feat(deploy): add compose deployment

2026-06-17 05:56:29 +00:00 · 2026-05-04 23:16:08 +08:00
parent f939a50950
commit 817540f8a0
12 changed files with 451 additions and 106 deletions
@@ -0,0 +1,38 @@
+# Copy this file to .env before running Docker Compose:
+#   cp deploy/compose.env.example .env
+
+# Public web port exposed by the web service.
+CHECKIN_WEB_PORT=8080
+
+# ==================== Backend runtime paths ====================
+# Container-local defaults for the Compose deployment.
+DATABASE_URL=sqlite:////app/data/checkin.db
+LOG_FILE=/app/logs/backend.log
+SESSION_DIR=/app/sessions
+
+# ==================== Security and public URLs ====================
+# Change this before production use.
+SECRET_KEY=change-this-to-a-long-random-secret
+
+# Use the browser origins that will open the frontend.
+# Public domain + optional intranet origins.
+CORS_ORIGINS=https://checkin.example.com,http://192.168.1.10:8080,http://checkin.lan:8080
+FRONTEND_URL=https://checkin.example.com
+
+# ==================== Logging ====================
+LOG_LEVEL=INFO
+
+# ==================== Mail settings ====================
+SMTP_SERVER=smtp.example.com
+SMTP_PORT=465
+SMTP_SENDER_EMAIL=your-email@example.com
+SMTP_SENDER_PASSWORD=your-auth-code-here
+SMTP_USE_SSL=True
+
+# ==================== Playwright browser settings ====================
+# Leave empty to use the Chromium installed in the backend image.
+BROWSER_EXECUTABLE_PATH=
+
+# ==================== Scheduler settings ====================
+TOKEN_CHECK_INTERVAL_MINUTES=30
+SESSION_CLEANUP_INTERVAL_HOURS=24
@@ -0,0 +1,23 @@
+FROM python:3.14-slim AS runtime
+
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    PYTHONPATH=/app/apps \
+    PLAYWRIGHT_BROWSERS_PATH=/ms-playwright \
+    PATH="/app/.venv/bin:${PATH}"
+
+WORKDIR /app
+
+RUN python -m pip install --no-cache-dir --upgrade pip uv
+
+COPY pyproject.toml uv.lock README.md ./
+COPY main.py ./main.py
+COPY apps ./apps
+
+RUN uv sync --frozen --no-dev --extra production \
+    && playwright install --with-deps chromium \
+    && mkdir -p /app/data /app/sessions /app/logs
+
+EXPOSE 8000
+
+CMD ["python", "main.py", "backend", "--host", "0.0.0.0", "--port", "8000", "--no-reload", "--log-level", "info"]
@@ -0,0 +1,18 @@
+FROM node:24-trixie-slim AS frontend-build
+
+WORKDIR /app/apps/frontend
+
+RUN corepack enable
+
+COPY apps/frontend/package.json apps/frontend/pnpm-lock.yaml ./
+RUN pnpm install --frozen-lockfile
+
+COPY apps/frontend/ ./
+RUN pnpm build
+
+FROM nginx:1.27-alpine AS runtime
+
+COPY deploy/docker/web/nginx.conf /etc/nginx/conf.d/default.conf
+COPY --from=frontend-build /app/apps/frontend/dist /usr/share/nginx/html
+
+EXPOSE 80
@@ -0,0 +1,47 @@
+server {
+    listen 80;
+    server_name _;
+
+    root /usr/share/nginx/html;
+    index index.html;
+
+    client_max_body_size 10M;
+
+    gzip on;
+    gzip_vary on;
+    gzip_min_length 1024;
+    gzip_types text/plain text/css application/json application/javascript application/xml image/svg+xml;
+
+    location /api/ {
+        proxy_pass http://backend:8000/api/;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_buffering off;
+        proxy_request_buffering off;
+    }
+
+    location ~ ^/(docs|redoc|openapi.json|health)$ {
+        proxy_pass http://backend:8000;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+        try_files $uri =404;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.html;
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+    }
+}