[+] update docker-compose

1. use PartOf for proper dependency management; 2. add hard coded subnet, with specific ip for app; to use in ufw rules;
2025-09-30 07:30:38 +03:00 · 2025-09-30 07:30:38 +03:00 · 01e98958a6
commit 01e98958a6
parent b9f791fc3d
4 changed files with 33 additions and 1 deletions
--- a/.env.examples
+++ b/.env.examples
@ -1 +1,3 @@
 NGINX_EXPORTER_PORTS=127.0.0.1:9113
+CHECKS_PORTS=127.0.0.1:9097
+SUBNET=172.31.0
--- a/d1/fxreader.online-certbot.service
+++ b/d1/fxreader.online-certbot.service
@ -1,5 +1,8 @@
 [Unit]
 Description=fxreader.online-certbot
+Requires=fxreader.online-gateway
+After=fxreader.online-gateway
+PartOf=fxreader.online-gateway

 [Service]
 Type=oneshot
--- a/d1/fxreader.online-gateway.service
+++ b/d1/fxreader.online-gateway.service
@ -2,10 +2,11 @@
 Description=fxreader.online-service
 Requires=docker.service
 After=docker.service
+PartOf=docker.service

 [Service]
 #Type=oneshot
-ExecStart=/usr/bin/docker compose up --force-recreate --remove-orphans
+ExecStart=/usr/bin/docker compose up
 ExecStop=/usr/bin/docker compose down
 WorkingDirectory={{PROJECT_ROOT}}
 StandardOutput=null
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -8,6 +8,10 @@ services:
      - ./d1/:/app/d1/:ro
      - ./tmp/cache/:/app/tmp/cache/:ro
    restart: on-failure
+    networks:
+      network:
+        ipv4_address: ${SUBNET}.2
+
  nginx-exporter:
    image: docker.io/nginx/nginx-prometheus-exporter@sha256:6edfb73afd11f2d83ea4e8007f5068c3ffaa38078a6b0ad1339e5bd2f637aacd
    #profiles:
@ -19,6 +23,8 @@ services:
      # LISTEN_ADDRESS: 0.0.0.0:9113
    ports: 
      - ${NGINX_EXPORTER_PORTS:-"127.0.0.1:9113"}:9113
+    networks:
+      network:

  ssl-app:
    build:
@ -29,6 +35,8 @@ services:
      - ./tmp/d1/:/app/tmp/d1/:ro
      - ./tmp/d1/letsencrypt:/etc/letsencrypt:rw
    restart: on-failure
+    networks:
+      network:

  checks:
    build:
@ -43,6 +51,8 @@ services:
      - online.fxreader.pr34.commands_typed.async_api.fastapi
    ports: 
      - ${CHECKS_PORTS:-"127.0.0.1:80"}:80
+    networks:
+      network:
    
  cpanel:
    image: online.fxreader.pr34.cpanel:dev
@ -55,6 +65,8 @@ services:
      - ./d1/:/app/d1:ro
      - ./tmp/d1/:/app/tmp/d1/:ro
    restart: on-failure
+    networks:
+      network:

  dynu:
    build:
@ -68,6 +80,8 @@ services:
    restart: on-failure
    # links:
    #  - ngrok
+    networks:
+      network:
  ngrok:
    image: wernight/ngrok
    #links:
@ -78,6 +92,8 @@ services:
    volumes:
      - ./tmp/cache/ngrok.yml:/home/ngrok/.ngrok2/ngrok.yml:ro
    restart: on-failure
+    networks:
+      network:
  #forward:
  #  build:
  #    context: .
@ -86,3 +102,13 @@ services:
  #    - ./d1/forward.py:/app/d1/forward.py:ro
  #    - ./tmp/cache/forward_data:/app/tmp/cache/forward_data:ro
  #  restart: always
+networks:
+  network:
+    driver: bridge
+    # driver_opts:
+    #   com.docker.network.bridge.name: br-mynet     # stable bridge name (optional)
+    ipam:
+      config:
+        - subnet: ${SUBNET}.0/24
+          gateway: "${SUBNET}.1"
+          ip_range: "${SUBNET}.128/25"               # optional: pool for containers