ecb930e5f9
Standalone production compose file (not an overlay) that runs the full stack on a single host. Environment isolation is achieved via the docker compose project name (-p archiv-production / -p archiv-staging) so the two environments cohabit cleanly. Key choices, resolved in #497 review: - Named volumes for persistent data (no host bind mounts) - MinIO pinned to a specific RELEASE tag (no :latest) - Backend uses MinIO service account (S3_ACCESS_KEY=archiv-app), not root credentials; create-buckets bootstraps the account - Mailpit lives under profiles: [staging] so no real SMTP secret is ever wired into the staging deploy - OCR mem_limit 12g + healthcheck (start_period 120s) copied from the dev compose so docker compose up -d --wait works in CI - Backend admin credentials wired through APP_ADMIN_USERNAME / APP_ADMIN_PASSWORD; first deploy locks the password in permanently because UserDataInitializer is idempotent on email - All host ports bound to 127.0.0.1; Caddy fronts external traffic Refs #497. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
7.2 KiB
7.2 KiB