a44df81b71
The acme-companion on the production host doesn't accept comma-separated VIRTUAL_HOST / LETSENCRYPT_HOST values, so cert issuance was failing for the combined `nibiru-framework.com,www.nibiru-framework.com` entry. docker-compose.yml — now defines two services sharing the same image: - docs → VIRTUAL_HOST=nibiru-framework.com (apex) - docs-www → VIRTUAL_HOST=www.nibiru-framework.com (built once, reused) A YAML anchor (x-docs-shared-env) keeps the Oracle/LLM/Anthropic config in lockstep so the two containers can never drift. docs/nginx/vhost.d/ — per-host nginx-proxy overrides applied at the location-block level by jwilder/nginx-proxy. Both files set: - X-Forwarded-* trust + buffering off (Oracle SSE streaming) - HSTS / X-Content-Type / X-Frame / Referrer-Policy / Permissions-Policy - gzip with the right MIME set for Astro/Starlight assets - Aggressive cache on /_astro/ (immutable hashed bundles) - 30-day cache on images/fonts - no-store on /sw.js (so PWA updates land) - 24-hour cache on /llms.txt for AI crawlers docs/nginx/README.md explains how to mount these into an existing nginx-proxy (bind-mount + reload, or bake into the proxy image). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
106 lines
3.8 KiB
YAML
106 lines
3.8 KiB
YAML
# =============================================================================
|
|
# Nibiru docs site — production compose for jwilder/nginx-proxy
|
|
#
|
|
# Two containers: one for the apex domain, one for the www. variant.
|
|
# jwilder/nginx-proxy + acme-companion don't accept comma-separated values
|
|
# on this host, so each hostname needs its own container with a single
|
|
# VIRTUAL_HOST + LETSENCRYPT_HOST. Both serve identical content from the
|
|
# same image.
|
|
#
|
|
# Default LLM backend: Ollama at https://api.neuronetz.ai (your own
|
|
# instance). No paid API keys required for normal operation.
|
|
#
|
|
# Prereqs (one-time, on the host):
|
|
# docker network create nginx-proxy
|
|
#
|
|
# Bring up:
|
|
# docker compose up -d --build
|
|
#
|
|
# Update after a docs change:
|
|
# git pull && docker compose up -d --build
|
|
# =============================================================================
|
|
|
|
# Shared environment block — referenced by both services via YAML anchors so
|
|
# the Oracle/LLM/Anthropic config stays in lockstep across the two domains.
|
|
x-docs-shared-env: &docs-shared-env
|
|
# --- Oracle: LLM provider (default = your own Ollama on neuronetz.ai) ---
|
|
LLM_PROVIDER: ${LLM_PROVIDER:-ollama}
|
|
OLLAMA_BASE_URL: ${OLLAMA_BASE_URL:-https://api.neuronetz.ai}
|
|
OLLAMA_CHAT_MODEL: ${OLLAMA_CHAT_MODEL:-qwen2.5-coder:14b}
|
|
OLLAMA_EMBED_MODEL: ${OLLAMA_EMBED_MODEL:-nomic-embed-text}
|
|
EMBED_PROVIDER: ${EMBED_PROVIDER:-ollama}
|
|
|
|
# --- Optional fallbacks (only used if LLM_PROVIDER=anthropic / EMBED_PROVIDER=openai) ---
|
|
ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY:-}
|
|
ANTHROPIC_MODEL: ${ANTHROPIC_MODEL:-claude-haiku-4-5-20251001}
|
|
OPENAI_API_KEY: ${OPENAI_API_KEY:-}
|
|
OPENAI_EMBED_MODEL: ${OPENAI_EMBED_MODEL:-text-embedding-3-small}
|
|
|
|
ORACLE_TOP_K: ${ORACLE_TOP_K:-6}
|
|
ORACLE_MAX_TOKENS: ${ORACLE_MAX_TOKENS:-800}
|
|
|
|
HOST: 0.0.0.0
|
|
PORT: "4321"
|
|
|
|
# Healthcheck shared between both containers.
|
|
x-docs-healthcheck: &docs-healthcheck
|
|
test: ["CMD", "wget", "--quiet", "--spider", "http://127.0.0.1:4321/"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 20s
|
|
|
|
services:
|
|
# --- Apex: nibiru-framework.com -------------------------------------------
|
|
# Builds the image once. The www service below reuses the same tag.
|
|
docs:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
args:
|
|
# Used at build time only — to embed docs into the Oracle index.
|
|
OLLAMA_BASE_URL: ${OLLAMA_BASE_URL:-https://api.neuronetz.ai}
|
|
OLLAMA_EMBED_MODEL: ${OLLAMA_EMBED_MODEL:-nomic-embed-text}
|
|
EMBED_PROVIDER: ${EMBED_PROVIDER:-ollama}
|
|
image: nibiru-framework/docs:latest
|
|
container_name: nibiru-docs
|
|
restart: unless-stopped
|
|
expose:
|
|
- "4321"
|
|
environment:
|
|
<<: *docs-shared-env
|
|
VIRTUAL_HOST: nibiru-framework.com
|
|
VIRTUAL_PORT: "4321"
|
|
VIRTUAL_PROTO: "http"
|
|
LETSENCRYPT_HOST: nibiru-framework.com
|
|
LETSENCRYPT_EMAIL: ${LETSENCRYPT_EMAIL:-stephan.kasdorf@bittomine.com}
|
|
healthcheck: *docs-healthcheck
|
|
networks:
|
|
- nginx-proxy
|
|
|
|
# --- www. variant: www.nibiru-framework.com -------------------------------
|
|
# Same image as `docs`. Started after `docs` so the build is reused (Docker
|
|
# would otherwise build it again from scratch).
|
|
docs-www:
|
|
image: nibiru-framework/docs:latest
|
|
container_name: nibiru-docs-www
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- docs
|
|
expose:
|
|
- "4321"
|
|
environment:
|
|
<<: *docs-shared-env
|
|
VIRTUAL_HOST: www.nibiru-framework.com
|
|
VIRTUAL_PORT: "4321"
|
|
VIRTUAL_PROTO: "http"
|
|
LETSENCRYPT_HOST: www.nibiru-framework.com
|
|
LETSENCRYPT_EMAIL: ${LETSENCRYPT_EMAIL:-stephan.kasdorf@bittomine.com}
|
|
healthcheck: *docs-healthcheck
|
|
networks:
|
|
- nginx-proxy
|
|
|
|
networks:
|
|
nginx-proxy:
|
|
external: true
|