openmail/docker-compose.yml at main · ShadowWalker2014/openmail · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
version: "3.9"

services:
  postgres:
    image: postgres:16-alpine
    restart: unless-stopped
    # wal_level=logical required by ElectricSQL for real-time sync
    command: >
      postgres
      -c wal_level=logical
      -c max_replication_slots=10
      -c max_wal_senders=10
    environment:
      POSTGRES_DB: openmail
      POSTGRES_USER: openmail
      POSTGRES_PASSWORD: openmail_password
    volumes:
      - postgres_data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U openmail"]
      interval: 5s
      timeout: 5s
      retries: 5

  # PgBouncer — connection pooler sitting in front of Postgres.
  # All application services connect through pgbouncer:6432 in transaction
  # pool mode. Max 1000 client connections → 20 actual Postgres connections.
  # ElectricSQL is the only service that bypasses PgBouncer (needs logical replication).
  pgbouncer:
    image: edoburu/pgbouncer:1.22.1
    restart: unless-stopped
    environment:
      POSTGRESQL_HOST: postgres
      POSTGRESQL_PORT: "5432"
      POSTGRESQL_DATABASE: openmail
      POSTGRESQL_USERNAME: openmail
      POSTGRESQL_PASSWORD: openmail_password
      PGBOUNCER_DATABASE: openmail
      PGBOUNCER_POOL_MODE: transaction
      PGBOUNCER_DEFAULT_POOL_SIZE: "20"
      PGBOUNCER_MAX_CLIENT_CONN: "1000"
      PGBOUNCER_LISTEN_ADDRESS: "*"
      # Required for postgres.js / Drizzle compatibility in transaction pool mode
      PGBOUNCER_IGNORE_STARTUP_PARAMETERS: extra_float_digits,search_path
      # Resets server connection state between client sessions
      PGBOUNCER_SERVER_RESET_QUERY: DISCARD ALL
    ports:
      - "6432:6432"
    depends_on:
      postgres:
        condition: service_healthy
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -h localhost -p 6432 -U openmail -d openmail || exit 1"]
      interval: 10s
      timeout: 5s
      retries: 5

  redis:
    image: redis:7-alpine
    restart: unless-stopped
    volumes:
      - redis_data:/data
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 3s
      retries: 5

  # ElectricSQL — real-time sync service. Must connect DIRECTLY to Postgres
  # (bypasses PgBouncer) because it requires logical replication streaming.
  electric:
    image: electricsql/electric:latest
    restart: unless-stopped
    ports:
      - "3004:3000"
    environment:
      DATABASE_URL: postgresql://openmail:openmail_password@postgres:5432/openmail
      ELECTRIC_SECRET: ${ELECTRIC_SECRET:?ELECTRIC_SECRET must be set — generate with: openssl rand -hex 32}
      ELECTRIC_LOG_LEVEL: info
      ELECTRIC_DB_POOL_SIZE: "10"
    depends_on:
      postgres:
        condition: service_healthy

  api:
    build:
      context: .
      dockerfile: api/Dockerfile
    restart: unless-stopped
    ports:
      - "3001:3001"
    environment:
      NODE_ENV: production
      # Routes through PgBouncer for connection pooling
      DATABASE_URL: postgresql://openmail:openmail_password@pgbouncer:6432/openmail
      REDIS_URL: redis://redis:6379
      BETTER_AUTH_SECRET: ${BETTER_AUTH_SECRET:?BETTER_AUTH_SECRET must be set — generate with: openssl rand -hex 32}
      BETTER_AUTH_URL: ${BETTER_AUTH_URL:-http://localhost:3001}
      RESEND_API_KEY: ${RESEND_API_KEY}
      WEB_URL: ${WEB_URL:-http://localhost:5173}
      # ElectricSQL internal address for shape proxy
      ELECTRIC_URL: http://electric:3000
      ELECTRIC_SECRET: ${ELECTRIC_SECRET:?ELECTRIC_SECRET must be set}
      PORT: 3001
    depends_on:
      pgbouncer:
        condition: service_healthy
      redis:
        condition: service_healthy

  worker:
    build:
      context: .
      dockerfile: worker/Dockerfile
    restart: unless-stopped
    environment:
      NODE_ENV: production
      # Routes through PgBouncer for connection pooling
      DATABASE_URL: postgresql://openmail:openmail_password@pgbouncer:6432/openmail
      REDIS_URL: redis://redis:6379
      RESEND_API_KEY: ${RESEND_API_KEY}
      TRACKER_URL: ${TRACKER_URL:-http://tracker:3003}
      DEFAULT_FROM_EMAIL: ${DEFAULT_FROM_EMAIL:-noreply@openmail.dev}
      DEFAULT_FROM_NAME: ${DEFAULT_FROM_NAME:-OpenMail}
    depends_on:
      pgbouncer:
        condition: service_healthy
      redis:
        condition: service_healthy

  tracker:
    build:
      context: .
      dockerfile: tracker/Dockerfile
    restart: unless-stopped
    ports:
      - "3003:3003"
    environment:
      NODE_ENV: production
      # Routes through PgBouncer for connection pooling
      DATABASE_URL: postgresql://openmail:openmail_password@pgbouncer:6432/openmail
      WEB_URL: ${WEB_URL:-http://localhost:5173}
      PORT: 3003
    depends_on:
      pgbouncer:
        condition: service_healthy

  mcp:
    build:
      context: .
      dockerfile: mcp/Dockerfile
    restart: unless-stopped
    ports:
      - "3002:3002"
    environment:
      NODE_ENV: production
      # MCP proxies all DB operations through the API service — no direct DB access
      API_URL: http://api:3001
      PORT: 3002
    depends_on:
      - api

  web:
    build:
      context: .
      dockerfile: web/Dockerfile
      args:
        VITE_API_URL: ""
    restart: unless-stopped
    ports:
      - "5173:80"
    environment:
      NODE_ENV: production
    depends_on:
      - api

volumes:
  postgres_data:
  redis_data: