Mirrors/dagu
1
0
Fork 0
mirror of https://github.com/dagu-org/dagu.git synced 2025-12-28 06:34:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
main
dagu/deploy/docker/compose.prod.yaml
Yota Hamada d4b8484ca8
feat(all): implement builtin user management feature (#1463) 
* **New Features**
* Built-in RBAC auth with JWT login, token handling, and user lifecycle
APIs (list/create/view/update/delete, reset/change password).
* **UI**
* Login flow, protected routes, Users management page,
change/reset-password modals, user menu and role-aware navigation.
* **Behavior**
* v1 routes disabled when auth enabled; runtime config exposes authMode
and usersDir; client persists auth token.
* **Documentation**
  * Added builtin auth docs and new env/config options.
* **Tests**
* Extensive tests for auth service, file-backed store, and API handlers.
2025-12-09 18:09:11 +09:00

147 lines
4.3 KiB
YAML
Raw Permalink Blame History

# Example production Docker Compose setup for Dagu with OpenTelemetry, Prometheus, and Grafana
version: "3.9"
services:
# OpenTelemetry stack for tracing (from docs/features/opentelemetry-testing.md)
jaeger:
image: jaegertracing/all-in-one:latest
networks: [dagu-net]
ports:
- "16686:16686" # Jaeger UI
- "14250:14250" # gRPC ingest
otel-collector:
image: otel/opentelemetry-collector:latest
command: ["--config=/etc/otel-collector.yaml"]
volumes:
- ./otel-collector.yaml:/etc/otel-collector.yaml:ro
ports:
- "4317:4317" # OTLP gRPC
- "4318:4318" # OTLP HTTP
depends_on:
- jaeger
networks: [dagu-net]
# Prometheus: scrapes metrics from OTel Collector and Dagu server
prometheus:
image: prom/prometheus:latest
volumes:
- ./prometheus.yaml:/etc/prometheus/prometheus.yml:ro
ports:
- "9090:9090"
depends_on:
- otel-collector
- dagu-server
networks: [dagu-net]
# Dagu control-plane: Coordinator (gRPC) for distributed workers
dagu-coordinator:
image: ghcr.io/dagu-org/dagu:latest
command: ["dagu", "coordinator"]
environment:
# Peer config: insecure by default; set TLS envs if needed
- DAGU_PEER_INSECURE=true
# Bind and advertise on container IP/DNS so workers can reach it
- DAGU_COORDINATOR_HOST=dagu-coordinator
- DAGU_COORDINATOR_PORT=50055
ports:
- "50055:50055"
volumes:
- dagu-data:/var/lib/dagu
- ./dags:/var/lib/dagu/dags:ro
networks: [dagu-net]
# Dagu scheduler service (reads DAGs and enqueues runs)
dagu-scheduler:
image: ghcr.io/dagu-org/dagu:latest
command: ["dagu", "scheduler"]
environment:
- DAGU_COORDINATOR_HOST=dagu-coordinator
- DAGU_COORDINATOR_PORT=50055
- DAGU_SCHEDULER_PORT=8090
- DAGU_DAGS_DIR=/var/lib/dagu/dags
# Optional: set timezone, logging, etc
# - DAGU_TZ=UTC
# - DAGU_LOG_FORMAT=json
depends_on:
- dagu-coordinator
ports:
- "8090:8090" # Scheduler health
volumes:
- dagu-data:/var/lib/dagu
- ./dags:/var/lib/dagu/dags:ro
networks: [dagu-net]
# Dagu web UI / API server
dagu-server:
image: ghcr.io/dagu-org/dagu:latest
command: ["dagu", "server"]
environment:
- DAGU_COORDINATOR_HOST=dagu-coordinator
- DAGU_COORDINATOR_PORT=50055
- DAGU_HOST=0.0.0.0
- DAGU_PORT=8080
- DAGU_DAGS_DIR=/var/lib/dagu/dags
# Builtin authentication (RBAC) - CHANGE TOKEN_SECRET IN PRODUCTION
- DAGU_AUTH_MODE=builtin
- DAGU_AUTH_TOKEN_SECRET=CHANGE_ME_TO_A_SECURE_RANDOM_STRING
# Admin credentials: password auto-generated on first run, printed to stdout
# - DAGU_AUTH_ADMIN_USERNAME=admin # default is 'admin'
# - DAGU_AUTH_ADMIN_PASSWORD= # set to use a specific password
# - DAGU_AUTH_TOKEN_TTL=24h # default is 24h
# If behind a proxy, set base path
# - DAGU_BASE_PATH=/dagu
depends_on:
- dagu-scheduler
- dagu-coordinator
ports:
- "8080:8080"
volumes:
- dagu-data:/var/lib/dagu
- ./dags:/var/lib/dagu/dags:ro
networks: [dagu-net]
# Dagu worker (polls coordinator and executes tasks)
dagu-worker:
image: ghcr.io/dagu-org/dagu:latest
command: ["dagu", "worker"]
environment:
- DAGU_COORDINATOR_HOST=dagu-coordinator
- DAGU_COORDINATOR_PORT=50055
# Optional worker tuning and labels
# - DAGU_WORKER_MAX_ACTIVE_RUNS=100
# - DAGU_WORKER_LABELS=region=us-east-1,instance-type=m5.large
# OTel: point DAGs to collector via per-DAG otel.endpoint: "otel-collector:4317"
depends_on:
- dagu-coordinator
volumes:
- dagu-data:/var/lib/dagu
# Workers typically don't need DAG definitions, but sharing is harmless
- ./dags:/var/lib/dagu/dags:ro
networks: [dagu-net]
# Grafana: visualize Prometheus metrics
grafana:
image: grafana/grafana:latest
ports:
- "3000:3000"
environment:
- GF_SECURITY_ADMIN_USER=admin
- GF_SECURITY_ADMIN_PASSWORD=admin
depends_on:
- prometheus
volumes:
- grafana-data:/var/lib/grafana
- ./grafana/provisioning:/etc/grafana/provisioning:ro
networks: [dagu-net]
volumes:
dagu-data:
driver: local
grafana-data:
driver: local
networks:
dagu-net:
driver: bridge
Reference in New Issue View Git Blame Copy Permalink