name: "${PROJECT_NAME:-meldestelle}" services: # ========================================== # 1. INFRASTRUCTURE (Stateful & Core) # ========================================== # --- DATABASE: PostgreSQL --- postgres: image: "${POSTGRES_IMAGE:-postgres:16-alpine}" container_name: "${PROJECT_NAME:-meldestelle}-postgres" restart: unless-stopped profiles: [ "infra", "all" ] ports: - "${POSTGRES_PORT:-5432:5432}" environment: POSTGRES_USER: "${POSTGRES_USER:-pg-user}" POSTGRES_PASSWORD: "${POSTGRES_PASSWORD:-pg-password}" POSTGRES_DB: "${POSTGRES_DB:-pg-meldestelle-db}" volumes: - "postgres-data:/var/lib/postgresql/data" - "./config/docker/postgres:/docker-entrypoint-initdb.d:Z" - "./config/docker/postgres/postgresql.conf:/etc/postgresql/postgresql.conf:Z" command: - "postgres" - "-c" - "config_file=/etc/postgresql/postgresql.conf" - "-c" - "shared_buffers=${POSTGRES_SHARED_BUFFERS:-256MB}" - "-c" - "effective_cache_size=${POSTGRES_EFFECTIVE_CACHE_SIZE:-768MB}" healthcheck: test: [ "CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}" ] interval: "10s" timeout: "5s" retries: "5" start_period: "10s" networks: meldestelle-network: aliases: - "postgres" # --- CACHE: Valkey --- valkey: image: "${VALKEY_IMAGE:-valkey/valkey:9-alpine}" container_name: "${PROJECT_NAME:-meldestelle}-valkey" restart: unless-stopped profiles: [ "infra", "all" ] ports: - "${VALKEY_PORT:-6379:6379}" volumes: - "valkey-data:/data" - "./config/docker/valkey/valkey.conf:/etc/valkey/valkey.conf:Z" command: - "sh" - "-lc" - | exec valkey-server /etc/valkey/valkey.conf \ --protected-mode no \ --maxmemory ${VALKEY_MAX_MEMORY:-256MB} \ --maxmemory-policy ${VALKEY_POLICY:-allkeys-lru} \ ${VALKEY_PASSWORD:+--requirepass $VALKEY_PASSWORD} healthcheck: test: [ "CMD-SHELL", "[ -z \"$VALKEY_PASSWORD\" ] && valkey-cli ping | grep PONG || valkey-cli -a \"$VALKEY_PASSWORD\" ping | grep PONG" ] interval: "10s" timeout: "5s" retries: "3" networks: meldestelle-network: aliases: - "valkey" # --- IAM: Keycloak (Zora-Optimiert) --- keycloak: build: context: . dockerfile: config/docker/keycloak/Dockerfile args: KEYCLOAK_IMAGE_TAG: "${KEYCLOAK_IMAGE_TAG:-26.5.5}" image: "${DOCKER_REGISTRY:-git.mo-code.at/mocode-software}/keycloak:${KEYCLOAK_IMAGE_TAG:-26.5.5}" container_name: "${PROJECT_NAME:-meldestelle}-keycloak" restart: unless-stopped profiles: [ "infra", "all" ] environment: KC_BOOTSTRAP_ADMIN_USERNAME: "${KC_ADMIN_USERNAME:-kc-admin}" KC_BOOTSTRAP_ADMIN_PASSWORD: "${KC_ADMIN_PASSWORD:-kc-password}" KC_DB: "${KC_DB:-postgres}" KC_DB_SCHEMA: "${KC_DB_SCHEMA:-keycloak}" KC_DB_URL: "jdbc:postgresql://postgres:5432/${POSTGRES_DB:-pg-meldestelle-db}" KC_DB_USERNAME: "${POSTGRES_USER:-pg-user}" KC_DB_PASSWORD: "${POSTGRES_PASSWORD:-pg-password}" # Hostname-Konfiguration: Für lokale Entwicklung "localhost", auf dem Server die echte IP/Domain setzen KC_HOSTNAME: "${KC_HOSTNAME:-localhost}" # WICHTIG: false erlaubt Zugriff über beliebige Hostnamen (nötig für Server-Betrieb ohne TLS) KC_HOSTNAME_STRICT: "${KC_HOSTNAME_STRICT:-false}" # KC_HOSTNAME_STRICT_HTTPS wurde entfernt — deprecated v1-Option in Keycloak 26.x (hostname v2). # HTTP-Zugriff wird ausschließlich über KC_HTTP_ENABLED gesteuert. KC_HTTP_ENABLED: "true" # Admin-Interface explizit auf allen Interfaces binden (0.0.0.0) KC_HTTP_MANAGEMENT_PORT: "9000" KC_HEALTH_ENABLED: "true" KC_METRICS_ENABLED: "true" # Integration der Power-Flags JAVA_OPTS_APPEND: "-Xms${KC_HEAP_MIN:-512M} -Xmx${KC_HEAP_MAX:-1024M} ${JVM_OPTS_ARM64}" ports: - "${KC_PORT:-8180:8080}" - "${KC_MANAGEMENT_PORT:-9000:9000}" depends_on: postgres: condition: "service_healthy" healthcheck: # Keycloak basiert auf ubi9-micro — curl/wget sind NICHT im Image enthalten! # Lösung: Bash /dev/tcp — kein externes Tool nötig, funktioniert auf jedem bash-Image. # Management-Port 9000: Health-Endpoints (/health/live, /health/ready) laufen hier. # /health/live: prüft nur Prozess-Liveness — kein Warten auf JGroups-Cluster-Formation. test: [ "CMD-SHELL", "exec 3<>/dev/tcp/localhost/9000 && printf 'GET /health/live HTTP/1.0\\r\\nHost: localhost\\r\\n\\r\\n' >&3 && cat <&3 | grep -q '\"UP\"'" ] interval: "15s" timeout: "10s" retries: 5 start_period: "90s" volumes: - "./config/docker/keycloak:/opt/keycloak/data/import:Z" # start --optimized nutzt das pre-built Image (kc.sh build im Dockerfile) # start-dev würde den Pre-Build ignorieren und im Dev-Modus starten (Konflikt mit Registry-Images!) command: "${KC_COMMAND:-start --optimized --import-realm}" networks: meldestelle-network: aliases: - "keycloak" - "auth.mo-code.at" # --- SERVICE DISCOVERY: Consul --- consul: image: "${CONSUL_IMAGE:-hashicorp/consul:1.22.1}" container_name: "${PROJECT_NAME:-meldestelle}-consul" restart: unless-stopped profiles: [ "infra", "all" ] ports: - "${CONSUL_PORT:-8500:8500}" - "${CONSUL_UDP_PORT:-8600:8600/udp}" command: "agent -server -bootstrap-expect=1 -ui -client=0.0.0.0" healthcheck: test: [ "CMD", "curl", "-f", "http://localhost:8500/v1/status/leader" ] interval: "30s" networks: meldestelle-network: aliases: - "consul" # --- TRACING: Zipkin --- zipkin: image: "${ZIPKIN_IMAGE:-openzipkin/zipkin:3}" container_name: "${PROJECT_NAME:-meldestelle}-zipkin" restart: unless-stopped profiles: [ "infra", "all" ] environment: JAVA_OPTS: "-Xms${ZIPKIN_MIN_HEAP:-256M} -Xmx${ZIPKIN_MAX_HEAP:-512M} ${JVM_OPTS_ARM64}" ports: - "${ZIPKIN_PORT:-9411:9411}" networks: meldestelle-network: healthcheck: test: [ "CMD", "wget", "--spider", "-q", "http://localhost:9411/health" ] interval: 20s timeout: 5s retries: 5 start_period: 20s volumes: postgres-data: valkey-data: mailpit-data: networks: meldestelle-network: driver: bridge