watcher/docker-compose.yml

services:
  dashboard:
    build:
      context: ..
      dockerfile: dashboard/Dockerfile
    image: atproto-1440news-dashboard
    container_name: atproto-1440news-dashboard
    restart: unless-stopped
    stop_grace_period: 30s
    env_file:
      - oauth.env
    environment:
      DB_HOST: infra-postgres
      DB_PORT: 5432
      DB_USER: dba_1440_news
      DB_PASSWORD_FILE: /run/secrets/db_password
      DB_NAME: db_1440_news
      OAUTH_BASE_URL: https://app.1440.news
    secrets:
      - db_password
    networks:
      - proxy
      - atproto
    labels:
      - "traefik.enable=true"
      # Production: HTTPS with Let's Encrypt for app.1440.news
      - "traefik.http.routers.dashboard-1440.rule=Host(`app.1440.news`)"
      - "traefik.http.routers.dashboard-1440.entrypoints=https"
      - "traefik.http.routers.dashboard-1440.tls.certresolver=letsencrypt-dns"
      # Production: HTTPS for 1440.news root (accounts directory) - lower priority than PDS API paths
      - "traefik.http.routers.root-1440.rule=Host(`1440.news`)"
      - "traefik.http.routers.root-1440.entrypoints=https"
      - "traefik.http.routers.root-1440.tls.certresolver=letsencrypt-dns"
      - "traefik.http.routers.root-1440.priority=10"
      # Production: HTTP to HTTPS redirect
      - "traefik.http.routers.dashboard-1440-redirect.rule=Host(`app.1440.news`) || Host(`1440.news`)"
      - "traefik.http.routers.dashboard-1440-redirect.entrypoints=http"
      - "traefik.http.routers.dashboard-1440-redirect.middlewares=https-redirect"
      - "traefik.http.routers.dashboard-1440-redirect.priority=10"
      - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
      # Local development
      - "traefik.http.routers.dashboard-1440-local.rule=Host(`app.1440.localhost`)"
      - "traefik.http.routers.dashboard-1440-local.entrypoints=http"
      # Shared service
      - "traefik.http.services.dashboard-1440.loadbalancer.server.port=4321"

secrets:
  db_password:
    file: ../../../infra/postgres/secrets/dba_1440_news_password.txt

networks:
  proxy:
    external: true
  atproto:
    external: true