version: "3.8"

# Add this file to extend the docker-compose setup, e.g.:
# docker-compose -f docker-compose-prod.yml --env-file .env.prod build --no-cache
# docker-compose -f docker-compose-prod.yml --env-file .env.prod up -d --build --force-recreate

services:
  app_prod:
    build:
      context: .
    environment:
      DB_HOST: postgres_prod
      DB_NAME: ${DOCKER_COMPOSE_POSTGRES_PROD_DB:?}
      DB_PASS: ${DOCKER_COMPOSE_POSTGRES_PROD_PASSWORD:?}
      DB_PORT: ${DOCKER_COMPOSE_POSTGRES_PROD_PORT:-5432}
      DB_TYPE: "postgres"
      DB_USER: ${DOCKER_COMPOSE_POSTGRES_PROD_USER:?}
    ports:
      - "${DOCKER_COMPOSE_APP_PROD_PORT_PUBLISHED:-9001}:${DOCKER_COMPOSE_APP_PROD_PORT_TARGET:-9001}"
      
  # If you do not have another postgres database service in this docker-compose, you can add this postgres service.
  # Note: Please use other credentials when using this in production.
  postgres_prod:
    image: postgres:12-alpine
    # Pass config parameters to the postgres server.
    # Find more information below when you need to generate the ssl-relevant file your self
    command: -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key
    environment:
      PGDATA: /var/lib/postgresql/data/pgdata
      POSTGRES_DB: ${DOCKER_COMPOSE_POSTGRES_PROD_DB:?}
      POSTGRES_PASSWORD: ${DOCKER_COMPOSE_POSTGRES_PROD_PASSWORD:?}
      POSTGRES_PORT: ${DOCKER_COMPOSE_POSTGRES_PROD_PORT:-5432}
      POSTGRES_USER: ${DOCKER_COMPOSE_POSTGRES_PROD_USER:?}
    volumes:
      # To setup an ssl-enabled postgres server locally, you need to generate a self-signed ssl certificate.
      #   ```bash
      #   mkdir -p ./ca
      #   openssl req -new -text -passout pass:abcd -subj /CN=localhost -out ./ca/server.req -keyout ./ca/privkey.pem
      #   openssl rsa -in ./ca/privkey.pem -passin pass:abcd -out ./ca/server.key
      #   openssl req -x509 -in ./ca/server.req -text -key ./ca/server.key -out ./ca/server.crt
      #   chmod 600 ./ca/server.key
      #   test $(uname -s) = Linux && chown 70 ./ca/server.key
      #   ```
      # 
      # Afterwards, the ssl_cert_file and ssl_key_file are mounted into the docker container, see below
      - ./ca/server.crt:/var/lib/postgresql/server.crt
      - ./ca/server.key:/var/lib/postgresql/server.key
      - postgres_prod_data:/var/lib/postgresql/data/pgdata

volumes:
  postgres_prod_data: