# EncryptID Docker Compose
# Deploy with: docker compose -f docker-compose.encryptid.yml up -d

services:
  encryptid:
    build:
      context: .
      dockerfile: Dockerfile.encryptid
    container_name: encryptid
    restart: unless-stopped
    environment:
      - NODE_ENV=production
      - PORT=3000
      - JWT_SECRET=${JWT_SECRET:-change-this-in-production}
    labels:
      # Traefik auto-discovery
      - "traefik.enable=true"
      - "traefik.http.routers.encryptid.rule=Host(`encryptid.jeffemmett.com`)"
      - "traefik.http.routers.encryptid.entrypoints=websecure"
      - "traefik.http.routers.encryptid.tls=true"
      - "traefik.http.services.encryptid.loadbalancer.server.port=3000"
      # Also serve from root domain for .well-known
      - "traefik.http.routers.encryptid-wellknown.rule=Host(`jeffemmett.com`) && PathPrefix(`/.well-known/webauthn`)"
      - "traefik.http.routers.encryptid-wellknown.entrypoints=websecure"
      - "traefik.http.routers.encryptid-wellknown.tls=true"
    networks:
      - traefik-public
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 10s

networks:
  traefik-public:
    external: true