services: db: image: postgres:16-alpine environment: POSTGRES_USER: ${POSTGRES_USER:?POSTGRES_USER must be set} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?POSTGRES_PASSWORD must be set} POSTGRES_DB: ${POSTGRES_DB:?POSTGRES_DB must be set} volumes: - ${DCM_DATA_DIR:-./data}/db-data:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:?POSTGRES_USER must be set} -d ${POSTGRES_DB:?POSTGRES_DB must be set}"] interval: 10s timeout: 5s retries: 10 restart: unless-stopped networks: - internal redis: image: redis:7-alpine command: - "redis-server" - "--appendonly" - "yes" - "--requirepass" - "${REDIS_PASSWORD:?REDIS_PASSWORD must be set}" volumes: - ${DCM_DATA_DIR:-./data}/redis-data:/data networks: - internal typesense: image: typesense/typesense:30.1 command: - "--data-dir=/data" - "--api-key=${TYPESENSE_API_KEY:?TYPESENSE_API_KEY must be set}" - "--enable-cors" volumes: - ${DCM_DATA_DIR:-./data}/typesense-data:/data restart: unless-stopped networks: - internal api: build: context: ./backend environment: APP_ENV: ${APP_ENV:-development} DATABASE_URL: ${DATABASE_URL:?DATABASE_URL must be set} REDIS_URL: ${REDIS_URL:?REDIS_URL must be set} REDIS_SECURITY_MODE: ${REDIS_SECURITY_MODE:-auto} REDIS_TLS_MODE: ${REDIS_TLS_MODE:-auto} STORAGE_ROOT: /data/storage AUTH_BOOTSTRAP_ADMIN_USERNAME: ${AUTH_BOOTSTRAP_ADMIN_USERNAME:?AUTH_BOOTSTRAP_ADMIN_USERNAME must be set} AUTH_BOOTSTRAP_ADMIN_PASSWORD: ${AUTH_BOOTSTRAP_ADMIN_PASSWORD:?AUTH_BOOTSTRAP_ADMIN_PASSWORD must be set} AUTH_BOOTSTRAP_USER_USERNAME: ${AUTH_BOOTSTRAP_USER_USERNAME:-} AUTH_BOOTSTRAP_USER_PASSWORD: ${AUTH_BOOTSTRAP_USER_PASSWORD:-} AUTH_LOGIN_FAILURE_LIMIT: ${AUTH_LOGIN_FAILURE_LIMIT:-5} AUTH_LOGIN_FAILURE_WINDOW_SECONDS: ${AUTH_LOGIN_FAILURE_WINDOW_SECONDS:-900} AUTH_LOGIN_LOCKOUT_BASE_SECONDS: ${AUTH_LOGIN_LOCKOUT_BASE_SECONDS:-30} AUTH_LOGIN_LOCKOUT_MAX_SECONDS: ${AUTH_LOGIN_LOCKOUT_MAX_SECONDS:-900} APP_SETTINGS_ENCRYPTION_KEY: ${APP_SETTINGS_ENCRYPTION_KEY:?APP_SETTINGS_ENCRYPTION_KEY must be set} PROVIDER_BASE_URL_ALLOWLIST: '${PROVIDER_BASE_URL_ALLOWLIST:-[]}' PROVIDER_BASE_URL_ALLOW_HTTP: ${PROVIDER_BASE_URL_ALLOW_HTTP:-true} PROVIDER_BASE_URL_ALLOW_PRIVATE_NETWORK: ${PROVIDER_BASE_URL_ALLOW_PRIVATE_NETWORK:-true} PROCESSING_LOG_STORE_MODEL_IO_TEXT: ${PROCESSING_LOG_STORE_MODEL_IO_TEXT:-false} PROCESSING_LOG_STORE_PAYLOAD_TEXT: ${PROCESSING_LOG_STORE_PAYLOAD_TEXT:-false} CONTENT_EXPORT_MAX_DOCUMENTS: ${CONTENT_EXPORT_MAX_DOCUMENTS:-250} CONTENT_EXPORT_MAX_TOTAL_BYTES: ${CONTENT_EXPORT_MAX_TOTAL_BYTES:-52428800} CONTENT_EXPORT_RATE_LIMIT_PER_MINUTE: ${CONTENT_EXPORT_RATE_LIMIT_PER_MINUTE:-6} OCR_LANGUAGES: eng,deu PUBLIC_BASE_URL: ${PUBLIC_BASE_URL:-http://localhost:8000} CORS_ORIGINS: '${CORS_ORIGINS:-["http://localhost:5173","http://localhost:3000"]}' TYPESENSE_PROTOCOL: http TYPESENSE_HOST: typesense TYPESENSE_PORT: 8108 TYPESENSE_API_KEY: ${TYPESENSE_API_KEY:?TYPESENSE_API_KEY must be set} TYPESENSE_COLLECTION_NAME: documents # ports: # - "${HOST_BIND_IP:-127.0.0.1}:8000:8000" security_opt: - no-new-privileges:true cap_drop: - ALL volumes: - ./backend/app:/app/app - ${DCM_DATA_DIR:-./data}/storage:/data/storage depends_on: db: condition: service_healthy redis: condition: service_started typesense: condition: service_started networks: npm_proxy: ipv4_address: 192.168.98.41 internal: restart: unless-stopped worker: build: context: ./backend command: ["python", "-m", "app.worker.run_worker"] environment: APP_ENV: ${APP_ENV:-development} DATABASE_URL: ${DATABASE_URL:?DATABASE_URL must be set} REDIS_URL: ${REDIS_URL:?REDIS_URL must be set} REDIS_SECURITY_MODE: ${REDIS_SECURITY_MODE:-auto} REDIS_TLS_MODE: ${REDIS_TLS_MODE:-auto} STORAGE_ROOT: /data/storage APP_SETTINGS_ENCRYPTION_KEY: ${APP_SETTINGS_ENCRYPTION_KEY:?APP_SETTINGS_ENCRYPTION_KEY must be set} PROVIDER_BASE_URL_ALLOWLIST: '${PROVIDER_BASE_URL_ALLOWLIST:-[]}' PROVIDER_BASE_URL_ALLOW_HTTP: ${PROVIDER_BASE_URL_ALLOW_HTTP:-true} PROVIDER_BASE_URL_ALLOW_PRIVATE_NETWORK: ${PROVIDER_BASE_URL_ALLOW_PRIVATE_NETWORK:-true} PROCESSING_LOG_STORE_MODEL_IO_TEXT: ${PROCESSING_LOG_STORE_MODEL_IO_TEXT:-false} PROCESSING_LOG_STORE_PAYLOAD_TEXT: ${PROCESSING_LOG_STORE_PAYLOAD_TEXT:-false} OCR_LANGUAGES: eng,deu PUBLIC_BASE_URL: ${PUBLIC_BASE_URL:-http://localhost:8000} TYPESENSE_PROTOCOL: http TYPESENSE_HOST: typesense TYPESENSE_PORT: 8108 TYPESENSE_API_KEY: ${TYPESENSE_API_KEY:?TYPESENSE_API_KEY must be set} TYPESENSE_COLLECTION_NAME: documents volumes: - ./backend/app:/app/app - ${DCM_DATA_DIR:-./data}/storage:/data/storage security_opt: - no-new-privileges:true cap_drop: - ALL depends_on: db: condition: service_healthy redis: condition: service_started typesense: condition: service_started restart: unless-stopped networks: - internal frontend: build: context: ./frontend target: ${APP_ENV:-development} args: VITE_API_BASE: ${VITE_API_BASE:-} environment: VITE_API_BASE: ${VITE_API_BASE:-} CORS_ORIGINS: '${CORS_ORIGINS:-["http://localhost:5173","http://localhost:3000"]}' VITE_ALLOWED_HOSTS: ${VITE_ALLOWED_HOSTS:-} # ports: # - "${HOST_BIND_IP:-127.0.0.1}:5173:5173" volumes: - ./frontend/src:/app/src - ./frontend/index.html:/app/index.html - ./frontend/vite.config.ts:/app/vite.config.ts depends_on: api: condition: service_started security_opt: - no-new-privileges:true cap_drop: - ALL networks: npm_proxy: ipv4_address: 192.168.98.40 internal: restart: unless-stopped networks: internal: driver: bridge npm_proxy: external: true