From dd8a53e657402b2ff9c3fdc76a7ba5dea8e7b280 Mon Sep 17 00:00:00 2001
From: Matt <matt@letsbe.solutions>
Date: Wed, 3 Dec 2025 11:25:57 +0100
Subject: [PATCH] Add production Docker Compose and nginx config
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- docker-compose-production.yml: Production deployment configuration
- nginx.conf: Reverse proxy configuration

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 docker-compose-production.yml | 41 +++++++++++++++++++++++++++++++++++
 nginx.conf                    | 21 ++++++++++++++++++
 2 files changed, 62 insertions(+)
 create mode 100644 docker-compose-production.yml
 create mode 100644 nginx.conf

diff --git a/docker-compose-production.yml b/docker-compose-production.yml
new file mode 100644
index 0000000..4cb326a
--- /dev/null
+++ b/docker-compose-production.yml
@@ -0,0 +1,41 @@
+services:
+  db:
+    image: postgres:16-alpine
+    container_name: orchestrator-db
+    environment:
+      POSTGRES_USER: orchestrator
+      POSTGRES_PASSWORD: orchestrator
+      POSTGRES_DB: orchestrator
+    ports:
+      - "5433:5432"  # OK to leave; remove if you don't need host access
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U orchestrator -d orchestrator"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  api:
+    build: .
+    container_name: orchestrator-api
+    restart: unless-stopped
+    # Bind only to localhost, and use 8100 externally
+    ports:
+      - "127.0.0.1:8100:8000"
+    environment:
+      DATABASE_URL: postgresql+asyncpg://orchestrator:orchestrator@db:5432/orchestrator
+      DEBUG: "false"  # set false in prod
+      APP_NAME: "LetsBe Orchestrator"
+      # optionally, if your app supports it:
+      # BASE_URL: https://orchestrator.example.com
+    depends_on:
+      db:
+        condition: service_healthy
+    volumes:
+      - ./app:/app/app
+      - ./alembic:/app/alembic
+    command: uvicorn app.main:app --host 0.0.0.0 --port 8000
+
+volumes:
+  postgres_data:
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..b2d38b4
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,21 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name orchestrator.yourdomain.com;
+
+    # Allow Certbot challenges
+    location ^~ /.well-known/acme-challenge/ {
+        root /var/www/certbot;   # Use your existing certbot webroot
+        allow all;
+    }
+
+    # Everything else goes to the orchestrator backend (HTTP only for now)
+    location / {
+        proxy_pass http://127.0.0.1:8100;
+        proxy_set_header Host              $host;
+        proxy_set_header X-Real-IP         $remote_addr;
+        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}