d8bfb29205
- Add tor-proxy/Dockerfile: Alpine + Tor with entrypoint - Add tor-proxy/entrypoint.sh: dynamic torrc generation with env var validation - Update docker-compose.yml: add tor-proxy service with shared tor_proxy_net network - Two Tor hidden services: SSH (port 22) and admin panel (port 80 -> 3001) - Update .env.example: add SSH_HOST_IP, SHOP_CONTAINER, ADMIN_PORT vars
66 lines
1.5 KiB
YAML
66 lines
1.5 KiB
YAML
services:
|
|
telegram_shop_prod:
|
|
build:
|
|
context: .
|
|
dockerfile: ./Dockerfile
|
|
hostname: telegram_shop_prod
|
|
container_name: telegram_shop_prod
|
|
ports:
|
|
- "127.0.0.1:3001:3001"
|
|
restart: unless-stopped
|
|
volumes:
|
|
- ./db:/app/db/
|
|
- ./uploads:/app/uploads/
|
|
- ./.env:/app/.env:ro
|
|
cap_add:
|
|
- NET_ADMIN
|
|
sysctls:
|
|
- net.ipv4.conf.all.src_valid_mark=1
|
|
dns:
|
|
- 8.8.8.8
|
|
- 1.1.1.1
|
|
mem_limit: 384m
|
|
cpus: "1.0"
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-sf", "http://localhost:3001/health"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 60s
|
|
networks:
|
|
- default
|
|
- tor_proxy_net
|
|
|
|
tor-proxy:
|
|
build:
|
|
context: ./tor-proxy
|
|
dockerfile: Dockerfile
|
|
container_name: tor-proxy
|
|
environment:
|
|
SSH_HOST_IP: ${SSH_HOST_IP:-host.docker.internal}
|
|
SHOP_CONTAINER: ${SHOP_CONTAINER:-telegram_shop_prod}
|
|
ADMIN_PORT: ${ADMIN_PORT:-3001}
|
|
volumes:
|
|
- tor_data:/var/lib/tor
|
|
extra_hosts:
|
|
- "host.docker.internal:host-gateway"
|
|
networks:
|
|
- default
|
|
- tor_proxy_net
|
|
restart: unless-stopped
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "test -s /var/lib/tor/ssh/hostname && test -s /var/lib/tor/admin/hostname"]
|
|
interval: 60s
|
|
timeout: 10s
|
|
retries: 2
|
|
start_period: 120s
|
|
|
|
networks:
|
|
tor_proxy_net:
|
|
name: tor_proxy_net
|
|
driver: bridge
|
|
attachable: true
|
|
|
|
volumes:
|
|
tor_data:
|
|
name: tor_proxy_data |