simulados_web/docker-compose.yml at main · lsiddd/simulados_web · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
services:
  backend:
    build: ./backend
    restart: unless-stopped
    environment:
      - FLASK_ENV=production
      - PYTHONUNBUFFERED=1
      - GUNICORN_CMD_ARGS=--workers=6 --threads=4 --worker-class=gthread
      - SQLITE_CACHE_SIZE=-100000  # 100MB cache
    expose:
      - 5000
    volumes:
      - ./backend/user_data:/app/user_data
      - ./backend/simulados:/app/simulados:ro
    networks:
      - simulados_net
    deploy:
      resources:
        limits:
          cpus: '2.0'
          memory: 2G
        reservations:
          cpus: '0.5'
          memory: 512M
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:5000/api/simulados"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

  frontend:
    image: fholzer/nginx-brotli:latest
    restart: unless-stopped
    ports:
      - "10443:443/udp"
      - "10443:443"
      - "10080:80"
    volumes:
      - ./frontend:/usr/share/nginx/html:ro
      - ./frontend/nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
      - ./frontend/nginx/auth/.htpasswd:/etc/nginx/auth/.htpasswd:ro
      - nginx_ssl:/etc/nginx/ssl
      - nginx_cache:/var/cache/nginx
    depends_on:
      backend:
        condition: service_healthy
    deploy:
      resources:
        limits:
          cpus: '0.5'
          memory: 256M
        reservations:
          cpus: '0.1'
          memory: 64M
    entrypoint: /bin/sh
    command: -c "
        apk add --no-cache openssl curl &&
        CERT_FILE=\"/etc/nginx/ssl/fullchain.pem\" &&
        KEY_FILE=\"/etc/nginx/ssl/privkey.pem\" &&
        DAYS_TO_EXPIRY=30 &&
        EXPIRY_SECONDS=$((DAYS_TO_EXPIRY * 86400)) &&
        if [ ! -f \"$$CERT_FILE\" ] || ! openssl x509 -in \"$$CERT_FILE\" -checkend \"$$EXPIRY_SECONDS\" -noout >/dev/null 2>&1; then
          echo \"Certificado SSL não encontrado ou expirando em menos de $$DAYS_TO_EXPIRY dias. Gerando um novo...\";
          openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout \"$$KEY_FILE\" -out \"$$CERT_FILE\" -subj '/CN=localhost';
          echo 'Certificado gerado com sucesso.';
        else
          echo 'Certificado SSL existente é válido.';
        fi &&
        nginx -g 'daemon off;'
      "
    networks:
      - simulados_net
    healthcheck:
      test: ["CMD", "curl", "-f", "-k", "https://localhost/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 20s

  redis:
    image: redis:7-alpine
    command: redis-server --save "" --maxmemory 256mb --maxmemory-policy allkeys-lru
    networks:
      - simulados_net

networks:
  simulados_net:
    driver: bridge
    driver_opts:
      com.docker.network.bridge.name: simulados_br
    ipam:
      config:
        - subnet: 172.22.0.0/16

volumes:
  nginx_ssl:
    driver: local
  nginx_cache:
    driver: local