server/docker-compose.yml at main · mcpambassador/server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# =============================================================================
# MCP AMBASSADOR SERVER - DOCKER COMPOSE (COMMUNITY TIER)
# =============================================================================
# Single-service deployment for Community tier with self-signed TLS
#
# Quick Start:
#   1. Copy .env.example to .env and configure
#   2. docker-compose up -d
#   3. docker-compose logs -f
#
# Data Persistence:
#   - ./data/  → /data    (database, TLS certs, audit logs, secrets)
#   - ./config/ → /config (ambassador-server.yaml — read-only)
#   - ./cache/  → /tmp    (npx/npm cache — no artificial size cap)
#   - All bind mounts are owned by non-root user (UID 1000)
#   - Create these directories on the host before first run
#
# Security Notes:
#   - Server runs as non-root user (mcpambassador:1000)
#   - Read-only root filesystem (except /data volume)
#   - Self-signed TLS certificates auto-generated on first boot
#   - Use volume encryption for sensitive data at rest
# =============================================================================

services:
  mcpambassador-server:
    build:
      context: .
      dockerfile: Dockerfile
    image: mcpambassador-server:latest
    container_name: mcpambassador-server

    # Restart policy
    restart: unless-stopped

    # Port mapping
    ports:
      - "8443:8443"
      # SEC-M9-07: Admin API on localhost only (change to 0.0.0.0:9443:9443 to expose externally)
      - "127.0.0.1:9443:9443"

    # Environment variables
    environment:
      # Data directory (required - volume mount point)
      MCP_AMBASSADOR_DATA_DIR: /data

      # Server configuration
      MCP_AMBASSADOR_HOST: 0.0.0.0
      MCP_AMBASSADOR_PORT: 8443

      # Logging
      MCP_AMBASSADOR_LOG_LEVEL: ${LOG_LEVEL:-info}

      # Application mode
      # 'development' enables verbose logging and dev client key bootstrap
      # 'production' disables dev-only features
      # The setup wizard works in ALL modes — no hardcoded credentials regardless of NODE_ENV
      NODE_ENV: ${NODE_ENV:-development}

      # Admin authentication (optional - for testing/dev)
      # Leave unset for production: admin key will be auto-generated on first boot
      # Generate with: node -e "console.log('amb_ak_' + require('crypto').randomBytes(32).toString('base64url'))"
      # AMBASSADOR_ADMIN_KEY: ${AMBASSADOR_ADMIN_KEY:-}

      # Downstream MCP API keys (ADR-009)
      ALPHA_VANTAGE_API_KEY: ${ALPHA_VANTAGE_API_KEY:-}
      CONTEXT7_API_KEY: ${CONTEXT7_API_KEY:-}
      TAVILY_API_KEY: ${TAVILY_API_KEY:-}

      # ADR-014: OAuth client credentials (resolve from .env)
      GITHUB_OAUTH_CLIENT_ID: ${GITHUB_OAUTH_CLIENT_ID:-}
      GITHUB_OAUTH_CLIENT_SECRET: ${GITHUB_OAUTH_CLIENT_SECRET:-}

      # Community Registry (private repo auth)
      REGISTRY_URL: ${REGISTRY_URL:-https://api.github.com/repos/mcpambassador/community-registry/contents/registry.yaml}
      REGISTRY_TOKEN: ${REGISTRY_TOKEN:-}
      REGISTRY_ENABLED: ${REGISTRY_ENABLED:-true}

      # Public URL for OAuth callbacks behind reverse proxy
      # Set this when deploying behind nginx/caddy/etc.
      # Example: https://mcp.yourdomain.com
      PUBLIC_URL: ${PUBLIC_URL:-}

      # Optional: Override TLS certificate paths
      # MCP_AMBASSADOR_CA_PATH: /data/certs/ca.pem
      # MCP_AMBASSADOR_CERT_PATH: /data/certs/server.pem
      # MCP_AMBASSADOR_KEY_PATH: /data/certs/server-key.pem

      # Optional: Override database path
      # MCP_AMBASSADOR_DB_PATH: /data/ambassador.db

      # Optional: Override audit log path
      # MCP_AMBASSADOR_AUDIT_LOG_PATH: /data/audit.jsonl

    # Volume mounts - host bind mounts for easy inspection and backup
    volumes:
      - ./data:/data
      - ./config:/config:ro
      - ./cache:/tmp

    # Security options
    security_opt:
      - no-new-privileges:true

    # Read-only root filesystem (except bind-mounted volumes)
    read_only: true

    # Health check
    healthcheck:
      test: ["CMD", "node", "-e", "require('https').get({hostname:'localhost',port:8443,path:'/health',rejectUnauthorized:false},(r)=>{process.exit(r.statusCode===200?0:1)}).on('error',()=>process.exit(1))"]
      interval: 30s
      timeout: 3s
      start_period: 10s
      retries: 3

    # F-SEC-M7-002 remediation: Resource limits enabled by default
    # Prevents container from consuming all host resources (DoS protection)
    deploy:
      resources:
        limits:
          cpus: '2.0'
          memory: 1G
        reservations:
          cpus: '0.5'
          memory: 512M

    # Network isolation (optional)
    # networks:
    #   - mcpambassador-net

# No named volumes - using host bind mounts for better observability and backup

# Optional: Custom network for isolation
# networks:
#   mcpambassador-net:
#     driver: bridge