version: '3.8' services: # PostgreSQL Database xpeditis-db: image: postgres:15-alpine restart: unless-stopped volumes: - xpeditis_db_data:/var/lib/postgresql/data environment: POSTGRES_DB: xpeditis_preprod POSTGRES_USER: xpeditis POSTGRES_PASSWORD: 9Lc3M9qoPBeHLKHDXGUf1 PGDATA: /var/lib/postgresql/data/pgdata networks: - xpeditis_internal healthcheck: test: ["CMD-SHELL", "pg_isready -U xpeditis"] interval: 10s timeout: 5s retries: 5 start_period: 10s # Redis Cache xpeditis-redis: image: redis:7-alpine restart: unless-stopped command: redis-server --requirepass hXiy5GMPswMtxMZujjS2O --appendonly yes volumes: - xpeditis_redis_data:/data networks: - xpeditis_internal healthcheck: test: ["CMD", "redis-cli", "--auth", "hXiy5GMPswMtxMZujjS2O", "ping"] interval: 10s timeout: 5s retries: 5 start_period: 10s # MinIO S3 Storage xpeditis-minio: image: minio/minio:latest command: server /data --console-address ":9001" volumes: - xpeditis_minio_data:/data environment: MINIO_ROOT_USER: minioadmin_preprod_CHANGE_ME MINIO_ROOT_PASSWORD: RBJfD0QVXC5JDfAHCwdUW networks: - xpeditis_internal - traefik_network healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 30s timeout: 10s retries: 3 start_period: 20s deploy: restart_policy: condition: any delay: 5s max_attempts: 3 window: 120s labels: - "traefik.enable=true" - "traefik.docker.network=traefik_network" # MinIO API (S3) - HTTPS - "traefik.http.routers.xpeditis-minio-api.rule=Host(`s3.preprod.xpeditis.com`)" - "traefik.http.routers.xpeditis-minio-api.entrypoints=websecure" - "traefik.http.routers.xpeditis-minio-api.tls=true" - "traefik.http.routers.xpeditis-minio-api.tls.certresolver=letsencrypt" - "traefik.http.routers.xpeditis-minio-api.priority=50" - "traefik.http.routers.xpeditis-minio-api.service=xpeditis-minio-api" - "traefik.http.services.xpeditis-minio-api.loadbalancer.server.port=9000" - "traefik.http.routers.xpeditis-minio-api.middlewares=xpeditis-minio-api-headers" # MinIO API Headers - "traefik.http.middlewares.xpeditis-minio-api-headers.headers.customRequestHeaders.X-Forwarded-Proto=https" - "traefik.http.middlewares.xpeditis-minio-api-headers.headers.customRequestHeaders.X-Forwarded-For=" - "traefik.http.middlewares.xpeditis-minio-api-headers.headers.customRequestHeaders.X-Real-IP=" # MinIO API - HTTP → HTTPS Redirect - "traefik.http.routers.xpeditis-minio-api-http.rule=Host(`s3.preprod.xpeditis.com`)" - "traefik.http.routers.xpeditis-minio-api-http.entrypoints=web" - "traefik.http.routers.xpeditis-minio-api-http.priority=50" - "traefik.http.routers.xpeditis-minio-api-http.middlewares=xpeditis-minio-api-redirect" - "traefik.http.routers.xpeditis-minio-api-http.service=xpeditis-minio-api" - "traefik.http.middlewares.xpeditis-minio-api-redirect.redirectscheme.scheme=https" - "traefik.http.middlewares.xpeditis-minio-api-redirect.redirectscheme.permanent=true" # MinIO Console - HTTPS - "traefik.http.routers.xpeditis-minio-console.rule=Host(`minio.preprod.xpeditis.com`)" - "traefik.http.routers.xpeditis-minio-console.entrypoints=websecure" - "traefik.http.routers.xpeditis-minio-console.tls=true" - "traefik.http.routers.xpeditis-minio-console.tls.certresolver=letsencrypt" - "traefik.http.routers.xpeditis-minio-console.priority=50" - "traefik.http.routers.xpeditis-minio-console.service=xpeditis-minio-console" - "traefik.http.services.xpeditis-minio-console.loadbalancer.server.port=9001" - "traefik.http.routers.xpeditis-minio-console.middlewares=xpeditis-minio-console-headers" # MinIO Console Headers - "traefik.http.middlewares.xpeditis-minio-console-headers.headers.customRequestHeaders.X-Forwarded-Proto=https" - "traefik.http.middlewares.xpeditis-minio-console-headers.headers.customRequestHeaders.X-Forwarded-For=" - "traefik.http.middlewares.xpeditis-minio-console-headers.headers.customRequestHeaders.X-Real-IP=" # MinIO Console - HTTP → HTTPS Redirect - "traefik.http.routers.xpeditis-minio-console-http.rule=Host(`minio.preprod.xpeditis.com`)" - "traefik.http.routers.xpeditis-minio-console-http.entrypoints=web" - "traefik.http.routers.xpeditis-minio-console-http.priority=50" - "traefik.http.routers.xpeditis-minio-console-http.middlewares=xpeditis-minio-console-redirect" - "traefik.http.routers.xpeditis-minio-console-http.service=xpeditis-minio-console" - "traefik.http.middlewares.xpeditis-minio-console-redirect.redirectscheme.scheme=https" - "traefik.http.middlewares.xpeditis-minio-console-redirect.redirectscheme.permanent=true" # Backend API (NestJS) xpeditis-backend: image: rg.fr-par.scw.cloud/weworkstudio/xpeditis-backend:preprod depends_on: - xpeditis-db - xpeditis-redis environment: NODE_ENV: production PORT: "4000" API_PREFIX: api/v1 # Database DATABASE_HOST: xpeditis-db DATABASE_PORT: "5432" DATABASE_USER: xpeditis DATABASE_PASSWORD: 9Lc3M9qoPBeHLKHDXGUf1 DATABASE_NAME: xpeditis_preprod DATABASE_SYNC: "false" DATABASE_LOGGING: "false" # Redis REDIS_HOST: xpeditis-redis REDIS_PORT: "6379" REDIS_PASSWORD: hXiy5GMPswMtxMZujjS2O REDIS_DB: "0" # JWT JWT_SECRET: 4C4tQC8qym/evv4zI5DaUE1yy3kilEnm6lApOGD0GgNBLA0BLm2tVyUr1Lr0mTnV JWT_ACCESS_EXPIRATION: 15m JWT_REFRESH_EXPIRATION: 7d # S3/MinIO AWS_S3_ENDPOINT: http://xpeditis-minio:9000 AWS_REGION: us-east-1 AWS_ACCESS_KEY_ID: minioadmin_preprod_CHANGE_ME AWS_SECRET_ACCESS_KEY: RBJfD0QVXC5JDfAHCwdUW AWS_S3_BUCKET: xpeditis-csv-rates # CORS CORS_ORIGIN: https://app.preprod.xpeditis.com,https://www.preprod.xpeditis.com,https://api.preprod.xpeditis.com # App URLs APP_URL: https://app.preprod.xpeditis.com FRONTEND_URL: https://app.preprod.xpeditis.com API_URL: https://api.preprod.xpeditis.com # Security BCRYPT_ROUNDS: "10" SESSION_TIMEOUT_MS: "7200000" # Rate Limiting RATE_LIMIT_TTL: "60" RATE_LIMIT_MAX: "100" networks: - xpeditis_internal - traefik_network healthcheck: test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:4000/api/v1/health"] interval: 30s timeout: 10s retries: 3 start_period: 60s deploy: restart_policy: condition: any delay: 5s max_attempts: 3 window: 120s labels: - "traefik.enable=true" - "traefik.docker.network=traefik_network" # Backend API - HTTPS - "traefik.http.routers.xpeditis-api.rule=Host(`api.preprod.xpeditis.com`)" - "traefik.http.routers.xpeditis-api.entrypoints=websecure" - "traefik.http.routers.xpeditis-api.tls=true" - "traefik.http.routers.xpeditis-api.tls.certresolver=letsencrypt" - "traefik.http.routers.xpeditis-api.priority=50" - "traefik.http.routers.xpeditis-api.service=xpeditis-api" - "traefik.http.services.xpeditis-api.loadbalancer.server.port=4000" - "traefik.http.routers.xpeditis-api.middlewares=xpeditis-api-headers" # Backend API Headers - "traefik.http.middlewares.xpeditis-api-headers.headers.customRequestHeaders.X-Forwarded-Proto=https" - "traefik.http.middlewares.xpeditis-api-headers.headers.customRequestHeaders.X-Forwarded-For=" - "traefik.http.middlewares.xpeditis-api-headers.headers.customRequestHeaders.X-Real-IP=" # Backend API - HTTP → HTTPS Redirect - "traefik.http.routers.xpeditis-api-http.rule=Host(`api.preprod.xpeditis.com`)" - "traefik.http.routers.xpeditis-api-http.entrypoints=web" - "traefik.http.routers.xpeditis-api-http.priority=50" - "traefik.http.routers.xpeditis-api-http.middlewares=xpeditis-api-redirect" - "traefik.http.routers.xpeditis-api-http.service=xpeditis-api" - "traefik.http.middlewares.xpeditis-api-redirect.redirectscheme.scheme=https" - "traefik.http.middlewares.xpeditis-api-redirect.redirectscheme.permanent=true" # Frontend (Next.js) xpeditis-frontend: image: rg.fr-par.scw.cloud/weworkstudio/xpeditis-frontend:preprod environment: NODE_ENV: production NEXT_PUBLIC_API_URL: https://api.preprod.xpeditis.com NEXT_PUBLIC_WS_URL: wss://api.preprod.xpeditis.com networks: - traefik_network healthcheck: test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000"] interval: 30s timeout: 10s retries: 3 start_period: 40s deploy: restart_policy: condition: any delay: 5s max_attempts: 3 window: 120s labels: - "traefik.enable=true" - "traefik.docker.network=traefik_network" # Frontend - HTTPS - "traefik.http.routers.xpeditis-app.rule=Host(`app.preprod.xpeditis.com`) || Host(`www.preprod.xpeditis.com`)" - "traefik.http.routers.xpeditis-app.entrypoints=websecure" - "traefik.http.routers.xpeditis-app.tls=true" - "traefik.http.routers.xpeditis-app.tls.certresolver=letsencrypt" - "traefik.http.routers.xpeditis-app.priority=50" - "traefik.http.routers.xpeditis-app.service=xpeditis-app" - "traefik.http.services.xpeditis-app.loadbalancer.server.port=3000" - "traefik.http.routers.xpeditis-app.middlewares=xpeditis-app-headers" # Frontend Headers - "traefik.http.middlewares.xpeditis-app-headers.headers.customRequestHeaders.X-Forwarded-Proto=https" - "traefik.http.middlewares.xpeditis-app-headers.headers.customRequestHeaders.X-Forwarded-For=" - "traefik.http.middlewares.xpeditis-app-headers.headers.customRequestHeaders.X-Real-IP=" # Frontend - HTTP → HTTPS Redirect - "traefik.http.routers.xpeditis-app-http.rule=Host(`app.preprod.xpeditis.com`) || Host(`www.preprod.xpeditis.com`)" - "traefik.http.routers.xpeditis-app-http.entrypoints=web" - "traefik.http.routers.xpeditis-app-http.priority=50" - "traefik.http.routers.xpeditis-app-http.middlewares=xpeditis-app-redirect" - "traefik.http.routers.xpeditis-app-http.service=xpeditis-app" - "traefik.http.middlewares.xpeditis-app-redirect.redirectscheme.scheme=https" - "traefik.http.middlewares.xpeditis-app-redirect.redirectscheme.permanent=true" volumes: xpeditis_db_data: xpeditis_redis_data: xpeditis_minio_data: networks: traefik_network: external: true xpeditis_internal: driver: bridge internal: true