feat: multi-architecture Docker setup (x86_64 + ARM64) with one-command install

- Multi-stage Dockerfile: builder compiles native modules (better-sqlite3,
  tiny-secp256k1) under target architecture, runtime is minimal Alpine
- install.sh: POSIX sh installer (Alpine ash compatible) with architecture
  detection, Docker install, .env validation, health-check retry loop
- docker-compose.yml: removed platform locks, .env read-only mount,
  127.0.0.1 port binding, 384m mem limit (Orange Pi Zero 2 safe)
- .dockerignore: excludes node_modules, secrets, tests, .kilo
- README.md: complete rewrite with deployment docs for any device
- Verified: POSIX sh syntax (dash), Dockerfile (docker build --check),
  docker-compose (docker compose config)
This commit is contained in:
NW
2026-06-24 02:06:07 +01:00
parent 293236921c
commit 4aea49811c
5 changed files with 488 additions and 170 deletions

View File

@@ -1,30 +1,25 @@
version: "3.3"
services:
telegram_shop_prod:
build:
context: .
dockerfile: ./Dockerfile
network: host
hostname: telegram_shop_prod
container_name: telegram_shop_prod
ports:
- "3001:3001"
restart: always
env_file:
- .env
- "127.0.0.1:3001:3001"
restart: unless-stopped
volumes:
- ./db:/app/db/ # Синхронизация базы данных (persistence)
- ./uploads:/app/uploads/ # Uploaded product photos
- ./wg/start.sh:/app/start.sh # Монтируем start.sh (генерирует wg0.conf из env)
- ./.env:/app/.env:rw # Settings panel read/write
cap_add: # Минимальные привилегии, необходимые только для WireGuard
- ./db:/app/db/
- ./uploads:/app/uploads/
- ./.env:/app/.env:ro
cap_add:
- NET_ADMIN
sysctls:
- net.ipv4.conf.all.src_valid_mark=1 # Необходимо для маршрутизации
- net.ipv4.conf.all.src_valid_mark=1
dns:
- 8.8.8.8
- 1.1.1.1
mem_limit: 512m
mem_limit: 384m
cpus: "1.0"
healthcheck:
test: ["CMD", "curl", "-sf", "http://localhost:3001/health"]
@@ -32,5 +27,3 @@ services:
timeout: 10s
retries: 3
start_period: 60s
networks:
default: