michaelschiemer/docker-compose.production-base.yml

# Production Base Docker Compose Configuration
# This file is identical to docker-compose.base.yml but WITHOUT build sections
# Use with docker-compose.production.yml for production deployments
#
# Usage:
#   Production: docker-compose -f docker-compose.production-base.yml -f docker-compose.production.yml up

services:
  web:
    # Build section removed for production - use pre-built images from registry
    healthcheck:
      test: ["CMD", "nc", "-z", "127.0.0.1", "443"]
      interval: 30s
      timeout: 10s
      retries: 3
    depends_on:
      php:
        condition: service_started
    networks:
      - frontend
      - backend

  php:
    # Build section removed for production - use pre-built images from registry
    healthcheck:
      test: [ "CMD", "php", "-v" ]
      interval: 30s
      timeout: 10s
      retries: 3
    networks:
      - backend
      - cache
    volumes:
      # Shared Volume für Composer-Cache über Container-Neustarts hinweg
      - composer-cache:/root/.composer/cache
      # Persistent volumes for queue and logs
      - storage-queue:/var/www/html/storage/queue:rw
      - var-data:/var/www/html/var/logs:rw
    tmpfs:
      # tmpfs for cache and runtime directories (RAM-based, faster I/O)
      - /var/www/html/storage/cache
      - /var/www/html/storage/discovery
      - /var/www/html/var/cache
      - /tmp

  php-test:
    # Build section removed for production - use pre-built images from registry
    user: "1000:1000"
    profiles:
      - test
    volumes:
      - composer-cache:/home/appuser/.composer/cache
      # Persistent volumes for queue and logs
      - storage-queue:/var/www/html/storage/queue:rw
      - var-data:/var/www/html/var/logs:rw
    tmpfs:
      # tmpfs for cache and runtime directories (RAM-based, faster I/O)
      - /var/www/html/storage/cache
      - /var/www/html/storage/discovery
      - /var/www/html/var/cache
      - /tmp
    environment:
      APP_ENV: testing
      APP_DEBUG: true
      DB_HOST: postgres  # External PostgreSQL Stack service
      REDIS_HOST: redis
    networks:
      - backend
      - cache
    entrypoint: []
    command: ["php", "-v"]

  # Database service removed - all environments use external PostgreSQL Stack
  # Local: deployment/stacks/postgresql/
  # Staging: deployment/stacks/postgresql/
  # Production: deployment/stacks/postgresql/

  redis:
    image: redis:7-alpine
    volumes:
      - "${REDIS_CONFIG_PATH:-./docker/redis/redis.conf}:/usr/local/etc/redis/redis.conf:ro"
      - redis_data:/data
    command: ["redis-server", "/usr/local/etc/redis/redis.conf"]
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 30s
      timeout: 5s
      retries: 3
      start_period: 30s
    networks:
      - cache

  queue-worker:
    # Build section removed for production - use pre-built images from registry
    entrypoint: ""  # Override any entrypoint
    command: ["php", "/var/www/html/worker.php"]  # Direct command execution
    depends_on:
      php:
        condition: service_healthy
      redis:
        condition: service_healthy
      # Note: PostgreSQL is external service, connection via app-internal network
    volumes:
      # Use same storage volumes as PHP container for consistency
      # Persistent volumes for queue and logs
      - storage-queue:/var/www/html/storage/queue:rw
      - var-data:/var/www/html/var/logs:rw
    tmpfs:
      # tmpfs for cache and runtime directories (RAM-based, faster I/O)
      - /var/www/html/storage/cache
      - /var/www/html/storage/discovery
      - /var/www/html/var/cache
      - /tmp
    networks:
      - backend
      - cache
    # Graceful shutdown timeout
    stop_grace_period: 30s

  minio:
    image: minio/minio:latest
    environment:
      - TZ=Europe/Berlin
      # SECURITY: MINIO credentials must be set explicitly (no hardcoded fallback)
      # Set MINIO_ROOT_USER and MINIO_ROOT_PASSWORD in .env.local for local development
      # Use Docker Secrets in production/staging for production deployments
      - MINIO_ROOT_USER=${MINIO_ROOT_USER}
      - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD}
    command: server /data --console-address ":9001"
    volumes:
      - minio_data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 10s
    networks:
      - backend

networks:
  frontend:
    driver: bridge
  backend:
    driver: bridge
  cache:
    driver: bridge

volumes:
  redis_data:
  composer-cache:
  storage-queue:      # Queue-Verzeichnis (Performance-kritisch, persistent)
  var-data:           # Runtime logs (persistent)
  db_data:
  project-data:
  worker-logs:
  worker-queue:
  worker-storage:  # Complete separate storage for worker with correct permissions
  minio_data:      # MinIO object storage data

# Docker Secrets Configuration
# Secrets are defined here but activated in environment-specific override files
secrets:
  db_root_password:
    file: ./secrets/db_root_password.txt
    external: false
  db_user_password:
    file: ./secrets/db_user_password.txt
    external: false
  redis_password:
    file: ./secrets/redis_password.txt
    external: false
  app_key:
    file: ./secrets/app_key.txt
    external: false
  vault_encryption_key:
    file: ./secrets/vault_encryption_key.txt
    external: false
  git_token:
    file: ./secrets/git_token.txt
    external: false