-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
47 lines (36 loc) · 1.2 KB
/
Copy pathdocker-compose.yml
File metadata and controls
47 lines (36 loc) · 1.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
services:
intent-bus:
build: .
container_name: intent-bus
ports:
- "8080:8080"
environment:
# --- REQUIRED ---
- BUS_SECRET=${BUS_SECRET:?BUS_SECRET must be set in .env}
# --- ADMIN ---
- DASHBOARD_PASSWORD=${DASHBOARD_PASSWORD:?DASHBOARD_PASSWORD must be set in .env}
# - BUS_ADMIN_SECRET=separate_admin_secret_here
# - BUS_METRICS_TOKEN=prometheus_bearer_token
# --- Security & Routing ---
# Enable this in production unless HTTPS is terminated by a reverse proxy
# - BUS_ENFORCE_HTTPS=true
# Set true behind nginx/Traefik/Caddy/etc.
# - BUS_TRUST_PROXY=true
# Require HMAC request signing
# - BUS_REQUIRE_SIGNATURES=true
# --- System Maintenance ---
- BUS_MAINTENANCE_MODE=false
# - BUS_CLEANUP_INTERVAL_SECONDS=21600
volumes:
# SQLite WAL requires local disk storage.
# Do NOT use NFS/EFS/network filesystems.
- ./bus_data:/app/data
restart: unless-stopped
stop_grace_period: 30s
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:8080/health"]
interval: 30s
timeout: 5s
retries: 3