Add production Docker Compose file for external PostgreSQL integration

- Introduced `docker-compose.prod.yml` for production deployment. - Configured service to connect to an external PostgreSQL instance. - Set environment variables for JWT and database connection strings. - Defined network and volume for data protection keys.
2026-03-26 19:34:12 -04:00
parent 9a35e40083
commit fc510b9b20
105 changed files with 11291 additions and 2589 deletions
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -0,0 +1,51 @@
+# Production compose file — no embedded Postgres.
+# Set ConnectionStrings__OrchestratorDb in your .env (or via docker secret/env injection)
+# to point at your dedicated PostgreSQL instance before deploying.
+#
+# Deploy:
+#   COMPOSE_FILE=docker-compose.prod.yml SWARM_HOST=root@<host> ./deploy.sh
+
+networks:
+  otssigns_net:
+    driver: overlay
+    attachable: true
+
+services:
+  app:
+    image: ${IMAGE_NAME:-ots-orchestrator}:${IMAGE_TAG:-latest}
+    build:
+      context: .
+      dockerfile: Dockerfile
+    restart: unless-stopped
+    ports:
+      - target: 8080
+        published: 8080
+        mode: ingress
+    networks:
+      - otssigns_net
+    environment:
+      ASPNETCORE_ENVIRONMENT: Production
+      # ── Database — set this to your external PG instance ──────────────────
+      ConnectionStrings__OrchestratorDb: "${ORCHESTRATOR_DB_CONNECTION_STRING}"
+      # ── JWT ────────────────────────────────────────────────────────────────
+      Jwt__Key: "${JWT_KEY}"
+      Jwt__Issuer: "OTSSignsOrchestrator"
+      Jwt__Audience: "OTSSignsOrchestrator"
+      # All other integration settings (Bitwarden, Stripe, Authentik, SendGrid)
+      # are managed via the admin UI (Settings page). On first run, env vars
+      # below are seeded into the database and then ignored.
+      # Uncomment any line to seed on first deploy, then remove it.
+      # Bitwarden__AccessToken: "${BITWARDEN_ACCESS_TOKEN}"
+      # Bitwarden__OrganizationId: "${BITWARDEN_ORG_ID}"
+      # Bitwarden__ProjectId: "${BITWARDEN_PROJECT_ID}"
+      # Stripe__SecretKey: "${STRIPE_SECRET_KEY}"
+      # Stripe__WebhookSecret: "${STRIPE_WEBHOOK_SECRET}"
+      # Authentik__BaseUrl: "${AUTHENTIK_BASE_URL}"
+      # Authentik__ApiToken: "${AUTHENTIK_API_TOKEN}"
+      # Authentik__OtsSigningKpId: "${AUTHENTIK_OTS_SIGNING_KP_ID}"
+      # Email__SendGridApiKey: "${SENDGRID_API_KEY}"
+    volumes:
+      - dataprotection_keys:/app/dataprotection-keys
+
+volumes:
+  dataprotection_keys: