version: '3.8'

services:
  cmc-php-production:
    build:
      context: .
      dockerfile: Dockerfile
    platform: linux/amd64
    container_name: cmc-php-production
    depends_on:
      - db-production
    volumes:
      - production_pdf_data:/var/www/cmc-sales/app/webroot/pdf
      - production_attachments_data:/var/www/cmc-sales/app/webroot/attachments_files
    network_mode: bridge
    restart: unless-stopped
    environment:
      - APP_ENV=production
    # Remove development features
    deploy:
      resources:
        limits:
          cpus: '2.0'
          memory: 2G
        reservations:
          cpus: '0.5'
          memory: 512M

  nginx-production:
    image: nginx:latest
    hostname: nginx-production
    container_name: cmc-nginx-production
    ports:
      - "8080:80"     # Internal port for production
    volumes:
      - ./conf/nginx-production.conf:/etc/nginx/conf.d/cmc-production.conf
      - ./userpasswd:/etc/nginx/userpasswd:ro
    depends_on:
      - cmc-php-production
    restart: unless-stopped
    network_mode: bridge
    environment:
      - NGINX_ENVSUBST_TEMPLATE_SUFFIX=.template



  db-production:
    image: mariadb:latest
    container_name: cmc-db-production
    environment:
      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD_PRODUCTION}
      MYSQL_DATABASE: cmc
      MYSQL_USER: cmc
      MYSQL_PASSWORD: ${DB_PASSWORD_PRODUCTION}
    volumes:
      - production_db_data:/var/lib/mysql
      - ./backups:/backups:ro  # Backup restore directory
    network_mode: bridge
    restart: unless-stopped
    # No external port exposure for security
    deploy:
      resources:
        limits:
          cpus: '2.0'
          memory: 4G
        reservations:
          cpus: '0.5'
          memory: 1G

  cmc-go-production:
    build:
      context: .
      dockerfile: Dockerfile.go.production
    container_name: cmc-go-production
    environment:
      DB_HOST: db-production
      DB_PORT: 3306
      DB_USER: cmc
      DB_PASSWORD: ${DB_PASSWORD_PRODUCTION}
      DB_NAME: cmc
      PORT: 8080
      APP_ENV: production
    depends_on:
      db-production:
        condition: service_started
    # No external port exposure - only through nginx
    volumes:
      - production_pdf_data:/root/webroot/pdf
      - ./credentials/production:/root/credentials:ro  # Production Gmail credentials
    network_mode: bridge
    restart: unless-stopped
    deploy:
      resources:
        limits:
          cpus: '2.0'
          memory: 2G
        reservations:
          cpus: '0.5'
          memory: 512M

volumes:
  production_db_data:
  production_pdf_data:
  production_attachments_data: