67c1436670
- entrypoint.sh: background process writes onion-hosts.txt with SSH_ONION and ADMIN_ONION - docker-compose.yml: bind mount tor-proxy/hosts for onion address persistence on host - tor-proxy/get-onions.sh: reads onion addresses and updates .env with ADMIN_URL, SSH_ONION, ADMIN_ONION - .gitignore: exclude tor-proxy/hosts/onion-hosts.txt (secret) - tor-proxy/hosts/.gitkeep: ensure directory exists in git
67 lines
1.5 KiB
YAML
67 lines
1.5 KiB
YAML
services:
|
|
telegram_shop_prod:
|
|
build:
|
|
context: .
|
|
dockerfile: ./Dockerfile
|
|
hostname: telegram_shop_prod
|
|
container_name: telegram_shop_prod
|
|
ports:
|
|
- "127.0.0.1:3001:3001"
|
|
restart: unless-stopped
|
|
volumes:
|
|
- ./db:/app/db/
|
|
- ./uploads:/app/uploads/
|
|
- ./.env:/app/.env:ro
|
|
cap_add:
|
|
- NET_ADMIN
|
|
sysctls:
|
|
- net.ipv4.conf.all.src_valid_mark=1
|
|
dns:
|
|
- 8.8.8.8
|
|
- 1.1.1.1
|
|
mem_limit: 384m
|
|
cpus: "1.0"
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-sf", "http://localhost:3001/health"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 60s
|
|
networks:
|
|
- default
|
|
- tor_proxy_net
|
|
|
|
tor-proxy:
|
|
build:
|
|
context: ./tor-proxy
|
|
dockerfile: Dockerfile
|
|
container_name: tor-proxy
|
|
environment:
|
|
SSH_HOST_IP: ${SSH_HOST_IP:-host.docker.internal}
|
|
SHOP_CONTAINER: ${SHOP_CONTAINER:-telegram_shop_prod}
|
|
ADMIN_PORT: ${ADMIN_PORT:-3001}
|
|
volumes:
|
|
- tor_data:/var/lib/tor
|
|
- ./tor-proxy/hosts:/onion-hosts
|
|
extra_hosts:
|
|
- "host.docker.internal:host-gateway"
|
|
networks:
|
|
- default
|
|
- tor_proxy_net
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "test -s /var/lib/tor/ssh/hostname && test -s /var/lib/tor/admin/hostname"]
|
|
interval: 60s
|
|
timeout: 10s
|
|
retries: 2
|
|
start_period: 120s
|
|
|
|
networks:
|
|
tor_proxy_net:
|
|
name: tor_proxy_net
|
|
driver: bridge
|
|
attachable: true
|
|
|
|
volumes:
|
|
tor_data:
|
|
name: tor_proxy_data |