Gandalf/sofarr
1
0
Fork 0
Code Issues 1 Pull Requests Actions 1 Packages Projects Releases 15 Wiki Activity
Files
49327cf9ae5d280a67f751282acebd69af31a542
sofarr/docker-compose.yaml
Gronod 49327cf9ae
Some checks failed
Build and Push Docker Image / build (push) Failing after 42s
Details
CI / Security audit (push) Has been cancelled
Details
fix(docker): switch alpine to node:22-slim for pre-built better-sqlite3 
Alpine uses musl libc; better-sqlite3 has no pre-built musl binaries so
it always compiles from source (installs 300 MB of gcc/g++/python3,
takes 3-5 min). node:22-slim (Debian) has glibc so prebuild-install
downloads a pre-built binary instead — build stays under 1 minute.

Changes:
- Both stages: node:22-alpine -> node:22-slim
- deps stage: remove apk/build-tool installation (not needed)
- runtime stage: remove apk libstdc++ install (present in debian-slim)
- HEALTHCHECK: wget -> node built-in http (wget absent from debian-slim)
- docker-compose.yaml: same healthcheck fix
2026-05-17 07:10:41 +01:00

46 lines
2.0 KiB
YAML
Raw Blame History

services:
sofarr:
image: docker.i3omb.com/sofarr:latest
container_name: sofarr
restart: unless-stopped
ports:
- "127.0.0.1:3001:3001" # bind to loopback only — expose via reverse proxy
environment:
- PORT=3001
- NODE_ENV=production
- LOG_LEVEL=info
# Set to 1 when running behind a reverse proxy (Nginx, Caddy, Traefik)
# so Express trusts X-Forwarded-For and X-Forwarded-Proto headers.
- TRUST_PROXY=1
# --- Replace placeholders with real values or use Docker secrets ---
- COOKIE_SECRET=change-me-generate-with-openssl-rand-hex-32
- EMBY_URL=https://emby.example.com
- EMBY_API_KEY=your-emby-api-key
- SONARR_INSTANCES=[{"name":"main","url":"https://sonarr.example.com","apiKey":"your-sonarr-api-key"}]
- RADARR_INSTANCES=[{"name":"main","url":"https://radarr.example.com","apiKey":"your-radarr-api-key"}]
- SABNZBD_INSTANCES=[{"name":"main","url":"https://sabnzbd.example.com","apiKey":"your-sabnzbd-api-key"}]
- QBITTORRENT_INSTANCES=[{"name":"main","url":"https://qbittorrent.example.com","username":"admin","password":"your-password"}]
volumes:
# Persistent volume for SQLite token store and log file
- sofarr-data:/app/data
# Run as the built-in non-root 'node' user (UID/GID 1000)
user: "1000:1000"
# Read-only root filesystem; only the data volume is writable
read_only: true
tmpfs:
- /tmp # Node.js needs a writable /tmp
security_opt:
- no-new-privileges:true # prevent privilege escalation via setuid binaries
cap_drop:
- ALL # drop all Linux capabilities
cap_add: [] # add back none — Node.js needs no special caps
healthcheck:
test: ["CMD", "node", "-e", "require('http').get('http://localhost:3001/health',r=>{process.exit(r.statusCode===200?0:1)}).on('error',()=>process.exit(1))"]
interval: 30s
timeout: 5s
retries: 3
start_period: 10s
volumes:
sofarr-data:
Reference in New Issue View Git Blame Copy Permalink