flyfun-apps/docker-compose.yml at main · roznet/flyfun-apps · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
services:
  # Base image shared by web-server and mcp-server
  # This service builds the base image that other services depend on
  base:
    build:
      context: .
      dockerfile: Dockerfile.base
    image: flyfun-base:latest
    # No profiles restriction - base will be built automatically when needed
    # Base image doesn't run as a service, just builds the image

  web-server:
    build:
      context: .
      dockerfile: web/Dockerfile
    image: flyfun-web-server:latest
    container_name: flyfun-web-server
    ports:
      - "${WEB_PORT:-8000}:8000"
    # Load environment variables from .env file
    # This is more standard, maintainable, and secure than listing all variables explicitly
    # Variables in .env are automatically loaded into the container
    env_file:
      - .env
    # Container-specific overrides (paths must be container paths, not host paths)
    # These hard-coded paths override any host paths from .env
    # Other variables (API keys, etc.) still come from .env via env_file
    environment:
      # Database paths (ToolContextSettings)
      - AIRPORTS_DB=/app/data/airports.db
      - RULES_JSON=/app/data/rules.json
      - GA_NOTIFICATIONS_DB=/app/data/ga_notifications.db
      - GA_PERSONA_DB=/app/data_builtin/ga_persona.db
      # Vector DB for RAG (AviationAgentSettings)
      # Note: "chromadb:8000" uses Docker's internal network (service name + container port)
      - VECTOR_DB_URL=http://chromadb:8000
      # Local path fallback (used if VECTOR_DB_URL is not set)
      - VECTOR_DB_PATH=/app/out/rules_vector_db
      - LOG_DIR=/app/logs
      - CONVERSATION_LOG_DIR=/app/logs/conversations
      # Auth (shared with other flyfun services for SSO)
      - ENVIRONMENT=${ENVIRONMENT:-development}
      - JWT_SECRET=${JWT_SECRET:-}
      - GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID:-}
      - GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET:-}
      - APPLE_CLIENT_ID=${APPLE_CLIENT_ID:-}
      - APPLE_TEAM_ID=${APPLE_TEAM_ID:-}
      - APPLE_KEY_ID=${APPLE_KEY_ID:-}
      - APPLE_PRIVATE_KEY=${APPLE_PRIVATE_KEY:-}
      - APPLE_APP_IDS=${APPLE_APP_IDS:-}
      - DATABASE_URL=${DATABASE_URL:-}
    volumes:
      # Data files (read-only)
      - ${DATA_DIR:-./data}:/app/data:ro
      # Output files (writable) - includes rules_vector_db
      - ${OUTPUT_DIR:-./out}:/app/out:rw
      # Logs (writable)
      - ${LOG_DIR:-./logs}:/app/logs:rw
      - ${CONVERSATION_LOG_DIR:-./logs/conversations}:/app/logs/conversations:rw
      # Tools directory (for building vector DB and other utilities)
      - ${TOOLS_DIR:-./tools}:/app/tools:ro
      # Security config (optional override)
      - ${SECURITY_CONFIG_PATH:-./web/server/security_config.py}:/app/web/server/security_config.py:ro
    restart: unless-stopped
    networks:
      - flyfun-network
      - shared-services
    depends_on:
      chromadb:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "python", "-c", "import requests; requests.get('http://localhost:8000/health')"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

  mcp-server:
    build:
      context: .
      dockerfile: mcp_server/Dockerfile
    image: flyfun-mcp-server:latest
    container_name: flyfun-mcp-server
    ports:
      # Expose port for shared infrastructure Caddy server
      # Host port 8002 maps to container port 8000
      - "${MCP_PORT:-8002}:8000"
    # Load environment variables from .env file
    env_file:
      - .env
    # Container-specific overrides (paths must be container paths, not host paths)
    # These hard-coded paths override any host paths from .env
    environment:
      # Database paths (ToolContextSettings)
      - AIRPORTS_DB=/app/data/airports.db
      - RULES_JSON=/app/data/rules.json
      - GA_NOTIFICATIONS_DB=/app/data/ga_notifications.db
      - GA_PERSONA_DB=/app/data/ga_persona.db
      # Vector DB for RAG (AviationAgentSettings)
      # Note: "chromadb:8000" uses Docker's internal network (service name + container port)
      - VECTOR_DB_URL=${VECTOR_DB_URL:-http://chromadb:8000}
      # Local path fallback (used if VECTOR_DB_URL is not set)
      - VECTOR_DB_PATH=/app/out/rules_vector_db
      # Viz payload store: POST payloads to web server, get back short link keys
      - VIZ_API_URL=http://web-server:8000/api/viz
    volumes:
      # Data files (read-only)
      - ${DATA_DIR:-./data}:/app/data:ro
      # Output files (writable) - includes rules_vector_db (for local mode fallback)
      - ${OUTPUT_DIR:-./out}:/app/out:rw
      # Logs (writable)
      - ${LOGS_DIR:-./logs}:/app/logs:rw
    restart: unless-stopped
    networks:
      - flyfun-network
    depends_on:
      - chromadb
    # MCP servers typically use stdio, so no HTTP healthcheck
    # They're usually managed by the MCP client
    # Note: MCP server binds to 0.0.0.0:8000 internally, exposed on host port 8002 for shared Caddy server

  # Caddy is run on a shared infrastructure server, not in this docker-compose
  # Caddyfiles are located at:
  #   - Main: etc/caddy/Caddyfile
  #   - Services: etc/caddy/sites-enabled/*.caddy
  # These should be included in the shared Caddy server's configuration

  chromadb:
    image: chromadb/chroma:1.3.5
    container_name: flyfun-chromadb
    ports:
      # External port mapping: host:container
      # Host port 8001 maps to container port 8000 (for external access/debugging)
      # Internal services use "chromadb:8000" (service name + container port) - no host port conflict
      - "127.0.0.1:${CHROMADB_PORT:-8001}:8000"
    environment:
      - IS_PERSISTENT=TRUE
      - PERSIST_DIRECTORY=/chroma/chroma
      - ANONYMIZED_TELEMETRY=FALSE
      - CHROMA_SERVER_AUTHN_PROVIDER=chromadb.auth.token_authn.TokenAuthenticationServerProvider
      - CHROMA_SERVER_AUTHN_CREDENTIALS=${CHROMADB_AUTH_TOKEN:?CHROMADB_AUTH_TOKEN must be set}
      - CHROMA_SERVER_AUTHN_TOKEN_TRANSPORT_HEADER=X-Chroma-Token
    volumes:
      # Persistent storage for ChromaDB data
      # Using bind mount to host directory for easy access and backup
      # Data persists across container restarts and rebuilds
      - ${CHROMADB_DATA_DIR:-./out/chromadb_data}:/chroma/chroma
    restart: unless-stopped
    networks:
      - flyfun-network
    healthcheck:
      test: [ "CMD", "/bin/bash", "-c", "cat < /dev/null > /dev/tcp/localhost/8000" ]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

networks:
  flyfun-network:
    driver: bridge
  shared-services:
    external: true