rust-forward-proxy/docker-compose.yml at main · pratik-codes/rust-forward-proxy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
version: '3.8'

services:
  # Redis service
  redis:
    image: redis:7.2-alpine
    container_name: rust-proxy-redis
    restart: unless-stopped
    ports:
      - "${REDIS_PORT:-6379}:6379"
    environment:
      - REDIS_PASSWORD=${REDIS_PASSWORD:-}
    command: >
      sh -c '
        if [ -n "$$REDIS_PASSWORD" ]; then
          redis-server --requirepass "$$REDIS_PASSWORD" --appendonly yes
        else
          redis-server --appendonly yes
        fi
      '
    volumes:
      - redis_data:/data
      - ./redis.conf:/usr/local/etc/redis/redis.conf:ro
    networks:
      - proxy-network
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 30s
      timeout: 3s
      retries: 3
      start_period: 5s
    security_opt:
      - no-new-privileges:true

  # Rust Forward Proxy service
  rust-proxy:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: rust-forward-proxy
    restart: unless-stopped
    ports:
      # Use privileged ports in Docker (host port:container port)
      - "80:80"     # HTTP proxy port
      - "443:443"   # HTTPS proxy port
    privileged: true  # Required for privileged ports
    environment:
      # Minimal environment - all config comes from config.yml
      - RUST_LOG=${LOG_LEVEL:-info}
    volumes:
      - ./logs:/app/logs
      - ./config-docker.yml:/app/config.yml:ro  # Mount Docker-specific config as read-only
      - ./certs:/app/certs
      - ./ca-certs:/app/ca-certs
    networks:
      - proxy-network
    depends_on:
      redis:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:80/health", "||", "exit", "1"]
      interval: 30s
      timeout: 3s
      retries: 3
      start_period: 10s
    # Remove security restrictions for privileged ports
    # security_opt:
    #   - no-new-privileges:true

volumes:
  redis_data:
    driver: local

networks:
  proxy-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16