docker-compose.coolify.yml

# =============================================================================
# RabbitMQ - Coolify Deployment
# =============================================================================
# Deploy via the Coolify UI with this compose file. Coolify generates the
# Traefik routers automatically from the per-service domain you configure in
# the dashboard — this file only exposes the right port and declares secrets.
#
# Configure in Coolify (Service → Configuration):
#   - rabbitmq → Domain = ${CONSOLE_HOSTNAME}  Port = 15672   (Management UI)
#
# AMQP / AMQPS are raw TCP — map ${PORT_AMQP}/${PORT_AMQPS} via Coolify's
# port mapping (or expose the host directly).
#
# Required env vars (set in the Coolify dashboard):
#   RABBITMQ_ADMIN_PASSWORD, RABBITMQ_ERLANG_COOKIE, CONSOLE_HOSTNAME
# Optional: APP_USER/APP_PASSWORD, MONITORING_USER/MONITORING_PASSWORD,
#           sizing knobs, RABBITMQ_ENABLE_* protocol toggles.
# =============================================================================


### Service Templates ###
x-logging: &logging
  logging:
    driver: json-file
    options:
      max-size: "50m"
      max-file: "3"


services:
### Message Broker ###
  rabbitmq:
    image: ${RABBITMQ_IMAGE:-ghcr.io/bauer-group/cs-rabbitmq/rabbitmq}:${RABBITMQ_IMAGE_VERSION:-latest}
    container_name: ${STACK_NAME:-rabbitmq}_SERVER
    hostname: ${RABBITMQ_NODE_HOSTNAME:-rabbitmq}
    restart: unless-stopped
    <<: *logging
    # No hard mem_limit by design: a cgroup cap OOM-kills (SIGKILL) the broker on
    # a transient spike. Memory is bounded at the application level via
    # vm_memory_high_watermark.absolute (graceful publisher back-pressure).
    environment:
      - TZ=${TIME_ZONE:-Etc/UTC}
      # Bootstrap admin (defining a default user means 'guest' is never created)
      - RABBITMQ_DEFAULT_USER=${RABBITMQ_ADMIN_USER:-admin}
      - RABBITMQ_DEFAULT_PASS=${RABBITMQ_ADMIN_PASSWORD}
      - RABBITMQ_DEFAULT_VHOST=/
      - RABBITMQ_ERLANG_COOKIE=${RABBITMQ_ERLANG_COOKIE}
      # TLS (self-signed by default — Coolify terminates HTTPS for the UI)
      - RABBITMQ_TLS_MODE=${RABBITMQ_TLS_MODE:-selfsigned}
      - RABBITMQ_TLS_CN=${AMQP_HOSTNAME:-${RABBITMQ_NODE_HOSTNAME:-rabbitmq}}
      - RABBITMQ_SSL_VERIFY=${RABBITMQ_SSL_VERIFY:-verify_none}
      - RABBITMQ_SSL_FAIL_IF_NO_PEER_CERT=${RABBITMQ_SSL_FAIL_IF_NO_PEER_CERT:-false}
      # Tuning (sizing presets — see .env.example)
      - RABBITMQ_LOG_LEVEL=${RABBITMQ_LOG_LEVEL:-info}
      - RABBITMQ_VM_MEMORY_HIGH_WATERMARK=${RABBITMQ_VM_MEMORY_HIGH_WATERMARK:-2GB}
      - RABBITMQ_DISK_FREE_LIMIT=${RABBITMQ_DISK_FREE_LIMIT:-2GB}
      - RABBITMQ_CHANNEL_MAX=${RABBITMQ_CHANNEL_MAX:-2048}
      - RABBITMQ_FRAME_MAX=${RABBITMQ_FRAME_MAX:-131072}
      - RABBITMQ_MAX_MESSAGE_SIZE=${RABBITMQ_MAX_MESSAGE_SIZE:-268435456}
      - RABBITMQ_HEARTBEAT=${RABBITMQ_HEARTBEAT:-60}
      - RABBITMQ_CONSUMER_TIMEOUT=${RABBITMQ_CONSUMER_TIMEOUT:-1800000}
      - RABBITMQ_DEFAULT_QUEUE_TYPE=${RABBITMQ_DEFAULT_QUEUE_TYPE:-quorum}
      # Optional protocols (off by default)
      - RABBITMQ_ENABLE_MQTT=${RABBITMQ_ENABLE_MQTT:-false}
      - RABBITMQ_ENABLE_WEB_MQTT=${RABBITMQ_ENABLE_WEB_MQTT:-false}
      - RABBITMQ_ENABLE_STOMP=${RABBITMQ_ENABLE_STOMP:-false}
      - RABBITMQ_ENABLE_WEB_STOMP=${RABBITMQ_ENABLE_WEB_STOMP:-false}
    ports:
      # Raw TCP AMQP/AMQPS (map via Coolify or expose on host)
      - "${PORT_AMQP:-5672}:5672"
      - "${PORT_AMQPS:-5671}:5671"
    expose:
      # Coolify routes ${CONSOLE_HOSTNAME} -> 15672 from the dashboard
      - 15672/tcp
      - 15692/tcp
    volumes:
      - rabbitmq-data:/var/lib/rabbitmq
      - rabbitmq-certs:/etc/rabbitmq/certs
    healthcheck:
      # start_period absorbs the cold boot; interval/retries govern only
      # steady-state failure detection (3 x 30s).
      test: ["CMD", "rabbitmq-diagnostics", "-q", "ping"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 60s

### Initialization (runs on every start, idempotent) ###
  rabbitmq-init:
    image: ${RABBITMQ_INIT_IMAGE:-ghcr.io/bauer-group/cs-rabbitmq/rabbitmq-init}:${RABBITMQ_INIT_VERSION:-latest}
    container_name: ${STACK_NAME:-rabbitmq}_INIT
    restart: "no"
    <<: *logging
    environment:
      - TZ=${TIME_ZONE:-Etc/UTC}
      - RABBITMQ_MGMT_URL=http://rabbitmq:15672
      - RABBITMQ_ADMIN_USER=${RABBITMQ_ADMIN_USER:-admin}
      - RABBITMQ_ADMIN_PASSWORD=${RABBITMQ_ADMIN_PASSWORD}
      - RABBITMQ_WAIT_TIMEOUT=${RABBITMQ_WAIT_TIMEOUT:-120}
      - APP_USER=${APP_USER:-app}
      - APP_PASSWORD=${APP_PASSWORD:-app}
      - MONITORING_USER=${MONITORING_USER:-metrics}
      - MONITORING_PASSWORD=${MONITORING_PASSWORD:-metrics}
    volumes:
      # Topology on a named volume, seeded with the demo (vhost/queue/user
      # "demo") on first boot and editable at runtime. In Coolify, edit
      # /config/init.json via the file browser, OR override it with a Coolify
      # File Mount to /config/init.json (content managed in the Coolify UI).
      - rabbitmq-config:/config
    # service_started (not service_healthy): the init runs its own readiness
    # poll (wait_for_rabbitmq), so it starts with the broker container and waits
    # internally — a long cold boot (cert-gen + quorum init) can't abort it via
    # the compose health gate. The broker healthcheck still serves humans/monitoring.
    depends_on:
      rabbitmq:
        condition: service_started


### Volumes ###
volumes:
  rabbitmq-data:
    driver: local
    name: ${STACK_NAME:-rabbitmq}-data
  rabbitmq-certs:
    driver: local
    name: ${STACK_NAME:-rabbitmq}-certs
  rabbitmq-config:
    driver: local
    name: ${STACK_NAME:-rabbitmq}-config