services: postgres: image: pgvector/pgvector:pg17 environment: POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres POSTGRES_DB: postgres logging: driver: "json-file" options: max-size: "10m" max-file: "3" ports: - "5432:5432" volumes: - postgres_data:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U postgres"] interval: 3s timeout: 3s retries: 10 networks: - app-network redis: image: redis:7 ports: - "6379:6379" command: > --requirepass redissecret volumes: - redis_data:/data healthcheck: test: ["CMD", "redis-cli", "-a", "redissecret", "ping"] interval: 3s timeout: 10s retries: 10 networks: - app-network minio: image: minio/minio container_name: minio command: server /data --console-address ":9001" environment: MINIO_ROOT_USER: minioadmin MINIO_ROOT_PASSWORD: minioadmin MINIO_API_CORS_ALLOW_ORIGIN: "*" ports: - "127.0.0.1:9000:9000" # Bind to localhost explicitly - "127.0.0.1:9001:9001" volumes: - minio-data:/data healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 10s timeout: 5s retries: 5 networks: - app-network dograh-init: image: bash:5.2 container_name: dograh_init profiles: ["remote", "local-turn"] environment: ENVIRONMENT: "${ENVIRONMENT:-local}" SERVER_IP: "${SERVER_IP:-}" PUBLIC_HOST: "${PUBLIC_HOST:-}" PUBLIC_BASE_URL: "${PUBLIC_BASE_URL:-}" BACKEND_API_ENDPOINT: "${BACKEND_API_ENDPOINT:-http://localhost:8000}" MINIO_PUBLIC_ENDPOINT: "${MINIO_PUBLIC_ENDPOINT:-http://localhost:9000}" TURN_HOST: "${TURN_HOST:-}" TURN_SECRET: "${TURN_SECRET:-}" FASTAPI_WORKERS: "${FASTAPI_WORKERS:-1}" volumes: - ./scripts:/workspace/scripts:ro - ./deploy:/workspace/deploy:ro - ./certs:/certs:ro - nginx-generated:/generated/nginx - coturn-generated:/generated/coturn command: - /workspace/scripts/run_dograh_init.sh nginx: image: nginx:alpine container_name: nginx_https profiles: ["remote"] depends_on: dograh-init: condition: service_completed_successfully ui: condition: service_started ports: - "80:80" - "443:443" volumes: - nginx-generated:/etc/nginx/conf.d:ro - ./certs:/etc/nginx/certs:ro networks: - app-network coturn: image: coturn/coturn:4.8.0 container_name: coturn restart: unless-stopped profiles: ["remote", "local-turn"] depends_on: dograh-init: condition: service_completed_successfully ports: - "3478:3478/udp" - "3478:3478/tcp" - "5349:5349/udp" - "5349:5349/tcp" - "49152-49200:49152-49200/udp" volumes: - coturn-generated:/etc/coturn:ro command: - -c - /etc/coturn/turnserver.conf networks: - app-network api: image: ${REGISTRY:-dograhai}/dograh-api:latest volumes: - shared-tmp:/tmp environment: # Core application config ENVIRONMENT: "${ENVIRONMENT:-local}" LOG_LEVEL: "INFO" # Replace this environment variable if you are using a custom # domain to host the stack BACKEND_API_ENDPOINT: "${BACKEND_API_ENDPOINT:-http://localhost:8000}" # Database configuration (using containerized postgres) DATABASE_URL: "postgresql+asyncpg://postgres:postgres@postgres:5432/postgres" # Redis configuration (using containerized redis) REDIS_URL: "redis://:redissecret@redis:6379" # Storage configuration - using local MinIO ENABLE_AWS_S3: "false" # MinIO MINIO_ENDPOINT: "minio:9000" # Full URL (with scheme) browsers use to reach MinIO. For remote # deployments behind HTTPS, set MINIO_PUBLIC_ENDPOINT in .env to # e.g. https://your-server.example.com (nginx proxies /voice-audio/). MINIO_PUBLIC_ENDPOINT: "${MINIO_PUBLIC_ENDPOINT:-http://localhost:9000}" MINIO_ACCESS_KEY: "minioadmin" MINIO_SECRET_KEY: "minioadmin" MINIO_BUCKET: "voice-audio" MINIO_SECURE: "false" # Number of uvicorn worker processes (each is its own process bound to a # distinct port starting at 8000). dograh-init renders nginx upstreams # from this value and nginx load-balances across them with least_conn. FASTAPI_WORKERS: "${FASTAPI_WORKERS:-1}" # Langfuse — credentials can be set here or per-organization via the UI # at /settings. Tracing is automatically active when credentials are # available; uncomment to set defaults for all organizations. # LANGFUSE_SECRET_KEY: "" # LANGFUSE_PUBLIC_KEY: "" # LANGFUSE_HOST: "" # TURN server configuration (for WebRTC NAT traversal in remote server) # Uses time-limited credentials via TURN REST API (HMAC-SHA1) TURN_HOST: "${TURN_HOST:-}" TURN_SECRET: "${TURN_SECRET:-}" FORCE_TURN_RELAY: "${FORCE_TURN_RELAY:-false}" OSS_JWT_SECRET: "${OSS_JWT_SECRET:?OSS_JWT_SECRET must be set to a strong secret}" # Telemetry ENABLE_TELEMETRY: "${ENABLE_TELEMETRY:-true}" POSTHOG_API_KEY: "phc_ItizB1dP6yv7ZYobbcqrpxTdbomDA8hJFSEmAMdYvIr" POSTHOG_HOST: "https://us.i.posthog.com" ports: - "8000:8000" depends_on: postgres: condition: service_healthy redis: condition: service_healthy minio: condition: service_healthy cloudflared: condition: service_started healthcheck: test: [ "CMD-SHELL", 'python -c "import urllib.request; urllib.request.urlopen(''http://localhost:8000/api/v1/health'').read()"', ] interval: 30s timeout: 10s retries: 3 start_period: 60s networks: - app-network ui: image: ${REGISTRY:-dograhai}/dograh-ui:latest environment: # Server-side URL (SSR, internal Docker network) BACKEND_URL: "${BACKEND_URL:-http://api:8000}" NODE_ENV: "oss" # Flag to enable/ disable posthog ENABLE_TELEMETRY: "${ENABLE_TELEMETRY:-true}" # Posthog POSTHOG_KEY: "phc_ItizB1dP6yv7ZYobbcqrpxTdbomDA8hJFSEmAMdYvIr" POSTHOG_HOST: "https://us.posthog.com" ports: - "3010:3010" depends_on: api: condition: service_healthy healthcheck: test: [ "CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:3010 || exit 1", ] interval: 30s timeout: 10s retries: 3 start_period: 30s networks: - app-network cloudflared: image: cloudflare/cloudflared:latest container_name: cloudflared-tunnel command: tunnel --no-autoupdate --url http://api:8000 --metrics 0.0.0.0:2000 ports: - "2000:2000" # Expose metrics endpoint networks: - app-network volumes: postgres_data: redis_data: minio-data: driver: local shared-tmp: driver: local nginx-generated: driver: local coturn-generated: driver: local networks: app-network: driver: bridge