Mikkel Georgsen
3c09e27287
- Add Caddyfile with self-signed TLS for local development - Configure reverse_proxy to FastAPI on localhost:8000 - Add security headers (HSTS, X-Content-Type-Options, X-Frame-Options) - Enable HTTP to HTTPS redirect on port 80 - Add Caddy service to docker-compose.yml with host networking - Configure admin API on localhost:2019 for future route management
42 lines
971 B
YAML
42 lines
971 B
YAML
services:
|
|
postgres:
|
|
image: postgres:16-alpine
|
|
container_name: debate-postgres
|
|
environment:
|
|
POSTGRES_USER: debate
|
|
POSTGRES_PASSWORD: debate_dev
|
|
POSTGRES_DB: debate
|
|
ports:
|
|
- "5433:5432"
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U debate -d debate"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
start_period: 10s
|
|
restart: unless-stopped
|
|
|
|
caddy:
|
|
image: caddy:2-alpine
|
|
container_name: debate-caddy
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "127.0.0.1:2019:2019" # Admin API (localhost only)
|
|
volumes:
|
|
- ./Caddyfile:/etc/caddy/Caddyfile:ro
|
|
- caddy_data:/data
|
|
- caddy_config:/config
|
|
- caddy_logs:/var/log/caddy
|
|
network_mode: host # To reach localhost:8000
|
|
depends_on:
|
|
- postgres
|
|
|
|
volumes:
|
|
postgres_data:
|
|
caddy_data:
|
|
caddy_config:
|
|
caddy_logs:
|