version: '3.8'

# SSL overlay — adds Nginx reverse proxy + Certbot for Let's Encrypt
# Usage: docker compose -f docker-compose.yml -f docker-compose.ssl.yml up -d

services:
  nginx:
    image: nginx:alpine
    container_name: it0-nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/ssl-params.conf:/etc/nginx/ssl-params.conf:ro
      - certbot_webroot:/var/www/certbot:ro
      - certbot_certs:/etc/letsencrypt:ro
    depends_on:
      - api-gateway
      - web-admin
    networks:
      - it0-network
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "nginx", "-t"]
      interval: 30s
      timeout: 10s
      retries: 3

  certbot:
    image: certbot/certbot
    container_name: it0-certbot
    volumes:
      - certbot_webroot:/var/www/certbot
      - certbot_certs:/etc/letsencrypt
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew --webroot -w /var/www/certbot --quiet; sleep 12h & wait $${!}; done'"
    networks:
      - it0-network
    restart: unless-stopped

volumes:
  certbot_webroot:
  certbot_certs: