Files
laravel-gost-template/deploy/docker-compose.yml
2026-06-24 17:20:43 +09:00

73 lines
2.3 KiB
YAML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# ============================================================================
# Пример docker-compose для защищённого развёртывания (УЗ-1 / К1)
# Сегментация (раздел 10 гайда): веб в одной сети, БД/Redis — во внутренней
# сети без доступа из интернета (мера ЗИС.1).
# Это ОБРАЗЕЦ для стенда; в проде используйте управляемые БД и секрет-хранилище.
# ============================================================================
services:
app:
build:
context: ..
dockerfile: deploy/Dockerfile
restart: unless-stopped
env_file: ../.env
depends_on:
- pgsql
- pgsql-audit
- redis
networks: [frontend, backend]
volumes:
- app-storage:/var/www/app/storage
nginx:
image: nginx:1.27-alpine
restart: unless-stopped
depends_on: [app]
ports:
- "443:443"
- "80:80"
volumes:
- ./nginx/app.conf:/etc/nginx/conf.d/default.conf:ro
- ./certs:/etc/ssl/app:ro
networks: [frontend]
# Основная БД с ПДн — только во внутренней сети (ЗИС.1).
pgsql:
image: postgres:17-alpine
restart: unless-stopped
environment:
POSTGRES_DB: ${DB_DATABASE}
POSTGRES_USER: ${DB_USERNAME}
POSTGRES_PASSWORD: ${DB_PASSWORD}
volumes:
- pgsql-data:/var/lib/postgresql/data
networks: [backend]
# Отдельная БД журнала аудита (РСБ.3) — изолированный экземпляр.
pgsql-audit:
image: postgres:17-alpine
restart: unless-stopped
environment:
POSTGRES_DB: ${AUDIT_DB_DATABASE}
POSTGRES_USER: ${AUDIT_DB_USERNAME}
POSTGRES_PASSWORD: ${AUDIT_DB_PASSWORD}
volumes:
- pgsql-audit-data:/var/lib/postgresql/data
networks: [backend]
redis:
image: redis:7-alpine
restart: unless-stopped
command: ["redis-server", "--requirepass", "${REDIS_PASSWORD}"]
networks: [backend]
networks:
frontend:
backend:
internal: true # Нет доступа в интернет из сегмента БД (ЗИС.1).
volumes:
app-storage:
pgsql-data:
pgsql-audit-data: