Files
netrunner-landing/docker-compose.yml
T
nineap 899c54e1fc Unify auth with backend cookie sessions; add dev-deploy pipeline
Auth: drop localStorage session token entirely, talk to netrunner-backend
via credentials:"include" HttpOnly cookies shared over the common parent
domain, and redirect to the account subdomain (ЛК) after login instead of
a dead local /profile route.

Config: NEXT_PUBLIC_* values used by client components (API_URL,
ACCOUNT_ORIGIN, BOT_USERNAME, PB_URL) get inlined into the JS bundle at
image build time and can't be overridden by docker-compose environment at
container start. Moved these reads into server components (page.tsx) and
thread them down as props, so one built image can genuinely serve both
prod and dev by config alone.

CI/CD: split the old single auto-deploy-to-prod workflow into build.yml
(build+push on every push to main) and deploy.yml with deploy-dev (auto,
same VPS as netrunner-backend's dev environment) and deploy-prod (manual
dispatch only) — mirrors netrunner-backend's pipeline shape. Added
docker-compose.dev-remote.yml pointing at the dev backend.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-04 15:26:28 +07:00

66 lines
2.5 KiB
YAML

services:
# Фронтенд (Next.js)
landing:
image: ghcr.io/nineap/netrunner-landing:latest
container_name: netrunner-landing
restart: always
ports:
- "127.0.0.1:3000:3000"
environment:
- NODE_ENV=production
# PB_PUBLIC_URL — адрес PocketBase для клиентских компонентов (Pricing,
# TerminalGuestbook, docs/download/terminal-client.tsx): читается на сервере
# в соответствующих page.tsx и прокидывается пропсом, т.к. NEXT_PUBLIC_PB_URL
# Next.js зашивает в бандл на этапе сборки образа в CI и не перечитывает при
# старте контейнера (см. docker-compose.dev-remote.yml, где это стало
# проблемой из-за общего с прод образа).
- PB_PUBLIC_URL=https://netrunner-vpn.com/cms-api
- NEXT_PUBLIC_PB_URL=https://netrunner-vpn.com/cms-api
- NEXT_PUBLIC_PROXY_URL=https://netrunner-vpn.com/api/proxy
- PB_INTERNAL_URL=http://netrunner-cms:8090
# Единая авторизация: ЛК живёт в netrunner-backend на отдельном сабдомене,
# общий родительский домен .netrunner-vpn.com расшаривает cookie-сессию.
# Без NEXT_PUBLIC_ — читаются только на сервере (app/[lang]/auth/page.tsx),
# поэтому реально применяются в рантайме, а не зашиваются в бандл при сборке.
- ACCOUNT_ORIGIN=https://account.netrunner-vpn.com
- API_URL=https://account.netrunner-vpn.com/api/v1
- BOT_USERNAME=ntrnr_vpn_bot
depends_on:
- ws-proxy
networks:
- netrunner-network
# CMS (PocketBase)
netrunner-cms:
image: ghcr.io/muchobien/pocketbase:latest
container_name: netrunner-cms
restart: unless-stopped
command:
- serve
- --http=0.0.0.0:8090
- --dir=/pb_data
ports:
- "127.0.0.1:8090:8090"
volumes:
- ./pb_data:/pb_data
networks:
- netrunner-network
# Прокси-слой (Rust)
ws-proxy:
image: ghcr.io/nineap/netrunner-landing-proxy:latest
container_name: netrunner-ws-proxy
restart: always
ports:
- "127.0.0.1:3001:3001"
environment:
- PB_INTERNAL_URL=http://netrunner-cms:8090
depends_on:
- netrunner-cms
networks:
- netrunner-network
networks:
netrunner-network:
driver: bridge