Update postiz.yaml
### Proposed Improvements to Postiz Template I'd like to propose several improvements to the current Postiz template that enhance security, reliability, and configuration flexibility: #### Security Enhancements - Added Redis ACL configuration with proper authentication - Implemented secure healthchecks with authentication - Enhanced PostgreSQL security configurations #### Reliability Improvements - Added memory limits and resource management for Redis - Implemented proper data persistence configurations - Added tmpfs for temporary files - More comprehensive healthcheck configurations with proper retry/timeout strategies - Better dependency management with health conditions #### Configuration Flexibility - Support for all environment variables from Postiz documentation - Added Cloudflare R2 integration support - Logical grouping of environment variables - Default values for critical settings - Better volume management with explicit drivers The improved template provides a more production-ready setup while maintaining compatibility with Coolify's requirements. It follows best practices for Docker deployments and provides better security out of the box.
This commit is contained in:
Drdiffie
@@ -6,92 +6,157 @@
|
||||
|
||||
services:
|
||||
postiz:
|
||||
image: ghcr.io/gitroomhq/postiz-app:latest
|
||||
image: 'ghcr.io/gitroomhq/postiz-app:latest'
|
||||
environment:
|
||||
# Required Settings
|
||||
- SERVICE_FQDN_POSTIZ_5000
|
||||
- MAIN_URL=${SERVICE_FQDN_POSTIZ}
|
||||
- FRONTEND_URL=${SERVICE_FQDN_POSTIZ}
|
||||
- NEXT_PUBLIC_BACKEND_URL=${SERVICE_FQDN_POSTIZ}/api
|
||||
- JWT_SECRET=${SERVICE_PASSWORD_JWTSECRET}
|
||||
- DATABASE_URL=postgresql://${SERVICE_USER_POSTGRESQL}:${SERVICE_PASSWORD_POSTGRESQL}@postgresql:5432/${POSTGRESQL_DATABASE:-postiz-db}
|
||||
- REDIS_URL=redis://${SERVICE_USER_REDIS}:${SERVICE_PASSWORD_REDIS}@redis:6379
|
||||
- BACKEND_INTERNAL_URL=http://localhost:3000
|
||||
- IS_GENERAL=true
|
||||
- STORAGE_PROVIDER=local
|
||||
- UPLOAD_DIRECTORY=/uploads
|
||||
- NEXT_PUBLIC_UPLOAD_DIRECTORY=/uploads
|
||||
- X_API_KEY=${SERVICE_X_API}
|
||||
- X_API_SECRET=${SERVICE_X_SECRET}
|
||||
- REDDIT_CLIENT_ID=${SERVICE_REDDIT_API}
|
||||
- REDDIT_CLIENT_SECRET=${SERVICE_REDDIT_SECRET}
|
||||
- TIKTOK_CLIENT_ID=${SERVICE_TIKTOK_ID}
|
||||
- TIKTOK_CLIENT_SECRET=${SERVICE_TIKTOK_SECRET}
|
||||
- SLACK_ID=${SERVICE_SLACK_ID}
|
||||
- SLACK_SECRET=${SERVICE_SLACK_SECRET}
|
||||
- PINTEREST_CLIENT_ID=${SERVICE_PINTEREST_ID}
|
||||
- PINTEREST_CLIENT_SECRET=${SERVICE_PINTEREST_SECRET}
|
||||
- DRIBBLE_CLIENT_ID=${SERVICE_DRIBBLE_ID}
|
||||
- DRIBBLE_CLIENT_SECRET=${SERVICE_DRIBBLE_SECRET}
|
||||
- DISCORD_CLIENT_ID=${SERVICE_DISCORD_ID}
|
||||
- DISCORD_CLIENT_SECRET=${SERVICE_DISCORD_SECRET}
|
||||
- DISCORD_BOT_TOKEN_ID=${SERVICE_DISCORD_TOKEN}
|
||||
- YOUTUBE_CLIENT_ID=${SERVICE_YOUTUBE_ID}
|
||||
- YOUTUBE_CLIENT_SECRET=${SERVICE_YOUTUBE_SECRET}
|
||||
- MASTODON_CLIENT_ID=${SERVICE_MASTODON_ID}
|
||||
- MASTODON_CLIENT_SECRET=${SERVICE_MASTODON_SECRET}
|
||||
- LINKEDIN_CLIENT_ID=${SERVICE_LINKEDIN_ID}
|
||||
- LINKEDIN_CLIENT_SECRET=${SERVICE_LINKEDIN_SECRET}
|
||||
- INSTAGRAM_APP_ID=${SERVICE_INSTAGRAM_ID}
|
||||
- INSTAGRAM_APP_SECRET=${SERVICE_INSTAGRAM_SECRET}
|
||||
- FACEBOOK_APP_ID=${SERVICE_FACEBOOK_ID}
|
||||
- FACEBOOK_APP_SECRET=${SERVICE_FACEBOOK_SECRET}
|
||||
- THREADS_APP_ID=${SERVICE_THREADS_ID}
|
||||
- THREADS_APP_SECRET=${SERVICE_THREADS_SECRET}
|
||||
- GITHUB_CLIENT_ID=${SERVICE_GITHUB_ID}
|
||||
- GITHUB_CLIENT_SECRET=${SERVICE_GITHUB_SECRET}
|
||||
- BEEHIIVE_API_KEY=${SERVICE_BEEHIIVE_KEY}
|
||||
- BEEHIIVE_PUBLICATION_ID=${SERVICE_BEEHIIVE_PUBID}
|
||||
- OPENAI_API_KEY=${SERVICE_OPENAI_KEY}
|
||||
- 'MAIN_URL=${SERVICE_FQDN_POSTIZ}'
|
||||
- 'FRONTEND_URL=${SERVICE_FQDN_POSTIZ}'
|
||||
- 'NEXT_PUBLIC_BACKEND_URL=${SERVICE_FQDN_POSTIZ}/api'
|
||||
- 'DATABASE_URL=postgresql://${SERVICE_USER_POSTGRESQL}:${SERVICE_PASSWORD_POSTGRESQL}@postgres:5432/${POSTGRESQL_DATABASE:-postiz-db}'
|
||||
- 'REDIS_URL=redis://${SERVICE_USER_REDIS}:${SERVICE_PASSWORD_REDIS}@redis:6379'
|
||||
- 'JWT_SECRET=${SERVICE_PASSWORD_JWTSECRET}'
|
||||
- 'BACKEND_INTERNAL_URL=http://localhost:3000'
|
||||
|
||||
# Cloudflare R2 Settings
|
||||
- 'CLOUDFLARE_ACCOUNT_ID=${CLOUDFLARE_ACCOUNT_ID}'
|
||||
- 'CLOUDFLARE_ACCESS_KEY=${CLOUDFLARE_ACCESS_KEY}'
|
||||
- 'CLOUDFLARE_SECRET_ACCESS_KEY=${CLOUDFLARE_SECRET_ACCESS_KEY}'
|
||||
- 'CLOUDFLARE_BUCKETNAME=${CLOUDFLARE_BUCKETNAME}'
|
||||
- 'CLOUDFLARE_BUCKET_URL=${CLOUDFLARE_BUCKET_URL}'
|
||||
- 'CLOUDFLARE_REGION=${CLOUDFLARE_REGION}'
|
||||
|
||||
# Storage Settings
|
||||
- 'STORAGE_PROVIDER=${STORAGE_PROVIDER:-local}'
|
||||
- 'UPLOAD_DIRECTORY=${UPLOAD_DIRECTORY:-/uploads}'
|
||||
- 'NEXT_PUBLIC_UPLOAD_DIRECTORY=${NEXT_PUBLIC_UPLOAD_DIRECTORY:-/uploads}'
|
||||
- 'NEXT_PUBLIC_UPLOAD_STATIC_DIRECTORY=${NEXT_PUBLIC_UPLOAD_STATIC_DIRECTORY}'
|
||||
|
||||
# Email Settings
|
||||
- 'RESEND_API_KEY=${RESEND_API_KEY}'
|
||||
- 'EMAIL_FROM_ADDRESS=${EMAIL_FROM_ADDRESS}'
|
||||
- 'EMAIL_FROM_NAME=${EMAIL_FROM_NAME}'
|
||||
|
||||
# Social Media API Settings
|
||||
- 'X_API_KEY=${SERVICE_X_API}'
|
||||
- 'X_API_SECRET=${SERVICE_X_SECRET}'
|
||||
- 'LINKEDIN_CLIENT_ID=${SERVICE_LINKEDIN_ID}'
|
||||
- 'LINKEDIN_CLIENT_SECRET=${SERVICE_LINKEDIN_SECRET}'
|
||||
- 'REDDIT_CLIENT_ID=${SERVICE_REDDIT_API}'
|
||||
- 'REDDIT_CLIENT_SECRET=${SERVICE_REDDIT_SECRET}'
|
||||
- 'GITHUB_CLIENT_ID=${SERVICE_GITHUB_ID}'
|
||||
- 'GITHUB_CLIENT_SECRET=${SERVICE_GITHUB_SECRET}'
|
||||
- 'THREADS_APP_ID=${SERVICE_THREADS_ID}'
|
||||
- 'THREADS_APP_SECRET=${SERVICE_THREADS_SECRET}'
|
||||
- 'FACEBOOK_APP_ID=${SERVICE_FACEBOOK_ID}'
|
||||
- 'FACEBOOK_APP_SECRET=${SERVICE_FACEBOOK_SECRET}'
|
||||
- 'YOUTUBE_CLIENT_ID=${SERVICE_YOUTUBE_ID}'
|
||||
- 'YOUTUBE_CLIENT_SECRET=${SERVICE_YOUTUBE_SECRET}'
|
||||
- 'TIKTOK_CLIENT_ID=${SERVICE_TIKTOK_ID}'
|
||||
- 'TIKTOK_CLIENT_SECRET=${SERVICE_TIKTOK_SECRET}'
|
||||
- 'PINTEREST_CLIENT_ID=${SERVICE_PINTEREST_ID}'
|
||||
- 'PINTEREST_CLIENT_SECRET=${SERVICE_PINTEREST_SECRET}'
|
||||
- 'DRIBBBLE_CLIENT_ID=${SERVICE_DRIBBLE_ID}'
|
||||
- 'DRIBBBLE_CLIENT_SECRET=${SERVICE_DRIBBLE_SECRET}'
|
||||
- 'DISCORD_CLIENT_ID=${SERVICE_DISCORD_ID}'
|
||||
- 'DISCORD_CLIENT_SECRET=${SERVICE_DISCORD_SECRET}'
|
||||
- 'DISCORD_BOT_TOKEN_ID=${SERVICE_DISCORD_TOKEN}'
|
||||
- 'SLACK_ID=${SERVICE_SLACK_ID}'
|
||||
- 'SLACK_SECRET=${SERVICE_SLACK_SECRET}'
|
||||
- 'SLACK_SIGNING_SECRET=${SLACK_SIGNING_SECRET}'
|
||||
- 'MASTODON_CLIENT_ID=${SERVICE_MASTODON_ID}'
|
||||
- 'MASTODON_CLIENT_SECRET=${SERVICE_MASTODON_SECRET}'
|
||||
|
||||
# Integration APIs
|
||||
- 'BEEHIIVE_API_KEY=${SERVICE_BEEHIIVE_KEY}'
|
||||
- 'BEEHIIVE_PUBLICATION_ID=${SERVICE_BEEHIIVE_PUBID}'
|
||||
- 'OPENAI_API_KEY=${SERVICE_OPENAI_KEY}'
|
||||
|
||||
# Misc Settings
|
||||
- 'NEXT_PUBLIC_DISCORD_SUPPORT=${NEXT_PUBLIC_DISCORD_SUPPORT}'
|
||||
- 'NEXT_PUBLIC_POLOTNO=${NEXT_PUBLIC_POLOTNO}'
|
||||
- 'IS_GENERAL=${IS_GENERAL:-true}'
|
||||
- 'NX_ADD_PLUGINS=${NX_ADD_PLUGINS:-false}'
|
||||
|
||||
# Payment Settings
|
||||
- 'FEE_AMOUNT=${FEE_AMOUNT:-0.05}'
|
||||
- 'STRIPE_PUBLISHABLE_KEY=${STRIPE_PUBLISHABLE_KEY}'
|
||||
- 'STRIPE_SECRET_KEY=${STRIPE_SECRET_KEY}'
|
||||
- 'STRIPE_SIGNING_KEY=${STRIPE_SIGNING_KEY}'
|
||||
- 'STRIPE_SIGNING_KEY_CONNECT=${STRIPE_SIGNING_KEY_CONNECT}'
|
||||
|
||||
volumes:
|
||||
- postiz_config:/config/
|
||||
- postiz_uploads:/uploads/
|
||||
- 'postiz_config:/config/'
|
||||
- 'postiz_uploads:/uploads/'
|
||||
depends_on:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
redis:
|
||||
condition: service_healthy
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:5000/"]
|
||||
test:
|
||||
- CMD-SHELL
|
||||
- 'wget -qO- http://127.0.0.1:5000/'
|
||||
interval: 5s
|
||||
timeout: 20s
|
||||
retries: 10
|
||||
|
||||
postgres:
|
||||
image: postgres:14.5
|
||||
image: 'postgres:14.5'
|
||||
volumes:
|
||||
- postiz_postgresql_data:/var/lib/postgresql/data
|
||||
- 'postiz_postgresql_data:/var/lib/postgresql/data'
|
||||
environment:
|
||||
- POSTGRES_USER=${SERVICE_USER_POSTGRESQL}
|
||||
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRESQL}
|
||||
- POSTGRES_DB=${POSTGRESQL_DATABASE:-postiz-db}
|
||||
- 'POSTGRES_USER=${SERVICE_USER_POSTGRESQL}'
|
||||
- 'POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRESQL}'
|
||||
- 'POSTGRES_DB=${POSTGRESQL_DATABASE:-postiz-db}'
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
|
||||
test:
|
||||
- CMD-SHELL
|
||||
- 'pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}'
|
||||
interval: 5s
|
||||
timeout: 20s
|
||||
retries: 10
|
||||
|
||||
redis:
|
||||
image: redis:7.2
|
||||
image: 'redis:7.2'
|
||||
command: >
|
||||
redis-server
|
||||
--port 6379
|
||||
--save 60 1
|
||||
--loglevel warning
|
||||
--protected-mode yes
|
||||
--aclfile /data/users.acl
|
||||
volumes:
|
||||
- postiz_redis_data:/data
|
||||
environment:
|
||||
- REDIS_PASSWORD=${SERVICE_PASSWORD_REDIS}
|
||||
- REDIS_USER=${SERVICE_USER_REDIS}
|
||||
- 'postiz_redis_data:/data'
|
||||
- type: tmpfs
|
||||
target: /tmp
|
||||
healthcheck:
|
||||
test:
|
||||
- CMD
|
||||
- redis-cli
|
||||
- PING
|
||||
- '-u'
|
||||
- 'redis://${SERVICE_USER_REDIS}:${SERVICE_PASSWORD_REDIS}@localhost:6379'
|
||||
- ping
|
||||
interval: 5s
|
||||
timeout: 10s
|
||||
retries: 20
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
memory: 256M
|
||||
entrypoint: >
|
||||
sh -c "
|
||||
echo 'user default off' > /data/users.acl &&
|
||||
echo 'user ${SERVICE_USER_REDIS} on >${SERVICE_PASSWORD_REDIS} ~* &* +@all' >> /data/users.acl &&
|
||||
redis-server --aclfile /data/users.acl
|
||||
"
|
||||
|
||||
volumes:
|
||||
postiz_config:
|
||||
driver: local
|
||||
postiz_uploads:
|
||||
driver: local
|
||||
postiz_postgresql_data:
|
||||
driver: local
|
||||
postiz_redis_data:
|
||||
driver: local
|
||||
|
||||
Reference in New Issue
Block a user