This commit is contained in:
lekss361 2026-04-25 20:59:26 +03:00
parent 9d95b80b54
commit c8b2cc8152
2 changed files with 36 additions and 9 deletions

View file

@ -1,20 +1,43 @@
# Replace gendesign.example.ru with your actual domain.
# Caddy will auto-issue Let's Encrypt certificate.
# Caddy config.
#
# Two site blocks:
# 1. :80 — handles all HTTP traffic by IP (no domain yet) for development access.
# Returns plain HTTP, no TLS. Will be removed once a domain is bought.
# 2. gendesign.example.ru — production block with auto-TLS via Let's Encrypt.
# Activates only after DNS A-record is set on this domain.
#
# Replace gendesign.example.ru with your actual domain when bought.
gendesign.example.ru {
:80 {
encode zstd gzip
# Frontend (Next.js)
handle {
reverse_proxy frontend:3000
}
# Backend API
handle_path /api/* {
reverse_proxy backend:8000
}
handle_path /health {
handle /health {
reverse_proxy backend:8000
}
# Frontend (Next.js) — catches everything else
handle {
reverse_proxy frontend:3000
}
}
gendesign.example.ru {
encode zstd gzip
handle_path /api/* {
reverse_proxy backend:8000
}
handle /health {
reverse_proxy backend:8000
}
handle {
reverse_proxy frontend:3000
}
}

View file

@ -18,6 +18,10 @@ services:
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
# Bind to 127.0.0.1 only — accessible from host (for SSH tunnel) but not from public internet.
# UFW additionally blocks 5432 from outside.
ports:
- "127.0.0.1:5432:5432"
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck: