production.yml

version: '3.9'

volumes:
  production_postgres_data: {}
  production_postgres_data_backups: {}
  new_prod_media: {}
  # prod_media:
  #   external: true
  #   name: prod_media

services:
  django: &django
    build:
      context: .
      dockerfile: ./compose/production/django/Dockerfile
    image: app_production_django
    depends_on:
      - postgres
      - redis
    env_file:
      - ./.envs/.production/.django
      - ./.envs/.production/.postgres
    command: /start
    networks:
      - front
      - back
    restart: unless-stopped
    expose:
      - 5000
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.django.priority=10"
      # Asociates router with your specific domain or subdomain and websecure (https)
      - "traefik.http.routers.django.rule=Host(`${DOMAIN}`) || Host(`www.${DOMAIN}`)"
      - "traefik.http.routers.django.entrypoints=websecure"
      # Enables tls
      - "traefik.http.routers.django.tls=true"
      # Asociation with resolver (see static.yml file)
      - "traefik.http.routers.django.tls.certresolver=letsencrypt"
      # add security middleware
      - "traefik.http.routers.django.middlewares=custom-redirect@file,security-headers,gzip"
      # Set default options (see dynamic.yaml for this)
      - "traefik.http.routers.django.tls.options=default"
      # loadbalancer
      - "traefik.http.services.django.loadbalancer.server.port=5000"
      - "traefik.docker.network=front"

    volumes:
      # - prod_media:/app/app/media:z
      - new_prod_media:/app/app/media:z
      # - ./app/media:/app/app/media:z

  postgres:
    build:
      context: .
      dockerfile: ./compose/production/postgres/Dockerfile
    image: app_production_postgres
    volumes:
      - production_postgres_data:/var/lib/postgresql/data:Z
      - production_postgres_data_backups:/backups:z
    env_file:
      - ./.envs/.production/.postgres
    networks:
      - back
    restart: unless-stopped
    labels:
      - traefik.enable=false

  redis:
    image: redis:5.0
    networks:
      - back
    labels:
      - traefik.enable=false

  celeryworker:
    <<: *django
    image: app_production_celeryworker
    command: /start-celeryworker
    networks:
      - back
    labels:
      - traefik.enable=false

  celerybeat:
    <<: *django
    image: app_production_celerybeat
    command: /start-celerybeat
    networks:
      - back
    labels:
      - traefik.enable=false

  flower:
    <<: *django
    image: app_production_flower
    command: /start-flower
    networks:
      - front
      - back
    labels:
      - "traefik.enable=true"
      # - "traefik.http.routers.flower.priority=20"
      # Asociates router with your specific domain or subdomain and websecure (https)
      # - "traefik.http.routers.flower.rule=Host(`flower.${DOMAIN}`)"
      # - "traefik.http.routers.flower.entrypoints=websecure"
      # Asociates flower router with your specific port (https)
      - "traefik.http.routers.flower.rule=Host(`${DOMAIN}`)"
      - "traefik.http.routers.flower.entrypoints=flower"
      # Enables tls
      - "traefik.http.routers.flower.tls=true"
      # Asociation with resolver (see static.yml file)
      - "traefik.http.routers.flower.tls.certresolver=letsencrypt"
      # add security middleware
      - "traefik.http.routers.flower.middlewares=security-headers"
      # Set default options (see dynamic.yaml for this)
      - "traefik.http.routers.flower.tls.options=default"
      # loadbalancer
      - "traefik.http.services.flower.loadbalancer.server.port=5555"
      - "traefik.docker.network=front"
    expose:
      - 5555

  nginx:
    image: nginx:1.20-alpine
    container_name: prod_media_nginx
    volumes:
      # - prod_media:/usr/share/nginx/media:z
      - new_prod_media:/usr/share/nginx/media
      # - ./app/media:/usr/share/nginx/media
      - ./compose/production/nginx:/etc/nginx/conf.d
      # - ./log/nginx:/var/log/nginx
    expose:
      - 80
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=front"
      - "traefik.http.routers.nginx.priority=70"

      - "traefik.http.routers.nginx.rule=(Host(`${DOMAIN}`) || Host(`www.${DOMAIN}`)) && PathPrefix(`/media`)"
      # - "traefik.http.routers.nginx.rule=PathPrefix(`/media`)"
      - "traefik.http.routers.nginx.entrypoints=websecure"
      - "traefik.http.routers.nginx.tls=true"
      - "traefik.http.routers.nginx.tls.certresolver=letsencrypt"
      - "traefik.http.routers.nginx.middlewares=custom-redirect@file,security-headers,gzip"
      - "traefik.http.routers.nginx.tls.options=default"
      - "traefik.http.services.nginx.loadbalancer.server.port=80"

    restart: unless-stopped
    depends_on:
      - django
    networks:
      - front

networks:
  front:
    external:
      name: front
  back:
    name: back