# 星枢终端 Docker Compose 配置
# 3 容器部署：frontend + backend + remote-gateway（内嵌 guacd）
# remote-gateway 镜像已内嵌 guacd 进程，无需单独部署 guacd 容器

services:
  frontend:
    image: ghcr.io/silentely/nexus-terminal-frontend:latest
    container_name: nexus-terminal-frontend
    ports:
      - "18111:8080"
    depends_on:
      - backend
      - remote-gateway
    networks:
      - nexus-terminal-network
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "wget -qO- http://localhost:8080/ > /dev/null 2>&1 || exit 1"]
      interval: 30s
      timeout: 5s
      retries: 3
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
    deploy:
      resources:
        limits:
          memory: 256M

  backend:
    image: ghcr.io/silentely/nexus-terminal-backend:latest
    container_name: nexus-terminal-backend
    env_file:
      - .env
    environment:
      NODE_ENV: production
      PORT: 3001
    volumes:
      - ./data:/app/data
    networks:
      - nexus-terminal-network
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "wget -qO- http://localhost:3001/api/v1/health > /dev/null 2>&1 || exit 1"]
      interval: 30s
      timeout: 5s
      retries: 3
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
    deploy:
      resources:
        limits:
          memory: 512M

  # Remote Gateway：内嵌 guacd，guacd 进程与 Node.js 共享同一容器
  # RDP/VNC 连接由 backend 通过 /rdp-proxy WebSocket 内部代理，无需暴露端口
  remote-gateway:
    image: ghcr.io/silentely/nexus-terminal-remote-gateway:latest
    container_name: nexus-terminal-remote-gateway
    environment:
      # guacd 已内嵌于本容器，使用 localhost 连接
      GUACD_HOST: localhost
      GUACD_PORT: 4822
      REMOTE_GATEWAY_API_PORT: 9090
      REMOTE_GATEWAY_WS_PORT: 8081
      FRONTEND_URL: http://frontend
      MAIN_BACKEND_URL: http://backend:3001
      NODE_ENV: production
      # Remote Gateway API 访问令牌（可选但强烈推荐）
      # 若配置，则 backend（.env）与 remote-gateway 必须使用相同值
      REMOTE_GATEWAY_API_TOKEN: ${REMOTE_GATEWAY_API_TOKEN}
      # CORS 配置（可选）
      # 如需允许其他域名访问，请配置以下变量（逗号分隔多个域名）
      # CORS_ALLOWED_ORIGINS: https://yourdomain.com,https://www.yourdomain.com
      # 开发模式可设置为 true 允许所有来源（不推荐生产环境使用）
      # CORS_ALLOW_ALL: false
    networks:
      - nexus-terminal-network
    depends_on:
      - backend
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "wget -qO- http://localhost:9090/health > /dev/null 2>&1 || exit 1"]
      interval: 30s
      timeout: 5s
      retries: 3
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
    deploy:
      resources:
        limits:
          memory: 768M

networks:
  nexus-terminal-network:
    driver: bridge
    name: nexus-terminal-network
    enable_ipv6: true
    ipam:
      config:
        - subnet: fd01::/80
          gateway: fd01::1