feat: single container support, 3 deployment options

This commit is contained in:
nogueiraguh
2026-04-02 15:08:54 -03:00
parent bc3f7f25ea
commit c5ec69870f
2 changed files with 61 additions and 2 deletions

View File

@@ -117,7 +117,7 @@ APP_SECRET=<generate with: openssl rand -hex 64>
### 2. Login to OCIR ### 2. Login to OCIR
```bash ```bash
docker login ${OCIR_REGION}.ocir.io docker login <OCIR_REGION>.ocir.io
``` ```
- **Username:** `<namespace>/<username>` or `<namespace>/oracleidentitycloudservice/<email>` - **Username:** `<namespace>/<username>` or `<namespace>/oracleidentitycloudservice/<email>`
@@ -125,17 +125,45 @@ docker login ${OCIR_REGION}.ocir.io
### 3. Run ### 3. Run
**Option A — Single Container** (recommended for simplicity):
```bash
docker compose -f docker-compose.single.yml up -d
```
One container runs everything (nginx + backend). Port `8080`.
**Option B — Two Containers** (recommended for production):
```bash ```bash
docker compose up -d docker compose up -d
``` ```
Separate backend and frontend containers with internal networking.
**Option C — Docker Run** (no compose needed):
```bash
docker run -d \
--name oci-cis-agent \
-p 8080:8080 \
-v agent-data:/data \
-e APP_SECRET=$(openssl rand -hex 64) \
-e TZ=America/Sao_Paulo \
<OCIR_REGION>.ocir.io/<OCIR_NAMESPACE>/oci-cis-agent:latest
```
### 4. Access ### 4. Access
Open `http://localhost:8080` Open `http://localhost:8080`
The initial admin password is generated automatically and displayed in the backend logs: The initial admin password is generated automatically and displayed in the container logs:
```bash ```bash
# Single container / docker run
docker logs oci-cis-agent | grep "password"
# Two containers
docker compose logs backend | grep "password" docker compose logs backend | grep "password"
``` ```

31
docker-compose.single.yml Normal file
View File

@@ -0,0 +1,31 @@
services:
agent:
image: ${OCIR_REGION}.ocir.io/${OCIR_NAMESPACE}/oci-cis-agent:${IMAGE_TAG:-latest}
container_name: oci-cis-agent
restart: unless-stopped
environment:
- APP_SECRET=${APP_SECRET:?Set APP_SECRET in .env (openssl rand -hex 64)}
- JWT_EXPIRY_HOURS=${JWT_EXPIRY_HOURS:-12}
- DATA_DIR=/data
- CORS_ORIGINS=${CORS_ORIGINS:-}
- TZ=${TZ:-America/Sao_Paulo}
- OCI_CLI_SUPPRESS_FILE_PERMISSIONS_WARNING=True
ports:
- "${PORT:-8080}:8080"
volumes:
- agent-data:/data
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/api/health"]
interval: 30s
timeout: 10s
retries: 3
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
mem_limit: 4g
volumes:
agent-data:
driver: local