banatie-service/prod-env/docker-compose.yml

# Banatie Production Docker Compose
# Run from: ~/workspace/projects/banatie-service/prod-env/
# Data stored in: /opt/services/data/banatie/

services:
  # API Service
  banatie-api:
    build:
      context: ..
      dockerfile: apps/api-service/Dockerfile
      target: production
    container_name: banatie-api
    # No ports exposed - access through Caddy reverse proxy
    volumes:
      - /opt/services/data/banatie/logs:/app/apps/api-service/logs
      - /opt/services/data/banatie/results:/app/results
      - /opt/services/data/banatie/uploads:/app/uploads
    networks:
      - banatie-internal
      - proxy-network
    depends_on:
      banatie-postgres:
        condition: service_healthy
      banatie-minio:
        condition: service_healthy
    env_file:
      - .env
      - secrets.env
    environment:
      - IS_DOCKER=true
      - NODE_ENV=production
    restart: unless-stopped

  # Landing Page
  banatie-landing:
    build:
      context: ..
      dockerfile: apps/landing/Dockerfile
    container_name: banatie-landing
    # No ports exposed - access through Caddy reverse proxy
    networks:
      - banatie-internal
      - proxy-network
    depends_on:
      - banatie-postgres
    env_file:
      - .env
      - secrets.env
    environment:
      - IS_DOCKER=true
      - NODE_ENV=production
    restart: unless-stopped

  # PostgreSQL Database (isolated for Banatie)
  banatie-postgres:
    image: postgres:15-alpine
    container_name: banatie-postgres
    # No ports exposed - internal access only
    volumes:
      - /opt/services/data/banatie/postgres:/var/lib/postgresql/data
      - ../scripts/init-db.sql:/docker-entrypoint-initdb.d/01-init.sql
    networks:
      - banatie-internal
    environment:
      POSTGRES_DB: banatie_db
      POSTGRES_USER: banatie_user
      POSTGRES_PASSWORD: ${DB_PASSWORD:-banatie_secure_password}
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U banatie_user -d banatie_db"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    restart: unless-stopped

  # MinIO Object Storage - Production Ready with SNMD
  banatie-minio:
    image: quay.io/minio/minio:latest
    container_name: banatie-minio
    # No ports exposed - Console through Caddy, API internal only
    volumes:
      # SNMD: 4 drives for full S3 compatibility and erasure coding
      - /opt/services/data/banatie/storage/drive1:/data1
      - /opt/services/data/banatie/storage/drive2:/data2
      - /opt/services/data/banatie/storage/drive3:/data3
      - /opt/services/data/banatie/storage/drive4:/data4
    networks:
      - banatie-internal
      - proxy-network  # For MinIO Console access via Caddy
    environment:
      MINIO_ROOT_USER: ${MINIO_ROOT_USER}
      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
      # Production URLs (through Caddy)
      MINIO_BROWSER_REDIRECT_URL: https://storage.banatie.app
      MINIO_SERVER_URL: https://api.banatie.app
    # CRITICAL: SNMD command for full S3 compatibility
    command: server /data{1...4} --console-address ":9001"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    restart: unless-stopped

  # MinIO Storage Initialization
  banatie-minio-init:
    image: minio/mc:latest
    container_name: banatie-minio-init
    networks:
      - banatie-internal
    depends_on:
      banatie-minio:
        condition: service_healthy
    environment:
      MINIO_ROOT_USER: ${MINIO_ROOT_USER}
      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
    entrypoint:
      - /bin/sh
      - -c
      - |
        echo 'Setting up MinIO alias...'
        mc alias set storage http://banatie-minio:9000 $${MINIO_ROOT_USER} $${MINIO_ROOT_PASSWORD}

        echo 'Creating main bucket...'
        mc mb --ignore-existing storage/banatie

        echo 'Creating service user...'
        mc admin user add storage banatie_service banatie_service_key_2024 || true

        echo 'Attaching readwrite policy to service user...'
        mc admin policy attach storage readwrite --user=banatie_service || true

        echo 'Setting up lifecycle policy...'
        cat > /tmp/lifecycle.json <<'LIFECYCLE'
        {
          "Rules": [
            {
              "ID": "temp-cleanup",
              "Status": "Enabled",
              "Filter": {
                "Prefix": "temp/"
              },
              "Expiration": {
                "Days": 7
              }
            }
          ]
        }
        LIFECYCLE
        mc ilm import storage/banatie < /tmp/lifecycle.json || true

        echo 'Storage initialization completed!'
        echo 'Bucket: banatie'
        echo 'Using presigned URLs for secure access'
        echo 'SNMD mode: Full S3 compatibility enabled'
        exit 0        
    restart: "no"

networks:
  # Internal network for service-to-service communication
  banatie-internal:
    driver: bridge
  # External network shared with Caddy reverse proxy
  proxy-network:
    external: true