Add production Docker Compose and nginx config

- docker-compose-production.yml: Production deployment configuration - nginx.conf: Reverse proxy configuration 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-03 11:25:57 +01:00 · 2025-12-03 11:25:57 +01:00 · dd8a53e657
parent 21364221c8
commit dd8a53e657
2 changed files with 62 additions and 0 deletions
--- a/docker-compose-production.yml
+++ b/docker-compose-production.yml
@ -0,0 +1,41 @@
+services:
+  db:
+    image: postgres:16-alpine
+    container_name: orchestrator-db
+    environment:
+      POSTGRES_USER: orchestrator
+      POSTGRES_PASSWORD: orchestrator
+      POSTGRES_DB: orchestrator
+    ports:
+      - "5433:5432"  # OK to leave; remove if you don't need host access
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U orchestrator -d orchestrator"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+  api:
+    build: .
+    container_name: orchestrator-api
+    restart: unless-stopped
+    # Bind only to localhost, and use 8100 externally
+    ports:
+      - "127.0.0.1:8100:8000"
+    environment:
+      DATABASE_URL: postgresql+asyncpg://orchestrator:orchestrator@db:5432/orchestrator
+      DEBUG: "false"  # set false in prod
+      APP_NAME: "LetsBe Orchestrator"
+      # optionally, if your app supports it:
+      # BASE_URL: https://orchestrator.example.com
+    depends_on:
+      db:
+        condition: service_healthy
+    volumes:
+      - ./app:/app/app
+      - ./alembic:/app/alembic
+    command: uvicorn app.main:app --host 0.0.0.0 --port 8000
+
+volumes:
+  postgres_data:
--- a/nginx.conf
+++ b/nginx.conf
@ -0,0 +1,21 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name orchestrator.yourdomain.com;
+
+    # Allow Certbot challenges
+    location ^~ /.well-known/acme-challenge/ {
+        root /var/www/certbot;   # Use your existing certbot webroot
+        allow all;
+    }
+
+    # Everything else goes to the orchestrator backend (HTTP only for now)
+    location / {
+        proxy_pass http://127.0.0.1:8100;
+        proxy_set_header Host              $host;
+        proxy_set_header X-Real-IP         $remote_addr;
+        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}