50 lines
1.4 KiB
YAML
50 lines
1.4 KiB
YAML
services:
|
|
|
|
# ── App Elysia/Bun ────────────────────────────────────────────────────────
|
|
app:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
target: runner
|
|
restart: unless-stopped
|
|
# Port NON exposé publiquement : nginx est le seul point d'entrée
|
|
expose:
|
|
- "3000"
|
|
environment:
|
|
NODE_ENV: production
|
|
STRIPE_SECRET_KEY: ${STRIPE_SECRET_KEY}
|
|
STRIPE_WEBHOOK_SECRET: ${STRIPE_WEBHOOK_SECRET}
|
|
DOMAIN: ${DOMAIN:-http://localhost}
|
|
networks:
|
|
- rebour-net
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "wget -qO- http://localhost:3000/robots.txt || exit 1"]
|
|
interval: 5s
|
|
timeout: 3s
|
|
retries: 5
|
|
start_period: 5s
|
|
|
|
# ── Nginx : reverse proxy, gzip, cache headers, rate-limit API ───────────
|
|
nginx:
|
|
image: nginx:1.27-alpine
|
|
restart: on-failure
|
|
ports:
|
|
- "0.0.0.0:80:80"
|
|
- "0.0.0.0:443:443"
|
|
volumes:
|
|
- ./nginx.conf:/etc/nginx/nginx.conf:ro
|
|
# En prod : décommenter + monter les certificats Let's Encrypt
|
|
# - /etc/letsencrypt:/etc/letsencrypt:ro
|
|
- nginx-logs:/var/log/nginx
|
|
depends_on:
|
|
- app
|
|
networks:
|
|
- rebour-net
|
|
|
|
networks:
|
|
rebour-net:
|
|
driver: bridge
|
|
|
|
volumes:
|
|
nginx-logs:
|