BosChecklists/docker-compose.prod.yml at main · ChefJulio/BosChecklists · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# Docker Compose for Pulsefeed Production (with HTTPS via Caddy)
#
# USAGE:
#   1. Set environment variables in .env.prod
#   2. docker-compose -f docker-compose.prod.yml up -d
#
# REQUIRED ENV VARS:
#   DOMAIN=yourdomain.com
#   SECRET_KEY=your-secure-secret-key
#   DB_ENCRYPTION_KEY=your-fernet-key
#
# Caddy automatically provisions Let's Encrypt certificates!

services:
  # Caddy Reverse Proxy (handles HTTPS automatically)
  caddy:
    image: caddy:2-alpine
    container_name: pulsefeed_caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"  # HTTP/3 support
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - caddy_data:/data
      - caddy_config:/config
    depends_on:
      - app
    environment:
      - DOMAIN=${DOMAIN:-localhost}

  # Flask Application
  app:
    build:
      context: .
      dockerfile: Dockerfile.prod
    container_name: pulsefeed_app
    restart: unless-stopped
    environment:
      - FLASK_ENV=production
      - FLASK_DEBUG=0
      - PORT=5000
      - SECRET_KEY=${SECRET_KEY}
      - DB_ENCRYPTION_KEY=${DB_ENCRYPTION_KEY}
      - DATABASE_URL=postgresql://pulsefeed:${DB_PASSWORD}@db:5432/pulsefeed
    depends_on:
      db:
        condition: service_healthy
    # No ports exposed - only accessible through Caddy
    expose:
      - "5000"

  # PostgreSQL Database
  db:
    image: postgres:15-alpine
    container_name: pulsefeed_db
    restart: unless-stopped
    environment:
      POSTGRES_USER: pulsefeed
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_DB: pulsefeed
    volumes:
      - postgres_data:/var/lib/postgresql/data
    # No ports exposed externally in production
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U pulsefeed"]
      interval: 10s
      timeout: 5s
      retries: 5

volumes:
  postgres_data:
  caddy_data:
  caddy_config: