# EncryptID Docker Compose # Deploy with: docker compose -f docker-compose.encryptid.yml up -d services: encryptid: build: context: .. dockerfile: rspace-online/Dockerfile.encryptid container_name: encryptid restart: unless-stopped depends_on: encryptid-db: condition: service_healthy environment: - NODE_ENV=production - PORT=3000 - JWT_SECRET=${JWT_SECRET} - DATABASE_URL=postgres://encryptid:${ENCRYPTID_DB_PASSWORD}@encryptid-db:5432/encryptid - SMTP_HOST=${SMTP_HOST:-mx.jeffemmett.com} - SMTP_PORT=${SMTP_PORT:-587} - SMTP_USER=${SMTP_USER:-noreply@jeffemmett.com} - SMTP_PASS=${SMTP_PASS} - SMTP_FROM=${SMTP_FROM:-EncryptID } - RECOVERY_URL=${RECOVERY_URL:-https://encryptid.jeffemmett.com/recover} labels: # Traefik auto-discovery - "traefik.enable=true" - "traefik.http.routers.encryptid.rule=Host(`encryptid.jeffemmett.com`)" - "traefik.http.routers.encryptid.entrypoints=web" - "traefik.http.services.encryptid.loadbalancer.server.port=3000" # Also serve from root domain for .well-known - "traefik.http.routers.encryptid-wellknown.rule=Host(`jeffemmett.com`) && PathPrefix(`/.well-known/webauthn`)" - "traefik.http.routers.encryptid-wellknown.entrypoints=web" networks: - traefik-public - encryptid-internal healthcheck: test: ["CMD", "bun", "-e", "fetch('http://localhost:3000/health').then(r => r.json()).then(d => process.exit(d.database ? 0 : 1)).catch(() => process.exit(1))"] interval: 30s timeout: 10s retries: 3 start_period: 15s encryptid-db: image: postgres:16-alpine container_name: encryptid-db restart: unless-stopped environment: - POSTGRES_DB=encryptid - POSTGRES_USER=encryptid - POSTGRES_PASSWORD=${ENCRYPTID_DB_PASSWORD} volumes: - encryptid-pgdata:/var/lib/postgresql/data networks: - encryptid-internal healthcheck: test: ["CMD-SHELL", "pg_isready -U encryptid -d encryptid"] interval: 10s timeout: 5s retries: 5 start_period: 10s volumes: encryptid-pgdata: networks: traefik-public: external: true encryptid-internal: driver: bridge