docker-compose.prod.yaml

services:
  frontend:
    build:
      target: production
      args:
        BACKEND_URL: ${FRONTEND_API}
        OAUTH_AUTHORITY: ${OAUTH_AUTHORITY}
        OIDC_REDIRECT_HOST: ${FRONTEND_REDIRECT_HOST}
        OIDC_CLIENT_ID: ${FRONTEND_OIDC_CLIENT_ID}
        REPOSITORY_URL: ${REPOSITORY_URL}
        FORCED_TAGS: ${FRONTEND_PLATFORM_TAGS}
    labels:
      traefik.http.routers.webapp.tls: true
      traefik.http.routers.webapp.tls.certResolver: letsEncrypt
      traefik.http.routers.webapp.entrypoints: websecure

  backend:
    restart: always
    build:
      tags: [backend]
      target: production
    labels:
      traefik.http.routers.backend.tls: true
      traefik.http.routers.backend.tls.certResolver: letsEncrypt
      traefik.http.routers.backend.entrypoints: websecure

  database:
    restart: always
    volumes:
      - ./backend/scripts/setup_migration.sql:/docker-entrypoint-initdb.d/setup_migration.sql
      - app-db-data:/var/lib/postgresql/data/pgdata

  #smtp_server:
  #  image: boky/postfix:v3.6.1-alpine
  #  restart: always

  reverse-proxy:
    command:
      # for some reason extending does *not* merge command, so I'm pasting these here as well
      - "--entrypoints.web.address=:80"
      - "--providers.docker"

      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.letsEncrypt.acme.storage=/etc/traefik/mounted/acme.json"
      - "--certificatesresolvers.letsEncrypt.acme.email=${LETSENCRYPT_EMAIL}"
      - "--certificatesresolvers.letsEncrypt.acme.tlschallenge=true"
    volumes:
      - ./traefik/:/etc/traefik/mounted/
    ports:
      - "443:443"

volumes:
  app-db-data: