#version: '3.8'

services:
  digiserver-app:
    build: .
    container_name: digiserver-v2
    # Don't expose directly; use Caddy reverse proxy instead
    expose:
      - "5000"
    volumes:
      # Code is in the Docker image - no volume mount needed
      # Only mount persistent data folders:
      - ./data/instance:/app/instance
      - ./data/uploads:/app/app/static/uploads
    environment:
      - FLASK_ENV=production
      - SECRET_KEY=${SECRET_KEY:-your-secret-key-change-this}
      - ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
      - ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin123}
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:5000/').read()"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    networks:
      - digiserver-network

  # Nginx reverse proxy with HTTPS support
  nginx:
    image: nginx:alpine
    container_name: digiserver-nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./data/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./data/nginx-custom-domains.conf:/etc/nginx/conf.d/custom-domains.conf:rw
      - ./data/nginx-ssl:/etc/nginx/ssl:ro
      - ./data/nginx-logs:/var/log/nginx
      - ./data/certbot:/var/www/certbot:ro  # For Let's Encrypt ACME challenges
    environment:
      - DOMAIN=${DOMAIN:-localhost}
      - EMAIL=${EMAIL:-admin@localhost}
    depends_on:
      digiserver-app:
        condition: service_started
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:80/"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 10s
    networks:
      - digiserver-network

networks:
  digiserver-network:
    driver: bridge