90 lines
3.2 KiB
YAML
Executable File
90 lines
3.2 KiB
YAML
Executable File
# =============================================================================
|
||
# 01_stack-backend.yml – Phase 3
|
||
# Datenbank-Stack: postgresql17 + Redis
|
||
# =============================================================================
|
||
#
|
||
# FIXES in dieser Version:
|
||
# - SQL-Init-Script NICHT mehr als Volume gemountet (war Phantom-Pfad)
|
||
# → Init läuft manuell per stdin, siehe MIGRATION.md Phase 3a
|
||
# - Redis auf gepinnter Version (nicht mehr :latest)
|
||
# - Kein ports:-Block → 5432 und 6379 nicht mehr vom Host erreichbar
|
||
#
|
||
# VORAUSSETZUNG vor dem Start:
|
||
# 1. secrets/postgres_password.txt anlegen (sonst startet Stack nicht!)
|
||
# 2. Phase 3a in MIGRATION.md ausführen (DB/User prüfen oder anlegen)
|
||
# 3. Backend-Health prüfen bevor Frontend gestartet wird
|
||
#
|
||
# =============================================================================
|
||
|
||
networks:
|
||
backend_net:
|
||
external: true
|
||
|
||
services:
|
||
|
||
# ---------------------------------------------------------------------------
|
||
# POSTGRESQL 17
|
||
# Kein ports:-Block → Port 5432 nicht mehr vom LAN erreichbar.
|
||
# Kein SQL-Mount → Init läuft manuell per stdin (siehe MIGRATION.md).
|
||
# DNS-Name "postgresql17" ist nur aus backend_net auflösbar.
|
||
# ---------------------------------------------------------------------------
|
||
postgresql17:
|
||
image: postgres:17 # gepinnt auf Major-Version
|
||
container_name: postgresql17
|
||
restart: unless-stopped
|
||
security_opt:
|
||
- no-new-privileges:true
|
||
volumes:
|
||
- /mnt/user/appdata/postgresql17:/var/lib/postgresql/data
|
||
networks:
|
||
backend_net:
|
||
ipv4_address: 172.21.0.10
|
||
environment:
|
||
POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
|
||
POSTGRES_USER: postgres
|
||
secrets:
|
||
- postgres_password
|
||
healthcheck:
|
||
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
||
interval: 30s
|
||
timeout: 10s
|
||
retries: 5
|
||
start_period: 20s
|
||
labels:
|
||
net.unraid.docker.managed: "dockerman"
|
||
net.unraid.docker.icon: "https://github.com/juusujanar/unraid-templates/raw/master/img/PostgreSQL-logo.png"
|
||
|
||
# ---------------------------------------------------------------------------
|
||
# REDIS 7
|
||
# Kein ports:-Block → Port 6379 nicht mehr vom LAN erreichbar.
|
||
# Version gepinnt auf 7-alpine (war :latest).
|
||
# Passwort aus .env — dieselbe Variable wie in paperless-ngx!
|
||
# ---------------------------------------------------------------------------
|
||
Redis:
|
||
image: redis:7-alpine # gepinnt — nicht mehr :latest
|
||
container_name: Redis
|
||
restart: unless-stopped
|
||
security_opt:
|
||
- no-new-privileges:true
|
||
command: >
|
||
redis-server
|
||
--requirepass "${REDIS_PASSWORD}"
|
||
--maxmemory 256mb
|
||
--maxmemory-policy allkeys-lru
|
||
--save ""
|
||
networks:
|
||
backend_net:
|
||
ipv4_address: 172.21.0.11
|
||
healthcheck:
|
||
test: ["CMD", "redis-cli", "--no-auth-warning", "-a", "${REDIS_PASSWORD}", "ping"]
|
||
interval: 30s
|
||
timeout: 5s
|
||
retries: 3
|
||
labels:
|
||
net.unraid.docker.managed: "dockerman"
|
||
net.unraid.docker.icon: "https://raw.githubusercontent.com/juusujanar/unraid-templates/master/img/Redis-logo.png"
|
||
|
||
secrets:
|
||
postgres_password:
|
||
file: ./secrets/postgres_password.txt
|