feat(compose): full-stack Caddy + docker-compose wiring
Brings up the whole platform behind a single Caddy entrypoint so the
routing topology can be exercised end-to-end before any feature code
lands. Same Caddyfile shape (admin / data plane / dashboard) maps to
single-process MVP today and will map to cluster mode later by
swapping the upstream lists, not by restructuring the proxy.
* caddy/Caddyfile — dev: HTTP only, picloud and dashboard upstreams
by service name. caddy/Caddyfile.prod — Let's Encrypt for
PICLOUD_DOMAIN with PICLOUD_ADMIN_EMAIL.
* docker/orchestrator.Dockerfile — multi-stage build of the
`picloud` all-in-one against the pinned 1.92 toolchain; debian
slim runtime, non-root user, /healthz HEALTHCHECK.
* docker/dashboard.Dockerfile — node:24-alpine builder + caddy
runtime that serves the static SPA with SPA fallback.
* docker-compose.yml — postgres + picloud + dashboard + caddy,
Caddy exposed on host :8000 (configurable), Postgres on :15432
(loopback only). Health-gated startup ordering.
* docker-compose.prod.yml — overlay: removes Postgres host
mapping, expands Caddy to 80/443/443udp, swaps Caddyfile.prod,
adds restart policy.
* .env.example documents every knob the compose stack reads.
Verified via `docker compose up -d`:
* `curl :8000/healthz` → 200 ok (orchestrator)
* `curl :8000/api/admin/scripts` → 404 (manager, routed correctly)
* `curl :8000/api/execute/<id>` → 404 (orchestrator, routed correctly)
* `curl :8000/` → SPA index served (dashboard via Caddy)
* `curl :8000/favicon.svg` → 200 image/svg+xml
* Postgres healthy and reachable on 127.0.0.1:15432.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
MechaCat02
39
docker-compose.prod.yml
Normal file
39
docker-compose.prod.yml
Normal file
@@ -0,0 +1,39 @@
|
||||
# Production overlay. Apply on top of docker-compose.yml:
|
||||
#
|
||||
# docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
|
||||
#
|
||||
# Pre-flight checks:
|
||||
# - PICLOUD_DOMAIN and PICLOUD_ADMIN_EMAIL must be set (Caddy uses them
|
||||
# for automatic Let's Encrypt issuance).
|
||||
# - POSTGRES_PASSWORD must be set to a real secret, not the dev default.
|
||||
|
||||
services:
|
||||
postgres:
|
||||
# Pull the published port mapping; Postgres is reachable only inside
|
||||
# the compose network in production.
|
||||
ports: !reset []
|
||||
restart: unless-stopped
|
||||
|
||||
picloud:
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
RUST_LOG: ${RUST_LOG:-info,picloud=info}
|
||||
|
||||
dashboard:
|
||||
restart: unless-stopped
|
||||
|
||||
caddy:
|
||||
# Swap the dev Caddyfile for the prod one, expose 80/443, pass the
|
||||
# domain + admin email through for Let's Encrypt.
|
||||
volumes:
|
||||
- ./caddy/Caddyfile.prod:/etc/caddy/Caddyfile:ro
|
||||
- caddy_data:/data
|
||||
- caddy_config:/config
|
||||
ports: !override
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
- "443:443/udp"
|
||||
environment:
|
||||
PICLOUD_DOMAIN: ${PICLOUD_DOMAIN}
|
||||
PICLOUD_ADMIN_EMAIL: ${PICLOUD_ADMIN_EMAIL}
|
||||
restart: unless-stopped
|
||||
Reference in New Issue
Block a user