linumiq_net-user
7fe0cc3753
Near-1:1 clone of the prod remote-access stack, isolated on a new external dev_edge network and fronted by the same shared Caddy instance (dual-homed on edge + dev_edge). Dev is manual-start (not on boot). - Hostnames: app-dev / api-dev .linumiq.net, tunnels under *.dev.linumiq.net, dev tunnel ingress on port 7001. - Dev Supabase (project supabase-dev, *-dev containers), web, frps, redis, stripe-stub, bandwidth-worker with fresh independent secrets (gitignored). - Shared Caddyfile: app-dev -> web-dev, api-dev -> dev kong (+webhook block), *.dev -> frps-dev vhost. Caddy compose dual-homed on dev_edge. - On-demand-TLS authorizer (prod check-subdomain, in gitignored volumes/) extended additively: app-dev/api-dev -> 200; *.dev delegated to the dev authorizer. Prod allow-list logic unchanged. - dev.sh manual up/down/ps helper; README documents topology + secrets. Secrets, frps.toml, volumes/, web worktree and data dirs are gitignored.
97 lines
2.6 KiB
YAML
97 lines
2.6 KiB
YAML
version: "3.8"
|
|
|
|
services:
|
|
|
|
minio:
|
|
image: minio/minio
|
|
ports:
|
|
- '9000:9000'
|
|
- '9001:9001'
|
|
environment:
|
|
MINIO_ROOT_USER: supa-storage
|
|
MINIO_ROOT_PASSWORD: secret1234
|
|
command: server --console-address ":9001" /data
|
|
healthcheck:
|
|
test: [ "CMD", "curl", "-f", "http://minio:9000/minio/health/live" ]
|
|
interval: 2s
|
|
timeout: 10s
|
|
retries: 5
|
|
volumes:
|
|
- ./volumes/storage:/data:z
|
|
|
|
minio-createbucket:
|
|
image: minio/mc
|
|
depends_on:
|
|
minio:
|
|
condition: service_healthy
|
|
entrypoint: >
|
|
/bin/sh -c "
|
|
/usr/bin/mc alias set supa-minio http://minio:9000 supa-storage secret1234;
|
|
/usr/bin/mc mb supa-minio/stub;
|
|
exit 0;
|
|
"
|
|
|
|
storage:
|
|
container_name: supabase-storage
|
|
image: supabase/storage-api:v0.43.11
|
|
depends_on:
|
|
db:
|
|
# Disable this if you are using an external Postgres database
|
|
condition: service_healthy
|
|
rest:
|
|
condition: service_started
|
|
imgproxy:
|
|
condition: service_started
|
|
minio:
|
|
condition: service_healthy
|
|
healthcheck:
|
|
test:
|
|
[
|
|
"CMD",
|
|
"wget",
|
|
"--no-verbose",
|
|
"--tries=1",
|
|
"--spider",
|
|
"http://localhost:5000/status"
|
|
]
|
|
timeout: 5s
|
|
interval: 5s
|
|
retries: 3
|
|
restart: unless-stopped
|
|
environment:
|
|
ANON_KEY: ${ANON_KEY}
|
|
SERVICE_KEY: ${SERVICE_ROLE_KEY}
|
|
POSTGREST_URL: http://rest:3000
|
|
PGRST_JWT_SECRET: ${JWT_SECRET}
|
|
DATABASE_URL: postgres://supabase_storage_admin:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
|
|
FILE_SIZE_LIMIT: 52428800
|
|
STORAGE_BACKEND: s3
|
|
GLOBAL_S3_BUCKET: stub
|
|
GLOBAL_S3_ENDPOINT: http://minio:9000
|
|
GLOBAL_S3_PROTOCOL: http
|
|
GLOBAL_S3_FORCE_PATH_STYLE: true
|
|
AWS_ACCESS_KEY_ID: supa-storage
|
|
AWS_SECRET_ACCESS_KEY: secret1234
|
|
AWS_DEFAULT_REGION: stub
|
|
FILE_STORAGE_BACKEND_PATH: /var/lib/storage
|
|
TENANT_ID: stub
|
|
# TODO: https://github.com/supabase/storage-api/issues/55
|
|
REGION: stub
|
|
ENABLE_IMAGE_TRANSFORMATION: "true"
|
|
IMGPROXY_URL: http://imgproxy:5001
|
|
volumes:
|
|
- ./volumes/storage:/var/lib/storage:z
|
|
|
|
imgproxy:
|
|
container_name: supabase-imgproxy
|
|
image: darthsim/imgproxy:v3.8.0
|
|
healthcheck:
|
|
test: [ "CMD", "imgproxy", "health" ]
|
|
timeout: 5s
|
|
interval: 5s
|
|
retries: 3
|
|
environment:
|
|
IMGPROXY_BIND: ":5001"
|
|
IMGPROXY_USE_ETAG: "true"
|
|
IMGPROXY_ENABLE_WEBP_DETECTION: ${IMGPROXY_ENABLE_WEBP_DETECTION}
|