bob/Operation-Blue-Laminate-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
94177f9a8c0270941bbb714a5de405f940f37801
Operation-Blue-Laminate-v2/docker-compose.yml
bob 94177f9a8c Fix worker proxy relay leak and enable noVNC under --scale 
_relay waited for both pipe directions (gather), leaking a task holding two sockets on every half-closed tunnel — visible as a flood of pending-task lines under load. Tear the tunnel down when either side closes (FIRST_COMPLETED + close both writers), matching the .NET LocalForwardingProxy's WhenAny. Also move the worker's noVNC to an ephemeral host port so replicas don't collide under 'docker compose up --scale worker=N'.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-31 15:12:51 -05:00

53 lines
2.3 KiB
YAML
Raw Blame History

# One-command startup for the cs.money scraper control plane + worker.
# Postgres is external (runs independently on the host); the C2 connects to it via
# host.docker.internal and auto-applies EF migrations on boot.
#
# docker compose up --build
#
# Scale workers (drop the worker `ports:` first — noVNC can't share one host port):
# docker compose up --build --scale worker=10
# Each worker mints its own IPRoyal sticky session at startup, so every replica gets a
# distinct residential exit IP. Set IPROYAL_USERNAME / IPROYAL_PASSWORD (e.g. in a .env
# file next to this compose file) to turn the proxy on.
services:
c2:
build:
context: .
dockerfile: BlueLaminate/BlueLaminate.C2/Dockerfile
environment:
# Point at the host's Postgres. Override the whole string for auth/host changes.
ConnectionStrings__SkinTracker: ${SKINTRACKER_CONN:-Host=host.docker.internal;Port=5432;Database=skintracker;Username=postgres}
WorkerToken: ${WORKER_TOKEN:-dev-worker-token}
MaxPagesPerJob: ${MAX_PAGES_PER_JOB:-60}
ports:
- "5080:5080"
extra_hosts:
# Lets the container resolve the host's Postgres on Linux too (no-op on Desktop).
- "host.docker.internal:host-gateway"
restart: unless-stopped
worker:
build:
context: .
dockerfile: worker/Dockerfile
environment:
C2_URL: http://c2:5080
WORKER_TOKEN: ${WORKER_TOKEN:-dev-worker-token}
# IPRoyal residential proxy: each replica self-assigns a unique sticky session
# (= unique exit IP). Auth is injected by an in-process forwarder, so no sidecar.
IPROYAL_USERNAME: ${IPROYAL_USERNAME:-}
IPROYAL_PASSWORD: ${IPROYAL_PASSWORD:-}
IPROYAL_COUNTRY: ${IPROYAL_COUNTRY:-us}
IPROYAL_LIFETIME_MIN: ${IPROYAL_LIFETIME_MIN:-60}
PROXY: ${PROXY:-} # auth-free host:port fallback (used only when IPRoyal creds are unset)
SOLVE_SECONDS: ${SOLVE_SECONDS:-45}
LOAD_IMAGES: ${LOAD_IMAGES:-} # set to 1 to re-enable images (debugging)
depends_on:
- c2
ports:
# Ephemeral host port so replicas don't collide under --scale. Find a worker's
# noVNC with `docker compose port worker 6080` (or `docker ps`), then open
# http://localhost:<mapped>/vnc.html to watch / solve a challenge.
- "6080"
restart: unless-stopped
Reference in New Issue View Git Blame Copy Permalink