version: "2.4"
services:
  reverse-proxy:
    image: bitnami/nginx:1.23.3-debian-11-r30
    user: ${REVERSE_PROXY_CONTAINER_USER}
    group_add:
      - ${REVERSE_PROXY_CONTAINER_GROUP}
    ports:
      # Purposely omit port 80 in order to run ACME clients standalone.
      - "443:8443"
    volumes:
      - ${NGINX_CONF}:/opt/bitnami/nginx/conf/server_blocks/vhost.conf:ro
      # The web service may run on a separate subdomain from the auth service
      - ${WEB_CERT}:/opt/bitnami/nginx/conf/web-cert.pem:ro
      - ${WEB_KEY}:/opt/bitnami/nginx/conf/web-key.pem:ro
      # When using letsencrypt, symlinks may go up a directory, mount whole dir
      - /etc/letsencrypt:/etc/letsencrypt:ro
      # Expose the currently deployed version id
      - ${DEPLOYED_VERSION_FILE}:/app/software-version:ro
    depends_on:
      web:
        condition: service_healthy
      database:
        condition: service_healthy
    logging:
      driver: journald
  web:
    image: ghcr.io/philanthropydatacommons/service:20240329-8970f6f
    user: ${WEB_CONTAINER_USER}
    environment:
      - HOST=0.0.0.0
      - PORT=3000
      - PGHOST=database
      - PGUSER=${PG_USER}
      - PGPASSWORD=${PG_PASS}
      - PGDATABASE=${PG_DB}
      - PGPORT=${PG_PORT}
      - AUTH_SERVER_ISSUER=${AUTH_SERVER_ISSUER}
      - OPENAPI_DOCS_AUTH_CLIENT_ID=${OPENAPI_DOCS_AUTH_CLIENT_ID}
      - S3_ACCESS_KEY_ID=${S3_ACCESS_KEY_ID}
      - S3_ACCESS_SECRET=${S3_ACCESS_SECRET}
      - S3_ENDPOINT=${S3_ENDPOINT}
      - S3_PATH_STYLE=${S3_PATH_STYLE}
      - S3_REGION=${S3_REGION}
      - S3_BUCKET=${S3_BUCKET}
    healthcheck:
      test: ["CMD", "curl", "--fail", "http://web:3000"]
      interval: 10s
    depends_on:
      database:
        condition: service_healthy
    logging:
      driver: journald
  database:
    image: bitnami/postgresql:14.8.0-debian-11-r15
    user: ${DATABASE_CONTAINER_USER}
    # For local development it can be useful to expose `ports: 5432:${PG_PORT}`.
    volumes:
      - ${PG_DATA}:/bitnami/postgresql
      # In order for psql to use an arbitrary user above:
      - /etc/passwd:/etc/passwd:ro
      # In order for psql to save command history:
      - ${PG_DATA}:/var/lib/postgresql
      # In order to extend/override configuration while keeping a generated one:
      - ${PG_DATA}/conf/conf.d:/bitnami/postgresql/conf/conf.d:ro
    environment:
      - POSTGRESQL_USERNAME=${PG_USER}
      - POSTGRESQL_PASSWORD=${PG_PASS}
      - POSTGRESQL_DATABASE=${PG_DB}
      - POSTGRESQL_PORT_NUMBER=${PG_PORT}
      - POSTGRESQL_POSTGRES_PASSWORD=${PG_POSTGRES_PASS}
    healthcheck:
      test: ["CMD", "pg_isready", "-q",
             "-d", "${PG_DB}",
             "-U", "${PG_USER}",
             "-p", "${PG_PORT}"]
      interval: 7s
    logging:
      driver: journald