349e8daa0b
Add `core prod` command with full production infrastructure tooling: - `core prod status` — parallel SSH health checks across all hosts, Galera cluster state, Redis sentinel, Docker, LB health - `core prod setup` — Phase 1 foundation: Hetzner topology discovery, managed LB creation, CloudNS DNS record management - `core prod dns` — CloudNS record CRUD with idempotent EnsureRecord - `core prod lb` — Hetzner Cloud LB status and creation - `core prod ssh <host>` — SSH into hosts defined in infra.yaml New packages: - pkg/infra: config parsing, Hetzner Cloud/Robot API, CloudNS DNS API - infra.yaml: declarative production topology (hosts, LB, DNS, SSL, Galera, Redis, containers, S3, CDN, CI/CD, monitoring, backups) Docker: - Dockerfile.app (PHP 8.3-FPM, multi-stage) - Dockerfile.web (Nginx + security headers) - docker-compose.prod.yml (app, web, horizon, scheduler, mcp, redis, galera) Ansible playbooks (runnable via `core deploy ansible`): - galera-deploy.yml, redis-deploy.yml, galera-backup.yml - inventory.yml with all production hosts CI/CD: - .forgejo/workflows/deploy.yml for Forgejo Actions pipeline Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
19 lines
652 B
Text
19 lines
652 B
Text
# Host UK — Nginx Web Server
|
|
# Serves static files and proxies PHP to FPM container
|
|
#
|
|
# Build: docker build -f docker/Dockerfile.web -t host-uk/web:latest .
|
|
|
|
FROM nginx:1.27-alpine
|
|
|
|
# Copy nginx configuration
|
|
COPY docker/nginx/default.conf /etc/nginx/conf.d/default.conf
|
|
COPY docker/nginx/security-headers.conf /etc/nginx/snippets/security-headers.conf
|
|
|
|
# Copy static assets from app build
|
|
# (In production, these are volume-mounted from the app container)
|
|
# COPY --from=host-uk/app:latest /app/public /app/public
|
|
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
|
CMD wget -qO- http://localhost/health || exit 1
|
|
|
|
EXPOSE 80
|