dirtydishes/islandflow
1
0
Fork 0
Code Issues 2 Pull requests 4 Projects Releases Packages Wiki Activity Actions 1

Merge pull request #11 from dirtydishes/lavender/prepare-docker-deployment

Browse source 
add docker deployment assets and vps docs
This commit is contained in:
dirtydishes 2026-04-04 03:51:09 -04:00 committed by GitHub
commit 3f6537d196
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 30 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

7
deployment/docker/Dockerfile.ingest-options
View file

@ -3,13 +3,16 @@ FROM oven/bun:1.3.11
WORKDIR /app WORKDIR /app
ENV NODE_ENV=production ENV NODE_ENV=production
ENV VIRTUAL_ENV=/opt/ingest-options-venv
ENV PATH="${VIRTUAL_ENV}/bin:${PATH}"
COPY . . COPY . .
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends python3 python3-pip \ && apt-get install -y --no-install-recommends python3 python3-pip python3-venv \
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
&& pip3 install --no-cache-dir -r services/ingest-options/py/requirements.txt \ && python3 -m venv "${VIRTUAL_ENV}" \
&& "${VIRTUAL_ENV}/bin/pip" install --no-cache-dir -r services/ingest-options/py/requirements.txt \
&& bun install --frozen-lockfile && bun install --frozen-lockfile
ENTRYPOINT ["bun"] ENTRYPOINT ["bun"]

24
deployment/docker/README.md
View file

@ -6,7 +6,7 @@ It is separate from the repo-root `docker-compose.yml`, which is still the light
## What this stack does ## What this stack does
- Assumes Nginx Proxy Manager is the edge proxy and runs on the same Docker network. - Assumes Nginx Proxy Manager is the edge proxy and runs on the shared Docker network named `bridge`.
- Keeps `web` and `api` internal to the Docker network instead of publishing host ports. - Keeps `web` and `api` internal to the Docker network instead of publishing host ports.
- Targets a two-subdomain routing model by default: - Targets a two-subdomain routing model by default:
- `app.<domain>` -> `web:3000` - `app.<domain>` -> `web:3000`
@ -27,7 +27,8 @@ It is separate from the repo-root `docker-compose.yml`, which is still the light
- A Linux VPS with Docker Engine and Docker Compose v2 installed - A Linux VPS with Docker Engine and Docker Compose v2 installed
- Enough RAM for ClickHouse plus the Bun services - Enough RAM for ClickHouse plus the Bun services
- Nginx Proxy Manager running in Docker on the same host/network path you plan to use - Nginx Proxy Manager running in Docker on the same host
- A shared Docker network named `bridge`
Optional: Optional:
@ -66,17 +67,15 @@ docker compose logs -f api web compute candles ingest-options ingest-equities
5. Make sure NPM can reach the stack network. 5. Make sure NPM can reach the stack network.
The Compose project name is pinned to `islandflow-vps`, so the default network name will be: This deployment attaches `web` and `api` to the external Docker network named `bridge`, in addition to the stack-local network.
If your NPM container is not already attached to `bridge`, connect it once:
```bash ```bash
islandflow-vps_default docker network connect bridge <npm-container-name>
``` ```
If your NPM container is separate, connect it once: If your NPM stack uses a different shared user-defined network, update the `bridge` network block in `deployment/docker/docker-compose.yml` to point at that external network name, then redeploy. The important part is that NPM, `web`, and `api` all share the same external Docker network.
```bash
docker network connect islandflow-vps_default <npm-container-name>
```
6. Create these NPM proxy hosts: 6. Create these NPM proxy hosts:
@ -152,6 +151,11 @@ The web app should be built with `NEXT_PUBLIC_API_URL=https://api.<domain>` so b
The API host needs websocket support enabled because the app uses `/ws/*` endpoints for live streams. The API host needs websocket support enabled because the app uses `/ws/*` endpoints for live streams.
Because `web` and `api` are both attached to `bridge`, NPM can target them directly by container DNS name:
- `web`
- `api`
## Updating the deployment ## Updating the deployment
When you pull new code: When you pull new code:
@ -203,7 +207,7 @@ Only use `-v` if you intentionally want to wipe ClickHouse, Redis, and JetStream
## Known caveats ## Known caveats
- The root `.env.example` still contains a `REPLAY_ENABLED` comment, but the current replay service does not read that variable. Use the Compose replay profile instead. - The root `.env.example` still contains a `REPLAY_ENABLED` comment, but the current replay service does not read that variable. Use the Compose replay profile instead.
- This stack does not publish `web` or `api` to host ports. NPM must be able to resolve `web` and `api` over the shared Docker network. - This stack does not publish `web` or `api` to host ports. NPM must be able to resolve `web` and `api` over the shared `bridge` network.
- The stack assumes a single-node VPS deployment. If you later split infra or add external managed services, update the three core connection URLs in `.env`. - The stack assumes a single-node VPS deployment. If you later split infra or add external managed services, update the three core connection URLs in `.env`.
## Smoke checks ## Smoke checks

11
deployment/docker/docker-compose.yml
View file

@ -29,6 +29,9 @@ services:
init: true init: true
expose: expose:
- "3000" - "3000"
networks:
- default
- bridge
depends_on: depends_on:
api: api:
condition: service_healthy condition: service_healthy
@ -50,6 +53,9 @@ services:
command: ["services/api/src/index.ts"] command: ["services/api/src/index.ts"]
expose: expose:
- "4000" - "4000"
networks:
- default
- bridge
healthcheck: healthcheck:
test: test:
[ [
@ -120,6 +126,11 @@ services:
volumes: volumes:
- nats-data:/data - nats-data:/data
networks:
bridge:
external: true
name: bridge
volumes: volumes:
clickhouse-data: clickhouse-data:
redis-data: redis-data: