mAi
9466759aeb
- Multi-stage Dockerfile: golang:1.25-alpine builder → distroless static runtime as nonroot. Image weighs ~15 MB. Embeds templates, static assets and migrations into the single binary. - deploy/dokploy.yaml documents the Dokploy app for projax.msbls.de: Tailscale-only, healthz path, single replica, secret PROJAX_DB_URL. Translates to the Dokploy UI; not auto-applied. - README rewritten as runbook: env vars, route table, test command, deploy notes, trust model (Tailscale + no auth in v1, defer to Supabase auth if it ever outgrows the fence), schema summary. - .dockerignore strips .git, .m, .claude, docs, tests from build ctx. - .gitignore covers ad-hoc binary and dist artefacts. Verified locally: docker build succeeds, container responds to /healthz and / against msupabase via --network host.
36 lines
885 B
YAML
36 lines
885 B
YAML
# Dokploy app: projax
|
|
#
|
|
# Apply via Dokploy UI on mlake, or as a reference for the manual setup.
|
|
# Tailscale-only; no public exposure. Single replica, single tenant (m).
|
|
#
|
|
# Environment expected (set via Dokploy secrets, NEVER commit):
|
|
# PROJAX_DB_URL postgres://postgres:<pw>@<msupabase-tailscale-ip>:6789/postgres?sslmode=disable
|
|
# PROJAX_LISTEN_ADDR :8080 (default; Dokploy maps to public port)
|
|
# PROJAX_AUTO_MIGRATE on (default; set "off" to bypass embedded migrations on boot)
|
|
|
|
name: projax
|
|
service: projax
|
|
image:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
domain:
|
|
host: projax.msbls.de
|
|
port: 8080
|
|
https: true
|
|
healthcheck:
|
|
path: /healthz
|
|
interval: 30s
|
|
timeout: 3s
|
|
retries: 3
|
|
resources:
|
|
cpu: 250m
|
|
memory: 128Mi
|
|
replicas: 1
|
|
restart: unless-stopped
|
|
env:
|
|
- PROJAX_LISTEN_ADDR=:8080
|
|
- PROJAX_AUTO_MIGRATE=on
|
|
secrets:
|
|
- PROJAX_DB_URL
|