diff options
| author | Fuwn <[email protected]> | 2026-02-26 16:40:19 -0800 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2026-02-26 16:40:19 -0800 |
| commit | b868d5bd9c1d0c2032a5d7cb9c805b71c0f62a91 (patch) | |
| tree | 496ce2f91098fca1c31c27ebf00fe2bc4f95fe5a | |
| parent | chore: rename template config to config.default.yaml (diff) | |
| download | plutia-test-b868d5bd9c1d0c2032a5d7cb9c805b71c0f62a91.tar.xz plutia-test-b868d5bd9c1d0c2032a5d7cb9c805b71c0f62a91.zip | |
chore: harden docker compose for production deployment
| -rw-r--r-- | docker-compose.yml | 58 |
1 files changed, 53 insertions, 5 deletions
diff --git a/docker-compose.yml b/docker-compose.yml index d26467b..9780db6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,11 +1,59 @@ services: plutia: - image: golang:1.25 - working_dir: /app - command: sh -lc "go build -trimpath -o /app/bin/plutia ./cmd/plutia && /app/bin/plutia serve --config=/app/config.default.yaml" + image: ghcr.io/fuwn/plutia:v0.1.0 + command: ["plutia", "serve", "--config=/etc/plutia/config.yaml"] + user: "${PLUTIA_USER:-1000:1000}" + init: true + stop_signal: SIGTERM + stop_grace_period: 60s + environment: + # Mirror/resolver mode override. + PLUTIA_MODE: ${PLUTIA_MODE:-mirror} + # Verification policy override: full | lazy | state-only. + PLUTIA_VERIFY: ${VERIFY_POLICY:-full} + # Checkpoint cadence and ingestion batching. + PLUTIA_CHECKPOINT_INTERVAL: ${CHECKPOINT_INTERVAL:-100000} + PLUTIA_COMMIT_BATCH_SIZE: ${COMMIT_BATCH_SIZE:-128} + PLUTIA_VERIFY_WORKERS: ${VERIFY_WORKERS:-8} + # Request timeout, upstream retry/backoff, and rate-limiting controls. + PLUTIA_REQUEST_TIMEOUT: ${REQUEST_TIMEOUT:-10s} + PLUTIA_HTTP_RETRY_MAX_ATTEMPTS: ${HTTP_RETRY_MAX_ATTEMPTS:-8} + PLUTIA_HTTP_RETRY_BASE_DELAY: ${HTTP_RETRY_BASE_DELAY:-250ms} + PLUTIA_HTTP_RETRY_MAX_DELAY: ${HTTP_RETRY_MAX_DELAY:-10s} + PLUTIA_RATE_LIMIT_RESOLVE_RPS: ${RATE_LIMIT_RESOLVE_RPS:-30} + PLUTIA_RATE_LIMIT_RESOLVE_BURST: ${RATE_LIMIT_RESOLVE_BURST:-60} + PLUTIA_RATE_LIMIT_PROOF_RPS: ${RATE_LIMIT_PROOF_RPS:-10} + PLUTIA_RATE_LIMIT_PROOF_BURST: ${RATE_LIMIT_PROOF_BURST:-20} + # Ensure state persists in the mounted data path and checkpoints can be signed. + PLUTIA_DATA_DIR: /var/lib/plutia + PLUTIA_MIRROR_PRIVATE_KEY_PATH: ${MIRROR_PRIVATE_KEY_PATH:-/var/lib/plutia/mirror.key} ports: + # HTTP API + /metrics on the same listener. - "8080:8080" + # Prometheus scrape example: + # - job_name: "plutia" + # static_configs: + # - targets: ["localhost:8080"] + # metrics_path: /metrics volumes: - - ./:/app - - ./data:/app/data + - ./config.default.yaml:/etc/plutia/config.yaml:ro + - ./data:/var/lib/plutia + healthcheck: + test: ["CMD-SHELL", "wget -q -O- http://127.0.0.1:8080/health >/dev/null 2>&1 || curl -fsS http://127.0.0.1:8080/health >/dev/null"] + interval: 30s + timeout: 5s + retries: 5 + start_period: 20s + cpus: "${PLUTIA_CPU_LIMIT:-2.0}" + mem_limit: "${PLUTIA_MEM_LIMIT:-2g}" + pids_limit: 512 + ulimits: + nofile: + soft: 65536 + hard: 65536 + logging: + driver: json-file + options: + max-size: "10m" + max-file: "5" restart: unless-stopped |