replace nginx with existing traefik, split networks.

2025-08-21 07:23:55 -05:00
parent b3662ea35e
commit 3840b627dc
6 changed files with 64 additions and 193 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,66 +1,80 @@
 version: '3.8'

+networks:
+  proxy:
+    external: true
+  turftracker:
+    driver: bridge
+
 services:
  frontend:
    build:
      context: ./frontend
      dockerfile: Dockerfile
-    ports:
-      - "3000:3000"
    environment:
-      - REACT_APP_API_URL=http://localhost:5000
+      - REACT_APP_API_URL=https://turftracker.kaspers.us
    volumes:
      - ./frontend:/app
      - /app/node_modules
    depends_on:
      - backend
+    networks:
+      - proxy
+      - turftracker
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.turftracker-frontend.rule=Host(`turftracker.kaspers.us`)"
+      - "traefik.http.routers.turftracker-frontend.entrypoints=websecure"
+      - "traefik.http.routers.turftracker-frontend.tls.certresolver=letsencrypt"
+      - "traefik.http.services.turftracker-frontend.loadbalancer.server.port=3000"
+      - "traefik.docker.network=proxy"

  backend:
    build:
      context: ./backend
      dockerfile: Dockerfile
-    ports:
-      - "5000:5000"
    environment:
-      - NODE_ENV=development
+      - NODE_ENV=production
      - DB_HOST=db
      - DB_PORT=5432
-      - DB_NAME=turftracker
-      - DB_USER=turftracker
-      - DB_PASSWORD=password123
-      - JWT_SECRET=your-super-secret-jwt-key
+      - DB_NAME=${DB_NAME:-turftracker}
+      - DB_USER=${DB_USER:-turftracker}
+      - DB_PASSWORD=${DB_PASSWORD:-password123}
+      - JWT_SECRET=${JWT_SECRET}
      - AUTHENTIK_CLIENT_ID=${AUTHENTIK_CLIENT_ID:-}
      - AUTHENTIK_CLIENT_SECRET=${AUTHENTIK_CLIENT_SECRET:-}
      - AUTHENTIK_BASE_URL=${AUTHENTIK_BASE_URL:-}
-      - AUTHENTIK_CALLBACK_URL=${AUTHENTIK_CALLBACK_URL:-}
+      - AUTHENTIK_CALLBACK_URL=${AUTHENTIK_CALLBACK_URL:-https://turftracker.kaspers.us/api/auth/authentik/callback}
      - WEATHER_API_KEY=${WEATHER_API_KEY:-}
+      - FRONTEND_URL=https://turftracker.kaspers.us
    volumes:
      - ./backend:/app
      - /app/node_modules
    depends_on:
      - db
+    networks:
+      - proxy
+      - turftracker
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.turftracker-backend.rule=Host(`turftracker.kaspers.us`) && PathPrefix(`/api`)"
+      - "traefik.http.routers.turftracker-backend.entrypoints=websecure"
+      - "traefik.http.routers.turftracker-backend.tls.certresolver=letsencrypt"
+      - "traefik.http.services.turftracker-backend.loadbalancer.server.port=5000"
+      - "traefik.docker.network=proxy"

  db:
    image: postgres:15-alpine
    environment:
-      - POSTGRES_USER=turftracker
-      - POSTGRES_PASSWORD=password123
-      - POSTGRES_DB=turftracker
-    ports:
-      - "5432:5432"
+      - POSTGRES_USER=${DB_USER:-turftracker}
+      - POSTGRES_PASSWORD=${DB_PASSWORD:-password123}
+      - POSTGRES_DB=${DB_NAME:-turftracker}
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - ./database/init.sql:/docker-entrypoint-initdb.d/init.sql
-
-  nginx:
-    image: nginx:alpine
-    ports:
-      - "80:80"
-    volumes:
-      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
-    depends_on:
-      - frontend
-      - backend
+    networks:
+      - turftracker
+    # Database should not be exposed to proxy network for security

 volumes:
  postgres_data: