version: '3.8'

services:
  nginx-proxy-manager:
    build: .
    container_name: nginx-proxy-manager
    restart: unless-stopped
    ports:
      - "80:80"     # HTTP
      - "443:443"   # HTTPS
      - "3000:3000" # API (can be removed in production)
    volumes:
      # Persistent data
      - ./data:/app/data
      - ./logs:/app/logs
      - ./certs:/app/certs
      # NGINX configurations
      - nginx_configs:/etc/nginx/conf.d
      # Let's Encrypt certificates
      - acme_data:/root/.acme.sh
    environment:
      - NODE_ENV=production
      - PORT=3000
      - DATABASE_PATH=/app/data/proxy_manager.db
      - JWT_SECRET=your-production-jwt-secret-change-this
      - JWT_EXPIRES_IN=24h
      - ADMIN_USERNAME=admin
      - ADMIN_PASSWORD=admin123
      - NGINX_CONFIG_PATH=/etc/nginx/conf.d
      - NGINX_BINARY_PATH=/usr/sbin/nginx
      - SSL_METHOD=acme.sh
      - ACME_SH_PATH=/root/.acme.sh
      - CERTBOT_PATH=/usr/bin/certbot
      - CUSTOM_CERTS_PATH=/app/certs
      - LOG_LEVEL=info
      - LOG_FILE=/app/logs/app.log
      - CORS_ORIGIN=*
    networks:
      - proxy-network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/api/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s

  # Optional: Database backup service
  backup:
    image: alpine:latest
    container_name: nginx-proxy-manager-backup
    restart: unless-stopped
    volumes:
      - ./data:/data
      - ./backups:/backups
    command: >
      sh -c "
        while true; do
          sleep 86400;
          tar -czf /backups/backup-$(date +%Y%m%d-%H%M%S).tar.gz /data;
          find /backups -name '*.tar.gz' -mtime +7 -delete;
        done
      "
    networks:
      - proxy-network

volumes:
  nginx_configs:
  acme_data:

networks:
  proxy-network:
    driver: bridge