Switch to host networking for Proxmox LXC compatibility

network_mode: host avoids Docker creating separate network namespaces which trigger sysctl writes blocked in LXC containers. All service references updated from container names to localhost. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-01 15:37:14 -07:00
parent c401c8f2e0
commit 4ed53d0fd7
2 changed files with 12 additions and 14 deletions
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -2,7 +2,7 @@ services:
  db:
    image: postgres:16-alpine
    restart: unless-stopped
-    privileged: true
+    network_mode: host
    security_opt:
      - apparmor:unconfined
    environment:
@@ -12,7 +12,7 @@ services:
    volumes:
      - pgdata:/var/lib/postgresql/data
    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U drinktracker -d drinktracker"]
+      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-drinktracker} -d ${POSTGRES_DB:-drinktracker}"]
      interval: 5s
      timeout: 5s
      retries: 5
@@ -20,7 +20,7 @@ services:
  minio:
    image: minio/minio:latest
    restart: unless-stopped
-    privileged: true
+    network_mode: host
    security_opt:
      - apparmor:unconfined
    environment:
@@ -37,7 +37,7 @@ services:

  minio-init:
    image: minio/mc:latest
-    privileged: true
+    network_mode: host
    security_opt:
      - apparmor:unconfined
    depends_on:
@@ -48,7 +48,7 @@ services:
      MINIO_SECRET_KEY: ${MINIO_SECRET_KEY}
    entrypoint: >
      /bin/sh -c "
-      mc alias set local http://minio:9000 $$MINIO_ACCESS_KEY $$MINIO_SECRET_KEY;
+      mc alias set local http://localhost:9000 $$MINIO_ACCESS_KEY $$MINIO_SECRET_KEY;
      mc mb local/drink-images --ignore-existing;
      mc anonymous set download local/drink-images;
      exit 0;
@@ -56,7 +56,7 @@ services:

  migrate:
    image: node:20-alpine
-    privileged: true
+    network_mode: host
    security_opt:
      - apparmor:unconfined
    depends_on:
@@ -70,18 +70,16 @@ services:
    env_file:
      - .env.production
    environment:
-      DATABASE_URL: "postgresql://${POSTGRES_USER:-drinktracker}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB:-drinktracker}"
+      DATABASE_URL: "postgresql://${POSTGRES_USER:-drinktracker}:${POSTGRES_PASSWORD}@localhost:5432/${POSTGRES_DB:-drinktracker}"
    command: sh -c "npm install prisma @prisma/client --silent && npx prisma db push --skip-generate --accept-data-loss"
    restart: "no"

  app:
    image: jpscott84/drinktracker:latest
    restart: unless-stopped
-    privileged: true
+    network_mode: host
    security_opt:
      - apparmor:unconfined
-    ports:
-      - "3000:3000"
    depends_on:
      db:
        condition: service_healthy
@@ -92,8 +90,8 @@ services:
    env_file:
      - .env.production
    environment:
-      DATABASE_URL: "postgresql://${POSTGRES_USER:-drinktracker}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB:-drinktracker}"
-      MINIO_ENDPOINT: "minio"
+      DATABASE_URL: "postgresql://${POSTGRES_USER:-drinktracker}:${POSTGRES_PASSWORD}@localhost:5432/${POSTGRES_DB:-drinktracker}"
+      MINIO_ENDPOINT: "localhost"

 volumes:
  pgdata: