# ============================================================================ # DEPRECATED — standalone stream-server compose. # Use docker-compose.yml (root) with the `docker-dev` profile instead: # docker compose --profile docker-dev up -d stream-server # Marked in v1.0.4 cleanup. Candidate for deletion once no local dev # reference is found (2+ month grace period). # ============================================================================ version: "3.8" services: stream-server: build: context: . dockerfile: Dockerfile args: BUILD_TIME: ${BUILD_TIME:-$(date -u +"%Y-%m-%dT%H:%M:%SZ")} RUST_VERSION: ${RUST_VERSION:-$(rustc --version)} container_name: stream-server restart: unless-stopped # Configuration réseau ports: - "${HOST_PORT:-8082}:8082" # Variables d'environnement environment: - SECRET_KEY=${SECRET_KEY} - STREAM_SERVER_PORT=8082 - AUDIO_DIR=/app/audio - ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-http://localhost:5173} - MAX_FILE_SIZE=${MAX_FILE_SIZE:-104857600} - MAX_RANGE_SIZE=${MAX_RANGE_SIZE:-10485760} - SIGNATURE_TOLERANCE=${SIGNATURE_TOLERANCE:-60} - RUST_LOG=${RUST_LOG:-stream_server=info} - ADMIN_TOKEN=${ADMIN_TOKEN:-} # Montage des volumes volumes: - ./audio:/app/audio:ro - ./logs:/app/logs:rw - stream_server_cache:/tmp # Limitations de ressources deploy: resources: limits: memory: 512M cpus: "1.0" reservations: memory: 128M cpus: "0.25" # Configuration de sécurité security_opt: - no-new-privileges:true cap_drop: - ALL cap_add: - CHOWN - SETGID - SETUID read_only: true tmpfs: - /tmp:rw,noexec,nosuid,size=100m # Health check healthcheck: test: ["CMD", "/usr/local/bin/healthcheck.sh"] interval: 30s timeout: 10s retries: 3 start_period: 10s # Réseau networks: - stream_network # Proxy inverse (optionnel) nginx: image: nginx:alpine container_name: stream-nginx restart: unless-stopped depends_on: - stream-server ports: - "${NGINX_PORT:-80}:80" - "${NGINX_SSL_PORT:-443}:443" volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro - ./ssl:/etc/nginx/ssl:ro - nginx_cache:/var/cache/nginx networks: - stream_network profiles: - with-proxy # Monitoring avec Prometheus (optionnel) prometheus: image: prom/prometheus:latest container_name: stream-prometheus restart: unless-stopped ports: - "${PROMETHEUS_PORT:-9090}:9090" volumes: - ./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml:ro - prometheus_data:/prometheus command: - "--config.file=/etc/prometheus/prometheus.yml" - "--storage.tsdb.path=/prometheus" - "--web.console.libraries=/etc/prometheus/console_libraries" - "--web.console.templates=/etc/prometheus/consoles" - "--storage.tsdb.retention.time=200h" - "--web.enable-lifecycle" networks: - stream_network profiles: - monitoring # Grafana pour la visualisation (optionnel) grafana: image: grafana/grafana:latest container_name: stream-grafana restart: unless-stopped depends_on: - prometheus ports: - "${GRAFANA_PORT:-3000}:3000" environment: - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD:-admin} - GF_USERS_ALLOW_SIGN_UP=false volumes: - grafana_data:/var/lib/grafana - ./monitoring/grafana/dashboards:/etc/grafana/provisioning/dashboards:ro - ./monitoring/grafana/datasources:/etc/grafana/provisioning/datasources:ro networks: - stream_network profiles: - monitoring networks: stream_network: driver: bridge ipam: config: - subnet: 172.20.0.0/16 volumes: stream_server_cache: driver: local nginx_cache: driver: local prometheus_data: driver: local grafana_data: driver: local