2025SELab2-project-Dwengo/compose.prod.yml

#
# This file is used to define the production environment for the project.
# It is used to deploy the project on a server.
# Should not be used for local development.
#
services:
    web:
        build:
            context: .
            dockerfile: frontend/Dockerfile
        restart: unless-stopped
        networks:
            - dwengo-1
        labels:
            - 'traefik.enable=true'
            - 'traefik.http.routers.web.rule=PathPrefix(`/`)'
            - 'traefik.http.services.web.loadbalancer.server.port=8080'

    api:
        build:
            context: .
            dockerfile: backend/Dockerfile
        restart: unless-stopped
        volumes:
            # TODO Replace with environment keys
            - ./backend/.env:/app/.env
        depends_on:
            - db
            - logging
        networks:
            - dwengo-1
        labels:
            - 'traefik.enable=true'
            - 'traefik.http.routers.api.rule=PathPrefix(`/api`)'
            - 'traefik.http.services.api.loadbalancer.server.port=3000'

    db:
        # Also see compose.yml
        networks:
            - dwengo-1

    idp:
        # Also see compose.yml
        # TODO Replace with proper production command
        command: ['start-dev', '--http-port', '7080', '--https-port', '7443', '--import-realm']
        networks:
            - dwengo-1
        labels:
            - 'traefik.enable=true'
            - 'traefik.http.routers.idp.rule=PathPrefix(`/idp`)'
            - 'traefik.http.services.idp.loadbalancer.server.port=7080'
        env_file:
            -   ./config/idp/.env
        environment:
            KC_HOSTNAME: 'sel2-1.ugent.be'
            PROXY_ADDRESS_FORWARDING: 'true'
            KC_HTTP_RELATIVE_PATH: '/idp'

    reverse-proxy:
        image: traefik:v3.3
        ports:
            - '80:80/tcp'
            - '443:443/tcp'
        command:
            # Add Docker provider
            - "--providers.docker=true"
            - "--providers.docker.exposedbydefault=false"

            # Add web entrypoint
            - "--entrypoints.web.address=:80/tcp"
            - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
            - "--entrypoints.web.http.redirections.entryPoint.scheme=https"

            # Add websecure entrypoint
            - "--entrypoints.websecure.address=:443/tcp"
            - "--entrypoints.websecure.http.tls=true"
            - "--entrypoints.websecure.http.tls.certResolver=letsencrypt"
            - "--entrypoints.websecure.http.tls.domains[0].main=sel2-1.ugent.be"

            # Certificates
            - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
            - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
            - "--certificatesresolvers.letsencrypt.acme.email=timo.demeyst@ugent.be"
            - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
        restart: unless-stopped
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock:ro
            - dwengo_letsencrypt:/letsencrypt
        networks:
            - dwengo-1

    logging:
        # Also see compose.yml
        networks:
            - dwengo-1

    dashboards:
        image: grafana/grafana:latest
        ports:
            - '9002:3000'
        restart: unless-stopped
        volumes:
            - dwengo_grafana_data:/var/lib/grafana

volumes:
    dwengo_grafana_data:
    dwengo_letsencrypt:

networks:
    dwengo-1: