services: backend: build: context: . dockerfile: backend/Dockerfile networks: - inventory_net ports: - ${BACKEND_PORT:-8000}:8000 env_file: - inventory.env volumes: - ./data:/app/data - ./logs:/app/logs - ./scripts:/app/scripts:ro environment: - DATA_DIR=/app/data - LOGS_DIR=/app/logs # [C-01] JWT secret key — GENERATE A SECURE VALUE FOR PRODUCTION! - JWT_SECRET_KEY=${JWT_SECRET_KEY:-change_me_in_production} restart: unless-stopped frontend: build: context: ./frontend networks: - inventory_net ports: - ${FRONTEND_PORT:-3000}:3000 env_file: - inventory.env volumes: - ./logs:/app/logs # Write Next.js logs to both stdout (docker logs) and file (mapped volume) command: sh -c "mkdir -p /app/logs && node server.js 2>&1 | tee -a /app/logs/frontend.log" restart: unless-stopped proxy: image: caddy:alpine networks: - inventory_net ports: - ${BACKEND_SSL_PORT:-8918}:444 - ${FRONTEND_SSL_PORT:-8919}:443 env_file: - inventory.env volumes: - ./config/Caddyfile:/etc/caddy/Caddyfile # Persist the internal Caddy certificates so users don't get new certificate warnings constantly - ./data/caddy_data:/data - ./data/caddy_config:/config depends_on: - frontend - backend restart: unless-stopped networks: inventory_net: driver: bridge