From f4bf6fad6010bc4edce168b1e304b651efb6c86c Mon Sep 17 00:00:00 2001 From: karmacoma Date: Sat, 13 Dec 2025 19:44:44 +0100 Subject: [PATCH] made coolify-ready --- .env | 0 docker-compose.yml | 199 ++++++++++++++++----------------------------- env.template | 22 +++-- 3 files changed, 86 insertions(+), 135 deletions(-) create mode 100644 .env diff --git a/.env b/.env new file mode 100644 index 0000000..e69de29 diff --git a/docker-compose.yml b/docker-compose.yml index 7d83f80..e41c37d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -37,11 +37,8 @@ name: onyx services: - api_server: + onyx-api_server: image: ${ONYX_BACKEND_IMAGE:-onyxdotapp/onyx-backend:${IMAGE_TAG:-latest}} - build: - context: ../../backend - dockerfile: Dockerfile command: > /bin/sh -c "alembic upgrade head && echo \"Starting Onyx Api Server\" && @@ -51,12 +48,14 @@ services: - path: .env required: false depends_on: - - relational_db - - index - - cache - - inference_model_server - - minio + - onyx-relational_db + - onyx-index + - onyx-cache + - onyx-inference_model_server + - onyx-minio restart: unless-stopped + expose: + - "8080" # DEV: To expose ports, either: # 1. Use docker-compose.dev.yml: docker compose -f docker-compose.yml -f docker-compose.dev.yml up -d # 2. Uncomment the ports below @@ -65,11 +64,11 @@ services: environment: # Auth Settings - AUTH_TYPE=${AUTH_TYPE:-basic} - - POSTGRES_HOST=${POSTGRES_HOST:-relational_db} - - VESPA_HOST=${VESPA_HOST:-index} - - REDIS_HOST=${REDIS_HOST:-cache} - - MODEL_SERVER_HOST=${MODEL_SERVER_HOST:-inference_model_server} - - S3_ENDPOINT_URL=${S3_ENDPOINT_URL:-http://minio:9000} + - POSTGRES_HOST=${POSTGRES_HOST:-onyx-relational_db} + - VESPA_HOST=${VESPA_HOST:-onyx-index} + - REDIS_HOST=${REDIS_HOST:-onyx-cache} + - MODEL_SERVER_HOST=${MODEL_SERVER_HOST:-onyx-inference_model_server} + - S3_ENDPOINT_URL=${S3_ENDPOINT_URL:-http://onyx-minio:9000} - S3_AWS_ACCESS_KEY_ID=${S3_AWS_ACCESS_KEY_ID:-minioadmin} - S3_AWS_SECRET_ACCESS_KEY=${S3_AWS_SECRET_ACCESS_KEY:-minioadmin} # PRODUCTION: Uncomment the line below to use if IAM_AUTH is true and you are using iam auth for postgres @@ -84,13 +83,10 @@ services: max-file: "6" # Optional, only for debugging purposes volumes: - - api_server_logs:/var/log/onyx + - onyx-api_server_logs:/var/log/onyx - background: + onyx-background: image: ${ONYX_BACKEND_IMAGE:-onyxdotapp/onyx-backend:${IMAGE_TAG:-latest}} - build: - context: ../../backend - dockerfile: Dockerfile command: > /bin/sh -c " if [ -f /etc/ssl/certs/custom-ca.crt ]; then @@ -101,20 +97,20 @@ services: - path: .env required: false depends_on: - - relational_db - - index - - cache - - inference_model_server - - indexing_model_server + - onyx-relational_db + - onyx-index + - onyx-cache + - onyx-inference_model_server + - onyx-indexing_model_server restart: unless-stopped environment: - USE_LIGHTWEIGHT_BACKGROUND_WORKER=${USE_LIGHTWEIGHT_BACKGROUND_WORKER:-true} - - POSTGRES_HOST=${POSTGRES_HOST:-relational_db} - - VESPA_HOST=${VESPA_HOST:-index} - - REDIS_HOST=${REDIS_HOST:-cache} - - MODEL_SERVER_HOST=${MODEL_SERVER_HOST:-inference_model_server} - - INDEXING_MODEL_SERVER_HOST=${INDEXING_MODEL_SERVER_HOST:-indexing_model_server} - - S3_ENDPOINT_URL=${S3_ENDPOINT_URL:-http://minio:9000} + - POSTGRES_HOST=${POSTGRES_HOST:-onyx-relational_db} + - VESPA_HOST=${VESPA_HOST:-onyx-index} + - REDIS_HOST=${REDIS_HOST:-onyx-cache} + - MODEL_SERVER_HOST=${MODEL_SERVER_HOST:-onyx-inference_model_server} + - INDEXING_MODEL_SERVER_HOST=${INDEXING_MODEL_SERVER_HOST:-onyx-indexing_model_server} + - S3_ENDPOINT_URL=${S3_ENDPOINT_URL:-http://onyx-minio:9000} - S3_AWS_ACCESS_KEY_ID=${S3_AWS_ACCESS_KEY_ID:-minioadmin} - S3_AWS_SECRET_ACCESS_KEY=${S3_AWS_SECRET_ACCESS_KEY:-minioadmin} # PRODUCTION: Uncomment the line below to use if IAM_AUTH is true and you are using iam auth for postgres @@ -124,7 +120,7 @@ services: - "host.docker.internal:host-gateway" # Optional, only for debugging purposes volumes: - - background_logs:/var/log/onyx + - onyx-background_logs:/var/log/onyx logging: driver: json-file options: @@ -140,36 +136,29 @@ services: # # Maps to the CA_CERT_PATH environment variable in the Dockerfile # - ${CA_CERT_PATH:-./custom-ca.crt}:/etc/ssl/certs/custom-ca.crt:ro - web_server: + onyx-web_server: image: ${ONYX_WEB_SERVER_IMAGE:-onyxdotapp/onyx-web-server:${IMAGE_TAG:-latest}} - build: - context: ../../web - dockerfile: Dockerfile - args: - - NEXT_PUBLIC_POSITIVE_PREDEFINED_FEEDBACK_OPTIONS=${NEXT_PUBLIC_POSITIVE_PREDEFINED_FEEDBACK_OPTIONS:-} - - NEXT_PUBLIC_NEGATIVE_PREDEFINED_FEEDBACK_OPTIONS=${NEXT_PUBLIC_NEGATIVE_PREDEFINED_FEEDBACK_OPTIONS:-} - - NEXT_PUBLIC_DISABLE_LOGOUT=${NEXT_PUBLIC_DISABLE_LOGOUT:-} - - NEXT_PUBLIC_DEFAULT_SIDEBAR_OPEN=${NEXT_PUBLIC_DEFAULT_SIDEBAR_OPEN:-} - - NEXT_PUBLIC_FORGOT_PASSWORD_ENABLED=${NEXT_PUBLIC_FORGOT_PASSWORD_ENABLED:-} - # Enterprise Edition only - - NEXT_PUBLIC_THEME=${NEXT_PUBLIC_THEME:-} - # DO NOT TURN ON unless you have EXPLICIT PERMISSION from Onyx. - - NEXT_PUBLIC_DO_NOT_USE_TOGGLE_OFF_DANSWER_POWERED=${NEXT_PUBLIC_DO_NOT_USE_TOGGLE_OFF_DANSWER_POWERED:-false} - - NODE_OPTIONS=${NODE_OPTIONS:-"--max-old-space-size=4096"} env_file: - path: .env required: false depends_on: - - api_server + - onyx-api_server restart: unless-stopped + expose: + - "3000" environment: - - INTERNAL_URL=${INTERNAL_URL:-http://api_server:8080} + - INTERNAL_URL=${INTERNAL_URL:-http://onyx-api_server:8080} + - NEXT_PUBLIC_POSITIVE_PREDEFINED_FEEDBACK_OPTIONS=${NEXT_PUBLIC_POSITIVE_PREDEFINED_FEEDBACK_OPTIONS:-} + - NEXT_PUBLIC_NEGATIVE_PREDEFINED_FEEDBACK_OPTIONS=${NEXT_PUBLIC_NEGATIVE_PREDEFINED_FEEDBACK_OPTIONS:-} + - NEXT_PUBLIC_DISABLE_LOGOUT=${NEXT_PUBLIC_DISABLE_LOGOUT:-} + - NEXT_PUBLIC_DEFAULT_SIDEBAR_OPEN=${NEXT_PUBLIC_DEFAULT_SIDEBAR_OPEN:-} + - NEXT_PUBLIC_FORGOT_PASSWORD_ENABLED=${NEXT_PUBLIC_FORGOT_PASSWORD_ENABLED:-} + - NEXT_PUBLIC_THEME=${NEXT_PUBLIC_THEME:-} + - NEXT_PUBLIC_DO_NOT_USE_TOGGLE_OFF_DANSWER_POWERED=${NEXT_PUBLIC_DO_NOT_USE_TOGGLE_OFF_DANSWER_POWERED:-true} + - NODE_OPTIONS=${NODE_OPTIONS:-"--max-old-space-size=4096"} - mcp_server: + onyx-mcp_server: image: ${ONYX_BACKEND_IMAGE:-onyxdotapp/onyx-backend:${IMAGE_TAG:-latest}} - build: - context: ../../backend - dockerfile: Dockerfile command: > /bin/sh -c "if [ \"${MCP_SERVER_ENABLED:-}\" != \"True\" ] && [ \"${MCP_SERVER_ENABLED:-}\" != \"true\" ]; then echo 'MCP server is disabled (MCP_SERVER_ENABLED=false), skipping...'; @@ -181,18 +170,18 @@ services: - path: .env required: false depends_on: - - relational_db - - cache + - onyx-relational_db + - onyx-cache restart: "no" environment: - - POSTGRES_HOST=${POSTGRES_HOST:-relational_db} - - REDIS_HOST=${REDIS_HOST:-cache} + - POSTGRES_HOST=${POSTGRES_HOST:-onyx-relational_db} + - REDIS_HOST=${REDIS_HOST:-onyx-cache} # MCP Server Configuration - MCP_SERVER_ENABLED=${MCP_SERVER_ENABLED:-false} - MCP_SERVER_PORT=${MCP_SERVER_PORT:-8090} - MCP_SERVER_CORS_ORIGINS=${MCP_SERVER_CORS_ORIGINS:-} - API_SERVER_PROTOCOL=${API_SERVER_PROTOCOL:-http} - - API_SERVER_HOST=${API_SERVER_HOST:-api_server} + - API_SERVER_HOST=${API_SERVER_HOST:-onyx-api_server} - API_SERVER_PORT=${API_SERVER_PORT:-8080} extra_hosts: - "host.docker.internal:host-gateway" @@ -203,13 +192,10 @@ services: max-file: "6" # Optional, only for debugging purposes volumes: - - mcp_server_logs:/var/log/onyx + - onyx-mcp_server_logs:/var/log/onyx - inference_model_server: + onyx-inference_model_server: image: ${ONYX_MODEL_SERVER_IMAGE:-onyxdotapp/onyx-model-server:${IMAGE_TAG:-latest}} - build: - context: ../../backend - dockerfile: Dockerfile.model_server # GPU Support: Uncomment the following lines to enable GPU support # Requires nvidia-container-toolkit to be installed on the host # deploy: @@ -232,20 +218,17 @@ services: restart: unless-stopped volumes: # Not necessary, this is just to reduce download time during startup - - model_cache_huggingface:/app/.cache/huggingface/ + - onyx-model_cache_huggingface:/app/.cache/huggingface/ # Optional, only for debugging purposes - - inference_model_server_logs:/var/log/onyx + - onyx-inference_model_server_logs:/var/log/onyx logging: driver: json-file options: max-size: "50m" max-file: "6" - indexing_model_server: + onyx-indexing_model_server: image: ${ONYX_MODEL_SERVER_IMAGE:-onyxdotapp/onyx-model-server:${IMAGE_TAG:-latest}} - build: - context: ../../backend - dockerfile: Dockerfile.model_server # GPU Support: Uncomment the following lines to enable GPU support # Requires nvidia-container-toolkit to be installed on the host # deploy: @@ -270,16 +253,16 @@ services: - INDEXING_ONLY=True volumes: # Not necessary, this is just to reduce download time during startup - - indexing_huggingface_model_cache:/app/.cache/huggingface/ + - onyx-indexing_huggingface_model_cache:/app/.cache/huggingface/ # Optional, only for debugging purposes - - indexing_model_server_logs:/var/log/onyx + - onyx-indexing_model_server_logs:/var/log/onyx logging: driver: json-file options: max-size: "50m" max-file: "6" - relational_db: + onyx-relational_db: image: postgres:15.2-alpine shm_size: 1g command: -c 'max_connections=250' @@ -297,10 +280,10 @@ services: # ports: # - "5432:5432" volumes: - - db_volume:/var/lib/postgresql/data + - onyx-db_volume:/var/lib/postgresql/data # This container name cannot have an underscore in it due to Vespa expectations of the URL - index: + onyx-index: image: vespaengine/vespa:8.609.39 restart: unless-stopped env_file: @@ -315,54 +298,14 @@ services: # - "19071:19071" # - "8081:8081" volumes: - - vespa_volume:/opt/vespa/var + - onyx-vespa_volume:/opt/vespa/var logging: driver: json-file options: max-size: "50m" max-file: "6" - nginx: - image: nginx:1.25.5-alpine - restart: unless-stopped - # nginx will immediately crash with `nginx: [emerg] host not found in upstream` - # if api_server / web_server are not up - depends_on: - - api_server - - web_server - env_file: - - path: .env - required: false - environment: - - DOMAIN=localhost - # Nginx proxy timeout settings (in seconds) - - NGINX_PROXY_CONNECT_TIMEOUT=${NGINX_PROXY_CONNECT_TIMEOUT:-300} - - NGINX_PROXY_SEND_TIMEOUT=${NGINX_PROXY_SEND_TIMEOUT:-300} - - NGINX_PROXY_READ_TIMEOUT=${NGINX_PROXY_READ_TIMEOUT:-300} - ports: - - "${HOST_PORT_80:-80}:80" - - "${HOST_PORT:-3000}:80" # allow for localhost:3000 usage, since that is the norm - volumes: - - ../data/nginx:/etc/nginx/conf.d - # PRODUCTION: Add SSL certificate volumes for HTTPS support: - # - ../data/certbot/conf:/etc/letsencrypt - # - ../data/certbot/www:/var/www/certbot - logging: - driver: json-file - options: - max-size: "50m" - max-file: "6" - # The specified script waits for the api_server to start up. - # Without this we've seen issues where nginx shows no error logs but - # does not receive any traffic - # NOTE: we have to use dos2unix to remove Carriage Return chars from the file - # in order to make this work on both Unix-like systems and windows - # PRODUCTION: Change to app.conf.template.prod for production nginx config - command: > - /bin/sh -c "dos2unix /etc/nginx/conf.d/run-nginx.sh - && /etc/nginx/conf.d/run-nginx.sh app.conf.template" - - cache: + onyx-cache: image: redis:7.4-alpine restart: unless-stopped # DEV: To expose ports, either: @@ -380,7 +323,7 @@ services: tmpfs: - /data - minio: + onyx-minio: image: minio/minio:RELEASE.2025-07-23T15-54-02Z-cpuv1 restart: unless-stopped # DEV: To expose ports, either: @@ -398,7 +341,7 @@ services: # Note: we've seen the default bucket creation logic not work in some cases MINIO_DEFAULT_BUCKETS: ${S3_FILE_STORE_BUCKET_NAME:-onyx-file-store-bucket} volumes: - - minio_data:/data + - onyx-minio_data:/data command: server /data --console-address ":9001" healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] @@ -406,7 +349,7 @@ services: timeout: 20s retries: 3 - code-interpreter: + onyx-code-interpreter: image: onyxdotapp/code-interpreter:${CODE_INTERPRETER_IMAGE_TAG:-latest} entrypoint: ["/bin/bash", "-c"] command: > @@ -447,15 +390,15 @@ services: volumes: # Necessary for persisting data for use - db_volume: - vespa_volume: # Created by the container itself - minio_data: + onyx-db_volume: + onyx-vespa_volume: # Created by the container itself + onyx-minio_data: # Caches to prevent re-downloading models, not strictly necessary - model_cache_huggingface: - indexing_huggingface_model_cache: + onyx-model_cache_huggingface: + onyx-indexing_huggingface_model_cache: # Logs preserved across container restarts - api_server_logs: - background_logs: - mcp_server_logs: - inference_model_server_logs: - indexing_model_server_logs: + onyx-api_server_logs: + onyx-background_logs: + onyx-mcp_server_logs: + onyx-inference_model_server_logs: + onyx-indexing_model_server_logs: diff --git a/env.template b/env.template index 166d0a0..f4857cb 100644 --- a/env.template +++ b/env.template @@ -54,7 +54,7 @@ POSTGRES_PASSWORD=password # DB_READONLY_PASSWORD= ## MinIO/S3 Configuration -S3_ENDPOINT_URL=http://minio:9000 +S3_ENDPOINT_URL=http://onyx-minio:9000 S3_AWS_ACCESS_KEY_ID=minioadmin S3_AWS_SECRET_ACCESS_KEY=minioadmin S3_FILE_STORE_BUCKET_NAME=onyx-file-store-bucket @@ -223,9 +223,17 @@ LOG_INDIVIDUAL_MODEL_TOKENS=False # NEXT_PUBLIC_CUSTOM_REFRESH_URL= ## Pointer to services -POSTGRES_HOST=relational_db -VESPA_HOST=index -REDIS_HOST=cache -MODEL_SERVER_HOST=inference_model_server -INDEXING_MODEL_SERVER_HOST=indexing_model_server -INTERNAL_URL=http://api_server:8080 +POSTGRES_HOST=onyx-relational_db +VESPA_HOST=onyx-index +REDIS_HOST=onyx-cache +MODEL_SERVER_HOST=onyx-inference_model_server +INDEXING_MODEL_SERVER_HOST=onyx-indexing_model_server +INTERNAL_URL=http://onyx-api_server:8080 + +## Traefik / Coolify routing +# Hostname (no scheme) Traefik should route to, e.g. onyx.example.com +TRAEFIK_HOSTNAME=onyx.example.com +# Comma separated entrypoints that Coolify/Traefik exposes (usually websecure) +TRAEFIK_ENTRYPOINTS=websecure +# Optional cert resolver name inside Traefik +TRAEFIK_CERT_RESOLVER=coolify