From 0ebcfaa3b78358786148a528a8a5fcd1352a8387 Mon Sep 17 00:00:00 2001 From: Stefan Mogeritsch Date: Thu, 12 Feb 2026 13:15:53 +0100 Subject: [PATCH] build: optimize Postgres container configuration for performance and stability Updated `dc-infra.yaml` to enable automatic restart (`unless-stopped`), introduce dynamic memory allocations via environment variables, and adjust healthcheck intervals for reduced load. Enhanced `postgresql.conf` with performance tuning comments, schema search path inclusion for Keycloak and app users, and SSL adjustments for internal communication. --- config/docker/postgres/postgresql.conf | 11 ++++++++--- dc-infra.yaml | 18 ++++++++++++++---- 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/config/docker/postgres/postgresql.conf b/config/docker/postgres/postgresql.conf index 4ab1bc36..36387253 100644 --- a/config/docker/postgres/postgresql.conf +++ b/config/docker/postgres/postgresql.conf @@ -1,6 +1,10 @@ # PostgreSQL Configuration File # Optimized for Meldestelle application +# Alle anderen Performance-Werte (shared_buffers etc.) können hier auf +# den niedrigen Werten bleiben, da sie durch den 'command' oben +# in der docker-compose dynamisch überschrieben werden. + # Connection Settings listen_addresses = '*' max_connections = 100 @@ -65,8 +69,9 @@ autovacuum_analyze_scale_factor = 0.025 autovacuum_vacuum_cost_delay = 20ms autovacuum_vacuum_cost_limit = 2000 -# Statement Behavior -search_path = '"$user", public' +# OPTIMIERUNG: Search Path für Keycloak und App-User +# Postgres sucht erst im Schema des Users, dann in public, dann in keycloak. +search_path = '"$user", public, keycloak' row_security = on # Client Connection Defaults @@ -78,7 +83,7 @@ idle_in_transaction_session_timeout = 600000 # 10 minutes, prevents idle transa # Disk temp_file_limit = 1GB # Limits temp file size -# SSL +# OPTIMIERUNG: SSL deaktiviert lassen für interne Kommunikation ssl = off ssl_prefer_server_ciphers = on diff --git a/dc-infra.yaml b/dc-infra.yaml index 8b2b2c7d..79ac9b84 100644 --- a/dc-infra.yaml +++ b/dc-infra.yaml @@ -9,7 +9,8 @@ services: postgres: image: "${POSTGRES_IMAGE:-postgres:16-alpine}" container_name: "${PROJECT_NAME:-meldestelle}-postgres" - restart: no + # OPTIMIERUNG: Automatischer Neustart bei System-Reboot + restart: unless-stopped ports: - "${POSTGRES_PORT:-5432:5432}" environment: @@ -21,13 +22,22 @@ services: - "./config/docker/postgres:/docker-entrypoint-initdb.d:Z" - "./config/docker/postgres/postgresql.conf:/etc/postgresql/postgresql.conf:Z" profiles: [ "infra", "all" ] - command: [ "postgres", "-c", "config_file=/etc/postgresql/postgresql.conf" ] + # OPTIMIERUNG: Dynamische Speicherzuweisung via .env Overrides + command: + - "postgres" + - "-c" + - "config_file=/etc/postgresql/postgresql.conf" + - "-c" + - "shared_buffers=${POSTGRES_SHARED_BUFFERS:-256MB}" + - "-c" + - "effective_cache_size=${POSTGRES_EFFECTIVE_CACHE_SIZE:-768MB}" healthcheck: test: [ "CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}" ] - interval: "5s" + # OPTIMIERUNG: Höheres Intervall (10s), um Zora im Normalbetrieb zu entlasten + interval: "10s" timeout: "5s" retries: "5" - start_period: "10s" + start_period: "5s" networks: meldestelle-network: aliases: