services: # --- INFRASTRUCTURE --- postgres: image: postgres:16-alpine container_name: veza_postgres_prod restart: unless-stopped environment: POSTGRES_USER: veza POSTGRES_PASSWORD: ${DB_PASSWORD:-password} POSTGRES_DB: veza volumes: - postgres_prod_data:/var/lib/postgresql/data healthcheck: test: [ "CMD-SHELL", "pg_isready -U veza" ] interval: 10s timeout: 5s retries: 5 redis: image: redis:7-alpine container_name: veza_redis_prod restart: unless-stopped command: redis-server --save 60 1 --loglevel warning volumes: - redis_prod_data:/data healthcheck: test: [ "CMD", "redis-cli", "ping" ] interval: 10s rabbitmq: image: rabbitmq:3-management-alpine container_name: veza_rabbitmq_prod restart: unless-stopped environment: RABBITMQ_DEFAULT_USER: veza RABBITMQ_DEFAULT_PASS: ${RABBITMQ_PASSWORD:-password} volumes: - rabbitmq_prod_data:/var/lib/rabbitmq healthcheck: test: rabbitmq-diagnostics -q ping interval: 20s clamav: image: clamav/clamav:latest container_name: veza_clamav_prod restart: unless-stopped deploy: resources: limits: memory: 2G # ClamAV requires significant RAM for virus databases # --- APPLICATION SERVICES --- backend: build: context: ./veza-backend-api dockerfile: Dockerfile.production container_name: veza_backend_prod restart: unless-stopped environment: - APP_ENV=production - DB_HOST=postgres - DB_PORT=5432 - DB_USER=veza - DB_PASSWORD=${DB_PASSWORD:-password} - DB_NAME=veza - REDIS_URL=redis:6379 - RABBITMQ_URL=amqp://veza:${RABBITMQ_PASSWORD:-password}@rabbitmq:5672/%2f - JWT_SECRET=${JWT_SECRET} - ENABLE_CLAMAV=true - CLAMAV_ADDRESS=clamav:3310 - CLAMAV_REQUIRED=true - LOG_DIR=/var/log/veza - LOG_LEVEL=INFO # Cookie Security Settings (Production) - COOKIE_SECURE=true # true en production (HTTPS requis) - COOKIE_SAME_SITE=strict # strict pour sécurité maximale - COOKIE_DOMAIN=${COOKIE_DOMAIN:-} # Optionnel: ex. ".veza.app" pour sous-domaines - COOKIE_HTTP_ONLY=true # Toujours true pour refresh_token - COOKIE_PATH=/ - CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGINS:-https://app.veza.app} volumes: - veza_logs:/var/log/veza depends_on: postgres: condition: service_healthy redis: condition: service_healthy rabbitmq: condition: service_healthy clamav: condition: service_started ports: - "8080:8080" chat: build: context: ./veza-chat-server dockerfile: Dockerfile.production container_name: veza_chat_prod restart: unless-stopped environment: - APP_ENV=production - DATABASE_URL=postgres://veza:${DB_PASSWORD:-password}@postgres:5432/veza - REDIS_URL=redis://redis:6379 - LOG_DIR=/var/log/veza - LOG_LEVEL=INFO volumes: - veza_logs:/var/log/veza depends_on: postgres: condition: service_healthy ports: - "8081:8081" stream: build: context: ./veza-stream-server dockerfile: Dockerfile.production container_name: veza_stream_prod restart: unless-stopped environment: - APP_ENV=production - DATABASE_URL=postgres://veza:${DB_PASSWORD:-password}@postgres:5432/veza - RABBITMQ_URL=amqp://veza:${RABBITMQ_PASSWORD:-password}@rabbitmq:5672/%2f - LOG_DIR=/var/log/veza - LOG_LEVEL=INFO volumes: - veza_logs:/var/log/veza depends_on: postgres: condition: service_healthy rabbitmq: condition: service_healthy ports: - "8082:8082" frontend: build: context: ./apps/web dockerfile: Dockerfile.production container_name: veza_frontend_prod restart: unless-stopped environment: - VITE_API_URL=http://localhost:8080/api/v1 ports: - "3000:80" depends_on: - backend volumes: postgres_prod_data: redis_prod_data: rabbitmq_prod_data: veza_logs: