rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/templates/compose/postiz.yaml
Drdiffie 47c442431b
Update postiz.yaml 
### Proposed Improvements to Postiz Template

I'd like to propose several improvements to the current Postiz template that enhance security, reliability, and configuration flexibility:

#### Security Enhancements
- Added Redis ACL configuration with proper authentication
- Implemented secure healthchecks with authentication
- Enhanced PostgreSQL security configurations

#### Reliability Improvements
- Added memory limits and resource management for Redis
- Implemented proper data persistence configurations
- Added tmpfs for temporary files
- More comprehensive healthcheck configurations with proper retry/timeout strategies
- Better dependency management with health conditions

#### Configuration Flexibility
- Support for all environment variables from Postiz documentation
- Added Cloudflare R2 integration support
- Logical grouping of environment variables
- Default values for critical settings
- Better volume management with explicit drivers

The improved template provides a more production-ready setup while maintaining compatibility with Coolify's requirements. It follows best practices for Docker deployments and provides better security out of the box.
2024-11-21 16:05:55 +01:00

162 lines
5.6 KiB
YAML
Raw Blame History

# documentation: https://docs.postiz.com
# slogan: Open source social media scheduling tool.
# tags: post everywhere, social media, planning
# logo: svgs/postiz.svg
# port: 5000
services:
postiz:
image: 'ghcr.io/gitroomhq/postiz-app:latest'
environment:
# Required Settings
- SERVICE_FQDN_POSTIZ_5000
- 'MAIN_URL=${SERVICE_FQDN_POSTIZ}'
- 'FRONTEND_URL=${SERVICE_FQDN_POSTIZ}'
- 'NEXT_PUBLIC_BACKEND_URL=${SERVICE_FQDN_POSTIZ}/api'
- 'DATABASE_URL=postgresql://${SERVICE_USER_POSTGRESQL}:${SERVICE_PASSWORD_POSTGRESQL}@postgres:5432/${POSTGRESQL_DATABASE:-postiz-db}'
- 'REDIS_URL=redis://${SERVICE_USER_REDIS}:${SERVICE_PASSWORD_REDIS}@redis:6379'
- 'JWT_SECRET=${SERVICE_PASSWORD_JWTSECRET}'
- 'BACKEND_INTERNAL_URL=http://localhost:3000'
# Cloudflare R2 Settings
- 'CLOUDFLARE_ACCOUNT_ID=${CLOUDFLARE_ACCOUNT_ID}'
- 'CLOUDFLARE_ACCESS_KEY=${CLOUDFLARE_ACCESS_KEY}'
- 'CLOUDFLARE_SECRET_ACCESS_KEY=${CLOUDFLARE_SECRET_ACCESS_KEY}'
- 'CLOUDFLARE_BUCKETNAME=${CLOUDFLARE_BUCKETNAME}'
- 'CLOUDFLARE_BUCKET_URL=${CLOUDFLARE_BUCKET_URL}'
- 'CLOUDFLARE_REGION=${CLOUDFLARE_REGION}'
# Storage Settings
- 'STORAGE_PROVIDER=${STORAGE_PROVIDER:-local}'
- 'UPLOAD_DIRECTORY=${UPLOAD_DIRECTORY:-/uploads}'
- 'NEXT_PUBLIC_UPLOAD_DIRECTORY=${NEXT_PUBLIC_UPLOAD_DIRECTORY:-/uploads}'
- 'NEXT_PUBLIC_UPLOAD_STATIC_DIRECTORY=${NEXT_PUBLIC_UPLOAD_STATIC_DIRECTORY}'
# Email Settings
- 'RESEND_API_KEY=${RESEND_API_KEY}'
- 'EMAIL_FROM_ADDRESS=${EMAIL_FROM_ADDRESS}'
- 'EMAIL_FROM_NAME=${EMAIL_FROM_NAME}'
# Social Media API Settings
- 'X_API_KEY=${SERVICE_X_API}'
- 'X_API_SECRET=${SERVICE_X_SECRET}'
- 'LINKEDIN_CLIENT_ID=${SERVICE_LINKEDIN_ID}'
- 'LINKEDIN_CLIENT_SECRET=${SERVICE_LINKEDIN_SECRET}'
- 'REDDIT_CLIENT_ID=${SERVICE_REDDIT_API}'
- 'REDDIT_CLIENT_SECRET=${SERVICE_REDDIT_SECRET}'
- 'GITHUB_CLIENT_ID=${SERVICE_GITHUB_ID}'
- 'GITHUB_CLIENT_SECRET=${SERVICE_GITHUB_SECRET}'
- 'THREADS_APP_ID=${SERVICE_THREADS_ID}'
- 'THREADS_APP_SECRET=${SERVICE_THREADS_SECRET}'
- 'FACEBOOK_APP_ID=${SERVICE_FACEBOOK_ID}'
- 'FACEBOOK_APP_SECRET=${SERVICE_FACEBOOK_SECRET}'
- 'YOUTUBE_CLIENT_ID=${SERVICE_YOUTUBE_ID}'
- 'YOUTUBE_CLIENT_SECRET=${SERVICE_YOUTUBE_SECRET}'
- 'TIKTOK_CLIENT_ID=${SERVICE_TIKTOK_ID}'
- 'TIKTOK_CLIENT_SECRET=${SERVICE_TIKTOK_SECRET}'
- 'PINTEREST_CLIENT_ID=${SERVICE_PINTEREST_ID}'
- 'PINTEREST_CLIENT_SECRET=${SERVICE_PINTEREST_SECRET}'
- 'DRIBBBLE_CLIENT_ID=${SERVICE_DRIBBLE_ID}'
- 'DRIBBBLE_CLIENT_SECRET=${SERVICE_DRIBBLE_SECRET}'
- 'DISCORD_CLIENT_ID=${SERVICE_DISCORD_ID}'
- 'DISCORD_CLIENT_SECRET=${SERVICE_DISCORD_SECRET}'
- 'DISCORD_BOT_TOKEN_ID=${SERVICE_DISCORD_TOKEN}'
- 'SLACK_ID=${SERVICE_SLACK_ID}'
- 'SLACK_SECRET=${SERVICE_SLACK_SECRET}'
- 'SLACK_SIGNING_SECRET=${SLACK_SIGNING_SECRET}'
- 'MASTODON_CLIENT_ID=${SERVICE_MASTODON_ID}'
- 'MASTODON_CLIENT_SECRET=${SERVICE_MASTODON_SECRET}'
# Integration APIs
- 'BEEHIIVE_API_KEY=${SERVICE_BEEHIIVE_KEY}'
- 'BEEHIIVE_PUBLICATION_ID=${SERVICE_BEEHIIVE_PUBID}'
- 'OPENAI_API_KEY=${SERVICE_OPENAI_KEY}'
# Misc Settings
- 'NEXT_PUBLIC_DISCORD_SUPPORT=${NEXT_PUBLIC_DISCORD_SUPPORT}'
- 'NEXT_PUBLIC_POLOTNO=${NEXT_PUBLIC_POLOTNO}'
- 'IS_GENERAL=${IS_GENERAL:-true}'
- 'NX_ADD_PLUGINS=${NX_ADD_PLUGINS:-false}'
# Payment Settings
- 'FEE_AMOUNT=${FEE_AMOUNT:-0.05}'
- 'STRIPE_PUBLISHABLE_KEY=${STRIPE_PUBLISHABLE_KEY}'
- 'STRIPE_SECRET_KEY=${STRIPE_SECRET_KEY}'
- 'STRIPE_SIGNING_KEY=${STRIPE_SIGNING_KEY}'
- 'STRIPE_SIGNING_KEY_CONNECT=${STRIPE_SIGNING_KEY_CONNECT}'
volumes:
- 'postiz_config:/config/'
- 'postiz_uploads:/uploads/'
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test:
- CMD-SHELL
- 'wget -qO- http://127.0.0.1:5000/'
interval: 5s
timeout: 20s
retries: 10
postgres:
image: 'postgres:14.5'
volumes:
- 'postiz_postgresql_data:/var/lib/postgresql/data'
environment:
- 'POSTGRES_USER=${SERVICE_USER_POSTGRESQL}'
- 'POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRESQL}'
- 'POSTGRES_DB=${POSTGRESQL_DATABASE:-postiz-db}'
healthcheck:
test:
- CMD-SHELL
- 'pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}'
interval: 5s
timeout: 20s
retries: 10
redis:
image: 'redis:7.2'
command: >
redis-server
--port 6379
--save 60 1
--loglevel warning
--protected-mode yes
--aclfile /data/users.acl
volumes:
- 'postiz_redis_data:/data'
- type: tmpfs
target: /tmp
healthcheck:
test:
- CMD
- redis-cli
- '-u'
- 'redis://${SERVICE_USER_REDIS}:${SERVICE_PASSWORD_REDIS}@localhost:6379'
- ping
interval: 5s
timeout: 10s
retries: 20
deploy:
resources:
limits:
memory: 256M
entrypoint: >
sh -c "
echo 'user default off' > /data/users.acl &&
echo 'user ${SERVICE_USER_REDIS} on >${SERVICE_PASSWORD_REDIS} ~* &* +@all' >> /data/users.acl &&
redis-server --aclfile /data/users.acl
"
volumes:
postiz_config:
driver: local
postiz_uploads:
driver: local
postiz_postgresql_data:
driver: local
postiz_redis_data:
driver: local
Reference in a new issue View git blame Copy permalink