soroush.asadi
96c8abbeb3
The HTTPS Nexus serves an incomplete cert chain that container trust stores reject (NU1301 PartialChain / UNABLE_TO_GET_ISSUER), failing CI restore/install. - NuGet has no strict-ssl flag → point CI + Dockerfile + compose at the plain-HTTP Nexus (http://171.22.25.73:8081, allowInsecureConnections) — no TLS, no cert check. - npm: add --strict-ssl=false to the CI web-check install (Dockerfile already had it); Docker npm registry default also moved to the HTTP Nexus. - ENV_FILE.example documents NUGET_INDEX/NPM_REGISTRY overrides. Local dev (Windows trusts the cert) + image base pulls (Docker trusts it) are unaffected — only in-container package feeds switch to HTTP. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
93 lines
3.2 KiB
YAML
93 lines
3.2 KiB
YAML
# Barg-e Vasat — local/self-hosted stack.
|
||
# Ports live in the 1500–1600 range so this stack can run alongside a manual
|
||
# `npm run dev` (:3000) and `dotnet run` (:5005) without colliding.
|
||
# web → http://localhost:1500
|
||
# api → http://localhost:1505
|
||
# db → localhost:1510 (postgres)
|
||
# All values come from .env (the deploy job writes it from the ENV_FILE secret).
|
||
|
||
services:
|
||
db:
|
||
image: mirror.soroushasadi.com/postgres:16-alpine
|
||
container_name: hokm-db
|
||
restart: unless-stopped
|
||
environment:
|
||
POSTGRES_DB: hokm
|
||
POSTGRES_USER: hokm
|
||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-hokm_dev_pass}
|
||
volumes:
|
||
- hokm_db_data:/var/lib/postgresql/data
|
||
ports:
|
||
- "${DB_PORT:-1510}:5432"
|
||
healthcheck:
|
||
test: ["CMD-SHELL", "pg_isready -U hokm -d hokm"]
|
||
interval: 5s
|
||
timeout: 5s
|
||
retries: 10
|
||
|
||
server:
|
||
build:
|
||
context: ./server
|
||
dockerfile: Dockerfile
|
||
args:
|
||
# Plain-HTTP Nexus (no SSL) — the HTTPS mirror serves a partial cert chain
|
||
# containers can't validate. Override via .env if needed.
|
||
NUGET_INDEX: ${NUGET_INDEX:-http://171.22.25.73:8081/repository/nuget-group/index.json}
|
||
image: hokm-server:latest
|
||
container_name: hokm-server
|
||
restart: unless-stopped
|
||
depends_on:
|
||
db:
|
||
condition: service_healthy
|
||
environment:
|
||
ASPNETCORE_ENVIRONMENT: Production
|
||
ASPNETCORE_URLS: http://0.0.0.0:5005
|
||
Database__Provider: postgres
|
||
ConnectionStrings__Default: "Host=db;Port=5432;Database=hokm;Username=hokm;Password=${POSTGRES_PASSWORD:-hokm_dev_pass}"
|
||
Jwt__Key: ${JWT_KEY:?set JWT_KEY in .env}
|
||
Jwt__Issuer: ${JWT_ISSUER:-hokm}
|
||
Jwt__Audience: ${JWT_AUDIENCE:-hokm-clients}
|
||
# Comma-separated origins the browser uses to reach the web app.
|
||
Cors__Origins: ${CORS_ORIGINS:-http://localhost:1500}
|
||
Zarinpal__MerchantId: ${ZARINPAL_MERCHANT_ID:-299685fb-cadf-4dfc-98e2-d4af5d81528d}
|
||
Zarinpal__Sandbox: ${ZARINPAL_SANDBOX:-true}
|
||
Zarinpal__CallbackUrl: ${ZARINPAL_CALLBACK_URL:-http://localhost:1505/api/coins/pay/callback}
|
||
Zarinpal__ClientReturnUrl: ${ZARINPAL_CLIENT_RETURN_URL:-http://localhost:1500}
|
||
ports:
|
||
- "${API_PORT:-1505}:5005"
|
||
healthcheck:
|
||
test: ["CMD", "wget", "-q", "-O-", "http://127.0.0.1:5005/"]
|
||
interval: 10s
|
||
timeout: 5s
|
||
retries: 12
|
||
start_period: 20s
|
||
|
||
web:
|
||
build:
|
||
context: .
|
||
dockerfile: Dockerfile
|
||
args:
|
||
# Baked into the static bundle at build time. Must be the address the
|
||
# BROWSER uses to reach the API (host-mapped api port, or LAN IP).
|
||
NEXT_PUBLIC_USE_SERVER: "1"
|
||
NEXT_PUBLIC_SERVER_URL: ${NEXT_PUBLIC_SERVER_URL:-http://localhost:1505}
|
||
# Plain-HTTP Nexus (no SSL). Override via .env if needed.
|
||
NPM_REGISTRY: ${NPM_REGISTRY:-http://171.22.25.73:8081/repository/npm-group/}
|
||
image: hokm-web:latest
|
||
container_name: hokm-web
|
||
restart: unless-stopped
|
||
depends_on:
|
||
server:
|
||
condition: service_healthy
|
||
ports:
|
||
- "${WEB_PORT:-1500}:80"
|
||
healthcheck:
|
||
test: ["CMD", "wget", "-q", "-O-", "http://127.0.0.1/"]
|
||
interval: 10s
|
||
timeout: 5s
|
||
retries: 6
|
||
start_period: 10s
|
||
|
||
volumes:
|
||
hokm_db_data:
|