-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
82 lines (71 loc) · 2.92 KB
/
Copy pathdocker-compose.yml
File metadata and controls
82 lines (71 loc) · 2.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# Single-node Elasticsearch for LOCAL DEVELOPMENT only.
# - Security disabled (dev mode), no Kibana, no clustering, no ML.
# - Reachable from a host-local NestJS process at http://localhost:9200.
# See README.md and docs/ before running.
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0
container_name: elasticsearch
restart: unless-stopped
environment:
# --- Single node, no clustering ---
- discovery.type=single-node
# --- Dev mode: security OFF so http://localhost:9200 works with no TLS/auth ---
- xpack.security.enabled=false
# --- Disable ML features (saves memory, not needed for dev) ---
- xpack.ml.enabled=false
# --- JVM heap fixed at 1GB (min == max, recommended by Elastic) ---
- "ES_JAVA_OPTS=-Xms1g -Xmx1g"
# --- Lock heap into RAM to avoid swapping (keeps the host responsive) ---
- bootstrap.memory_lock=true
# --- Match thread pools to the CPU cap below (i7-1185G7: 4c/8t) so ES
# never sizes itself for all 8 threads and starves IDE/browser/NestJS ---
- node.processors=4
ulimits:
# Required for bootstrap.memory_lock=true to actually lock memory.
memlock:
soft: -1
hard: -1
# Raise file-descriptor limit so many indices/segments over time never
# hit "too many open files" (Elastic's recommended value).
nofile:
soft: 65536
hard: 65536
# Hard cap so Elasticsearch can never starve the host (1.5GB).
# Heap is 1GB; the remaining ~0.5GB covers JVM/off-heap overhead.
mem_limit: 1536m
# CPU cap: 4 of the 8 logical CPUs (i7-1185G7 = 4 cores / 8 threads).
# Keeps ES at <=50% CPU so the host stays responsive while multitasking,
# honoring the "no sustained CPU above 80%" rule even during bulk indexing.
cpus: 4.0
ports:
# Bind to LOOPBACK ONLY (127.0.0.1). Security is disabled in dev mode, so
# publishing on 0.0.0.0 would expose an unauthenticated ES to the whole
# LAN/WiFi. NestJS runs on the host and reaches it via localhost anyway.
- "127.0.0.1:9200:9200"
volumes:
# Named volume keeps indices across container restarts.
- esdata:/usr/share/elasticsearch/data
healthcheck:
# Container is "healthy" once the cluster reports green or yellow.
test:
[
"CMD-SHELL",
"curl -s http://localhost:9200/_cluster/health | grep -qE '\"status\":\"(green|yellow)\"'",
]
interval: 20s
timeout: 10s
retries: 12
start_period: 60s
# Give Elasticsearch time to flush and shut down cleanly on `down`/reboot.
# Docker's default 10s can kill it mid-flush and corrupt shards (→ RED).
stop_grace_period: 60s
# Cap container logs so they can't fill the NVMe over weeks of running.
logging:
driver: json-file
options:
max-size: "10m"
max-file: "3"
volumes:
esdata:
driver: local