allowedOrigins

2026-05-06 13:23:51 -04:00
parent f52b4ae2b4
commit ccb9d44c04
13 changed files with 522 additions and 0 deletions
@@ -0,0 +1,17 @@
+APP_ID=4ade2d03d47e25dbd2477aebeea02f68
+APP_NAME=Coolify
+APP_KEY=base64:/NXqvQqLEoiL2l95unMEgIrmNISZWCN3gkn8C+70ArU=
+APP_URL=https://coolify.klhoud.com
+
+DB_USERNAME=coolify
+DB_PASSWORD=NK7UZfGH6s+xK1FCWhZ16UIW5+XLSyJWUW/SAeiUqr0=
+REDIS_PASSWORD=hFFgieL5zun4R259weXB5mwB+obiNqzgFbZ+/TybQwM=
+PUSHER_APP_ID=a62f9819f9aa86b34b07973a11f6f844029c1a5a1cfc96e36ee93629ba0194f6
+PUSHER_APP_KEY=904493523fc1e3b042fdac7ee119aa44220799fbbb0199259d911a1860ea3c19
+PUSHER_APP_SECRET=5ec83d045498cfaeba51bc0bd6a84957a81892383c98a1a2f24e4a6f192f6387
+ROOT_USERNAME=
+ROOT_USER_EMAIL=
+ROOT_USER_PASSWORD=
+REGISTRY_URL=ghcr.io
+DOCKER_ADDRESS_POOL_BASE=10.0.0.0/8
+DOCKER_ADDRESS_POOL_SIZE=24
@@ -0,0 +1,90 @@
+services:
+  coolify:
+    image: "${REGISTRY_URL:-ghcr.io}/coollabsio/coolify:${LATEST_IMAGE:-latest}"
+    volumes:
+      - type: bind
+        source: /data/coolify/source/.env
+        target: /var/www/html/.env
+        read_only: true
+      - /data/coolify/ssh:/var/www/html/storage/app/ssh
+      - /data/coolify/applications:/var/www/html/storage/app/applications
+      - /data/coolify/databases:/var/www/html/storage/app/databases
+      - /data/coolify/services:/var/www/html/storage/app/services
+      - /data/coolify/backups:/var/www/html/storage/app/backups
+    environment:
+      - APP_ENV=${APP_ENV:-production}
+      - PHP_MEMORY_LIMIT=${PHP_MEMORY_LIMIT:-256M}
+      - PHP_FPM_PM_CONTROL=${PHP_FPM_PM_CONTROL:-dynamic}
+      - PHP_FPM_PM_START_SERVERS=${PHP_FPM_PM_START_SERVERS:-1}
+      - PHP_FPM_PM_MIN_SPARE_SERVERS=${PHP_FPM_PM_MIN_SPARE_SERVERS:-1}
+      - PHP_FPM_PM_MAX_SPARE_SERVERS=${PHP_FPM_PM_MAX_SPARE_SERVERS:-10}
+    env_file:
+      - /data/coolify/source/.env
+    ports:
+      - "${APP_PORT:-8000}:8080"
+    expose:
+      - "${APP_PORT:-8000}"
+    healthcheck:
+      test: curl --fail http://127.0.0.1:8080/api/health || exit 1
+      interval: 5s
+      retries: 10
+      timeout: 2s
+    depends_on:
+      postgres:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+      soketi:
+        condition: service_healthy
+  postgres:
+    volumes:
+      - coolify-db:/var/lib/postgresql/data
+    environment:
+      POSTGRES_USER: "${DB_USERNAME}"
+      POSTGRES_PASSWORD: "${DB_PASSWORD}"
+      POSTGRES_DB: "${DB_DATABASE:-coolify}"
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready -U ${DB_USERNAME}", "-d", "${DB_DATABASE:-coolify}" ]
+      interval: 5s
+      retries: 10
+      timeout: 2s
+  redis:
+    command: redis-server --save 20 1 --loglevel warning --requirepass ${REDIS_PASSWORD}
+    environment:
+      REDIS_PASSWORD: "${REDIS_PASSWORD}"
+    volumes:
+      - coolify-redis:/data
+    healthcheck:
+      test: redis-cli ping
+      interval: 5s
+      retries: 10
+      timeout: 2s
+  soketi:
+    image: '${REGISTRY_URL:-ghcr.io}/coollabsio/coolify-realtime:1.0.13'
+    ports:
+      - "${SOKETI_PORT:-6001}:6001"
+      - "6002:6002"
+    volumes:
+      - /data/coolify/ssh:/var/www/html/storage/app/ssh
+    environment:
+      APP_NAME: "${APP_NAME:-Coolify}"
+      SOKETI_DEBUG: "${SOKETI_DEBUG:-false}"
+      SOKETI_DEFAULT_APP_ID: "${PUSHER_APP_ID}"
+      SOKETI_DEFAULT_APP_KEY: "${PUSHER_APP_KEY}"
+      SOKETI_DEFAULT_APP_SECRET: "${PUSHER_APP_SECRET}"
+      SOKETI_HOST: "${SOKETI_HOST:-0.0.0.0}"
+    healthcheck:
+      test: [ "CMD-SHELL", "wget -qO- http://127.0.0.1:6001/ready && wget -qO- http://127.0.0.1:6002/ready || exit 1" ]
+      interval: 5s
+      retries: 10
+      timeout: 2s
+
+volumes:
+  coolify-db:
+    name: coolify-db
+  coolify-redis:
+    name: coolify-redis
+
+networks:
+  coolify:
+    external: true
@@ -0,0 +1,37 @@
+services:
+    coolify:
+        container_name: coolify
+        restart: always
+        working_dir: /var/www/html
+        extra_hosts:
+            - host.docker.internal:host-gateway
+        networks:
+            - coolify
+        depends_on:
+            - postgres
+            - redis
+            - soketi
+    postgres:
+        image: postgres:15-alpine
+        container_name: coolify-db
+        restart: always
+        networks:
+            - coolify
+    redis:
+        image: redis:7-alpine
+        container_name: coolify-redis
+        restart: always
+        networks:
+            - coolify
+    soketi:
+        container_name: coolify-realtime
+        extra_hosts:
+            - host.docker.internal:host-gateway
+        restart: always
+        networks:
+            - coolify
+networks:
+    coolify:
+        name: coolify
+        driver: bridge
+        external: false