reterminal-dm4/backup-from-device/gnss-guard/tm-gnss-guard/server/docker-compose.yml

# GNSS Guard Server - Docker Compose with Nginx + SSL
#
# Usage:
#   1. cp env.example .env.prod
#   2. Edit .env.prod with your configuration
#   3. docker compose up -d
#   4. Run SSL setup: docker compose exec certbot certbot certonly ...
#
# For development (no SSL): use docker-compose.dev.yml

services:
  # ==========================================================================
  # GNSS Guard Server (FastAPI/Uvicorn)
  # ==========================================================================
  gnss-server:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: gnss-guard-server
    restart: unless-stopped
    env_file:
      - .env.prod
    expose:
      - "8000"
    networks:
      - gnss-network
    healthcheck:
      test: ["CMD", "python", "-c", "import requests; requests.get('http://localhost:8000/auth/check', timeout=5)"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 10s

  # ==========================================================================
  # Nginx Reverse Proxy
  # ==========================================================================
  nginx:
    image: nginx:alpine
    container_name: gnss-nginx
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
      - certbot-etc:/etc/letsencrypt:ro
      - certbot-var:/var/lib/letsencrypt
      - certbot-webroot:/var/www/certbot
      # Mount nginx logs to host for fail2ban monitoring
      - /var/log/nginx:/var/log/nginx
    depends_on:
      - gnss-server
    networks:
      - gnss-network

  # ==========================================================================
  # Certbot (SSL Certificate Management)
  # ==========================================================================
  certbot:
    image: certbot/certbot
    container_name: gnss-certbot
    volumes:
      - certbot-etc:/etc/letsencrypt
      - certbot-var:/var/lib/letsencrypt
      - certbot-webroot:/var/www/certbot
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

networks:
  gnss-network:
    driver: bridge

volumes:
  certbot-etc:
  certbot-var:
  certbot-webroot: