Services
Both configurations run these services:| Service | Image | Purpose |
|---|---|---|
app | Custom Go build | Tracera backend API server |
web | Custom Next.js build | Tracera frontend |
timescaledb | timescale/timescaledb:2.25.1-pg16 | Time-series database |
redis | redis:7.4-alpine | Cache, pub/sub, sessions |
Development Stack
- Hot reload for Go via air — edit Go files and the server restarts automatically
- Turbopack for Next.js — instant frontend hot module replacement
- Mounted volumes — source code is mounted into containers for live editing
- Debug-friendly — full logs, no resource constraints
Architecture
Production Stack
- Multi-stage builds — Go binary compiled with
-trimpathand stripped symbols in a distroless base image - Read-only filesystems — containers run with read-only root filesystems where possible
- No new privileges —
security_opt: no-new-privileges:trueon all services - Dropped capabilities —
cap_drop: ALLto minimize attack surface - Resource limits — CPU and memory constraints on all services
- Health checks — built-in health checks for all services with restart policies
- Named volumes — persistent data volumes for TimescaleDB and Redis
Health Checks
All services include Docker health checks:| Service | Check | Interval |
|---|---|---|
app | Custom binary at /healthcheck | 10s |
timescaledb | pg_isready | 10s |
redis | redis-cli ping | 10s |
Networking
All services run on thetracera Docker network. Service names are used as hostnames:
- Backend connects to
timescaledb:5432andredis:6379 - Frontend connects to
app:8080(server-side) andlocalhost:8080(client-side)
Volumes
| Volume | Purpose |
|---|---|
timescaledb_data | Persistent database storage |
redis_data | Persistent Redis data (AOF/RDB) |