services: # Sibedas Application Container (Internal) app: build: context: . dockerfile: Dockerfile target: production container_name: sibedas_app restart: unless-stopped environment: APP_ENV: ${APP_ENV:-production} APP_DEBUG: ${APP_DEBUG:-false} APP_KEY: ${APP_KEY} APP_URL: ${APP_URL:-https://sibedas.yourdomain.com} VITE_APP_URL: ${VITE_APP_URL:-https://sibedas.yourdomain.com} # Database Configuration DB_CONNECTION: ${DB_CONNECTION:-mariadb} DB_HOST: db DB_PORT: 3306 DB_DATABASE: ${DB_DATABASE:-sibedas} DB_USERNAME: ${DB_USERNAME:-sibedas_user} DB_PASSWORD: ${DB_PASSWORD} # Cache Configuration (using database) CACHE_DRIVER: ${CACHE_DRIVER:-database} # Session Configuration (using database) SESSION_DRIVER: ${SESSION_DRIVER:-database} SESSION_LIFETIME: ${SESSION_LIFETIME:-120} # Queue Configuration (using database) QUEUE_CONNECTION: ${QUEUE_CONNECTION:-database} # Mail Configuration MAIL_MAILER: ${MAIL_MAILER:-smtp} MAIL_HOST: ${MAIL_HOST} MAIL_PORT: ${MAIL_PORT:-587} MAIL_USERNAME: ${MAIL_USERNAME} MAIL_PASSWORD: ${MAIL_PASSWORD} MAIL_ENCRYPTION: ${MAIL_ENCRYPTION:-tls} MAIL_FROM_ADDRESS: ${MAIL_FROM_ADDRESS} MAIL_FROM_NAME: ${MAIL_FROM_NAME:-"Sibedas"} # Google Sheets API SPREAD_SHEET_ID: ${SPREAD_SHEET_ID} volumes: # Only mount specific directories for production security - sibedas_app_storage:/var/www/storage - sibedas_app_bootstrap_cache:/var/www/bootstrap/cache - ./public:/var/www/public:ro - ./docker/supervisor:/etc/supervisor/conf.d:ro depends_on: db: condition: service_healthy networks: - sibedas_network healthcheck: test: ["CMD", "php", "-v"] interval: 30s timeout: 10s retries: 3 start_period: 60s deploy: resources: limits: memory: 1G cpus: "1.0" reservations: memory: 512M cpus: "0.5" # Use Supervisor for queue and scheduler command: ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"] # Internal Nginx for Sibedas App nginx-internal: image: nginx:alpine container_name: sibedas_nginx_internal restart: unless-stopped volumes: - ./public:/var/www/public:ro - ./docker/nginx/conf.d/sibedas-internal.conf:/etc/nginx/conf.d/default.conf:ro - sibedas_nginx_internal_logs:/var/log/nginx depends_on: app: condition: service_healthy networks: - sibedas_network healthcheck: test: [ "CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/health-check", ] interval: 30s timeout: 10s retries: 3 start_period: 30s deploy: resources: limits: memory: 128M cpus: "0.25" # Reverse Proxy Nginx (Main Entry Point) nginx-proxy: build: context: ./docker/nginx dockerfile: Dockerfile container_name: sibedas_nginx_proxy restart: unless-stopped ports: - "${NGINX_HTTP_PORT:-80}:80" - "${NGINX_HTTPS_PORT:-443}:443" environment: DOMAIN: ${DOMAIN:-sibedas.yourdomain.com} EMAIL: ${EMAIL:-admin@yourdomain.com} SSL_TYPE: ${SSL_TYPE:-self-signed} volumes: - sibedas_nginx_proxy_logs:/var/log/nginx - sibedas_ssl_certs:/etc/nginx/ssl - sibedas_letsencrypt:/etc/letsencrypt depends_on: nginx-internal: condition: service_healthy networks: - sibedas_network healthcheck: test: [ "CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/health-check", ] interval: 30s timeout: 10s retries: 3 start_period: 30s deploy: resources: limits: memory: 256M cpus: "0.5" db: image: mariadb:10.6 container_name: sibedas_db restart: unless-stopped environment: MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} MYSQL_DATABASE: ${DB_DATABASE:-sibedas} MYSQL_USER: ${DB_USERNAME:-sibedas_user} MYSQL_PASSWORD: ${DB_PASSWORD} MYSQL_INNODB_BUFFER_POOL_SIZE: ${MYSQL_INNODB_BUFFER_POOL_SIZE:-1G} ports: # Only expose if needed for external access - "${DB_EXTERNAL_PORT:-3306}:3306" volumes: - sibedas_dbdata:/var/lib/mysql - ./sibedas.sql:/docker-entrypoint-initdb.d/sibedas.sql:ro - ./docker/mysql/conf.d:/etc/mysql/conf.d:ro - sibedas_db_logs:/var/log/mysql networks: - sibedas_network healthcheck: test: [ "CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "${DB_USERNAME:-sibedas_user}", "-p${DB_PASSWORD}", ] interval: 30s timeout: 10s retries: 3 start_period: 60s deploy: resources: limits: memory: 2G cpus: "1.0" reservations: memory: 1G cpus: "0.5" volumes: sibedas_dbdata: driver: local sibedas_app_storage: driver: local sibedas_app_bootstrap_cache: driver: local sibedas_nginx_internal_logs: driver: local sibedas_nginx_proxy_logs: driver: local sibedas_db_logs: driver: local sibedas_ssl_certs: driver: local sibedas_letsencrypt: driver: local networks: sibedas_network: driver: bridge ipam: config: - subnet: 172.20.0.0/16