soroush.asadi
88a9f96108
All hardcoded passwords/keys replaced with env vars so .env controls everything in both dev and production: - DB_PASSWORD, DB_CONNECTION_STRING, JWT_KEY - CORS_ORIGIN_*, ASPNETCORE_ENVIRONMENT - All ZarinPal/Kavenegar/Snappfood secrets New files for tomorrow's domain setup: - Caddyfile → routes all subdomains with auto TLS - docker-compose.caddy.yml → adds Caddy service to the stack .env.example now has clear TODAY (IP) vs TOMORROW (domain) sections. Fixed hardcoded ZarinPal MerchantId in docker-compose.full.yml. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
48 lines
1.1 KiB
YAML
48 lines
1.1 KiB
YAML
# Caddy reverse proxy overlay — use when you have a domain + DNS pointing at this server.
|
|
#
|
|
# Usage:
|
|
# docker compose \
|
|
# -f docker-compose.yml \
|
|
# -f docker-compose.admin.yml \
|
|
# -f docker-compose.caddy.yml \
|
|
# up -d
|
|
#
|
|
# Required in .env:
|
|
# DOMAIN=meezi.ir
|
|
# ACME_EMAIL=you@example.com
|
|
#
|
|
# After adding this, update .env URLs from http://IP:PORT to https://subdomain.DOMAIN
|
|
# and re-run CI (Next.js bakes NEXT_PUBLIC_* at build time → rebuild required).
|
|
#
|
|
# Firewall: open 80 + 443, keep 3101/3102/3103/5080/5081 blocked from internet.
|
|
|
|
services:
|
|
caddy:
|
|
image: caddy:2-alpine
|
|
container_name: meezi-caddy
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "443:443/udp" # HTTP/3
|
|
volumes:
|
|
- ./Caddyfile:/etc/caddy/Caddyfile:ro
|
|
- caddy_data:/data
|
|
- caddy_config:/config
|
|
environment:
|
|
DOMAIN: "${DOMAIN}"
|
|
ACME_EMAIL: "${ACME_EMAIL}"
|
|
depends_on:
|
|
- api
|
|
- web
|
|
- website
|
|
- finder
|
|
- admin-api
|
|
- admin-web
|
|
|
|
volumes:
|
|
caddy_data:
|
|
name: meezi-caddy-data
|
|
caddy_config:
|
|
name: meezi-caddy-config
|