# GNSS Guard Server - Docker Compose with Nginx + SSL # # Usage: # 1. cp env.example .env.prod # 2. Edit .env.prod with your configuration # 3. docker compose up -d # 4. Run SSL setup: docker compose exec certbot certbot certonly ... # # For development (no SSL): use docker-compose.dev.yml services: # ========================================================================== # GNSS Guard Server (FastAPI/Uvicorn) # ========================================================================== gnss-server: build: context: . dockerfile: Dockerfile container_name: gnss-guard-server restart: unless-stopped env_file: - .env.prod expose: - "8000" networks: - gnss-network healthcheck: test: ["CMD", "python", "-c", "import requests; requests.get('http://localhost:8000/auth/check', timeout=5)"] interval: 30s timeout: 10s retries: 3 start_period: 10s # ========================================================================== # Nginx Reverse Proxy # ========================================================================== nginx: image: nginx:alpine container_name: gnss-nginx restart: unless-stopped ports: - "80:80" - "443:443" volumes: - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro - ./nginx/conf.d:/etc/nginx/conf.d:ro - certbot-etc:/etc/letsencrypt:ro - certbot-var:/var/lib/letsencrypt - certbot-webroot:/var/www/certbot # Mount nginx logs to host for fail2ban monitoring - /var/log/nginx:/var/log/nginx depends_on: - gnss-server networks: - gnss-network # ========================================================================== # Certbot (SSL Certificate Management) # ========================================================================== certbot: image: certbot/certbot container_name: gnss-certbot volumes: - certbot-etc:/etc/letsencrypt - certbot-var:/var/lib/letsencrypt - certbot-webroot:/var/www/certbot entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" networks: gnss-network: driver: bridge volumes: certbot-etc: certbot-var: certbot-webroot: