services:
  upload:
    build: .
    container_name: upload-service
    restart: unless-stopped
    volumes:
      - upload_data:/data
    env_file:
      - .env
    environment:
      - PORT=8080
      - DB_PATH=/data/upload.db
      - BASE_URL=https://upload.jeffemmett.com
      - INFISICAL_PROJECT_SLUG=upload-service
      - INFISICAL_ENV=prod
      - INFISICAL_URL=http://infisical:8080
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.upload.rule=Host(`upload.jeffemmett.com`)"
      - "traefik.http.routers.upload.entrypoints=web"
      - "traefik.http.middlewares.upload-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.upload.middlewares=upload-headers"
      - "traefik.http.services.upload.loadbalancer.server.port=8080"
      # Disable request buffering for large uploads
      - "traefik.http.middlewares.upload-buffering.buffering.maxRequestBodyBytes=0"
      - "traefik.http.routers.upload.middlewares=upload-headers,upload-buffering"
      - "traefik.docker.network=traefik-public"
    cap_drop:
      - ALL
    security_opt:
      - no-new-privileges:true
    read_only: true
    tmpfs:
      - /tmp
    networks:
      - traefik-public
      - infisical_infisical-internal

volumes:
  upload_data:

networks:
  traefik-public:
    external: true
  infisical_infisical-internal:
    external: true