Project-Image-Uploader/docker/prod/docker-compose.yml

# Production Environment
# Usage: docker compose -f docker/prod/docker-compose.yml up -d
# Or use: ./prod.sh

services:
  frontend:
    container_name: image-uploader-frontend
    image: gitea.lan.hobbyhimmel.de/hobbyhimmel/image-uploader-frontend:latest
    restart: unless-stopped
    ports:
      - "80:80"
    build: 
      context: ../../
      dockerfile: docker/prod/frontend/Dockerfile
    depends_on:
      - backend
    environment:
      - API_URL=http://backend:5000
      - PUBLIC_HOST=public.test.local
      - INTERNAL_HOST=internal.test.local
      
    networks:
      - npm-nw
      - prod-internal
        
  backend:
    container_name: image-uploader-backend
    image: gitea.lan.hobbyhimmel.de/hobbyhimmel/image-uploader-backend:latest
    restart: unless-stopped
    build: 
      context: ../../
      dockerfile: docker/prod/backend/Dockerfile
    ports:
      - "5000:5000"
    volumes:
      - image_data:/usr/src/app/src/data
    networks:
      - prod-internal
    environment:
      - REMOVE_IMAGES=false
      - NODE_ENV=production
      - ADMIN_SESSION_SECRET=${ADMIN_SESSION_SECRET}
      - ADMIN_SESSION_DIR=/usr/src/app/src/data/sessions
      # ⚠️  Für HTTP-only Labs per Override auf "false" setzen (nicht im Repo committen)
      - ADMIN_SESSION_COOKIE_SECURE=true
      # Host Configuration (Public/Internal Separation)
      - PUBLIC_HOST=public.test.local
      - INTERNAL_HOST=internal.test.local
      - ENABLE_HOST_RESTRICTION=true
      - PUBLIC_UPLOAD_RATE_LIMIT=20
      - PUBLIC_UPLOAD_RATE_WINDOW=3600000
      # Trust nginx-proxy-manager (1 hop)
      - TRUST_PROXY_HOPS=1
      # Telegram Bot Configuration (optional)
      - TELEGRAM_ENABLED=${TELEGRAM_ENABLED:-false}
      - TELEGRAM_BOT_TOKEN=${TELEGRAM_BOT_TOKEN}
      - TELEGRAM_CHAT_ID=${TELEGRAM_CHAT_ID}
      - TELEGRAM_SEND_TEST_ON_START=false



networks:
  npm-nw:
    external: true
  prod-internal:
    driver: bridge

volumes:
  image_data:
    driver: local