From 7145fee5e8cd3fcbbdefb1eff56ecdd524cc0173 Mon Sep 17 00:00:00 2001
From: itqop <leonkl32@gmail.com>
Date: Tue, 30 Dec 2025 18:39:12 +0300
Subject: [PATCH] add nginx

---
 docker-compose.yml | 98 ++++++++++++++++++++++++++++++++--------------
 nginx/nginx.conf   | 45 +++++++++++++++++++++
 2 files changed, 113 insertions(+), 30 deletions(-)
 create mode 100644 nginx/nginx.conf

diff --git a/docker-compose.yml b/docker-compose.yml
index 158f373..116477c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,10 +1,31 @@
-version: '3.8'
+version: "3.8"
+
+networks:
+  itcloud-net:
+    driver: bridge
+    internal: true  # ВАЖНО: сеть без выхода "в интернет" (межконтейнерная)
+  itcloud-edge:
+    driver: bridge   # сеть для входящего трафика (только nginx)
 
 services:
+  nginx:
+    image: nginx:alpine
+    ports:
+      - "${NGINX_PORT:-8095}:80"          # единственный внешний порт
+    volumes:
+      - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
+    depends_on:
+      - frontend
+      - backend
+    restart: unless-stopped
+    networks:
+      - itcloud-edge
+      - itcloud-net
+
   backend:
     build: ./backend
-    ports:
-      - "${BACKEND_PORT:-8094}:8000"
+    expose:
+      - "8000"
     environment:
       - APP_ENV=dev
       - DATABASE_URL=sqlite+aiosqlite:////app/data/app.db
@@ -20,9 +41,26 @@ services:
       - ./backend/src:/app/src
       - backend-data:/app/data
     depends_on:
-      - minio
-      - redis
+      minio:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
     command: uvicorn app.main:app --host 0.0.0.0 --port 8000 --reload
+    networks:
+      - itcloud-net
+
+  frontend:
+    build: ./frontend
+    expose:
+      - "5173"
+    environment:
+      - VITE_API_URL=${VITE_API_URL}
+    volumes:
+      - ./frontend/src:/app/src
+      - ./frontend/public:/app/public
+    command: npm run dev -- --host 0.0.0.0
+    networks:
+      - itcloud-net
 
   minio:
     image: minio/minio:latest
@@ -37,48 +75,48 @@ services:
     command: server /data --console-address ":9001"
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
-      interval: 30s
-      timeout: 20s
-      retries: 3
+      interval: 10s
+      timeout: 5s
+      retries: 20
+    networks:
+      - itcloud-net
+
 
   minio-setup:
     image: minio/mc:latest
     depends_on:
-      - minio
+      minio:
+        condition: service_healthy
     environment:
       - MINIO_ROOT_USER=${MINIO_ROOT_USER:-minioadmin}
       - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-minioadmin}
+      - MEDIA_BUCKET=itcloud-media
     entrypoint: >
       /bin/sh -c "
-      sleep 5;
-      /usr/bin/mc alias set myminio http://minio:9000 $$MINIO_ROOT_USER $$MINIO_ROOT_PASSWORD;
-      /usr/bin/mc mb myminio/itcloud-media --ignore-existing;
-      /usr/bin/mc anonymous set none myminio/itcloud-media;
-      exit 0;
+      set -e;
+      mc alias set myminio http://minio:9000 $$MINIO_ROOT_USER $$MINIO_ROOT_PASSWORD;
+      mc mb myminio/$$MEDIA_BUCKET --ignore-existing;
+      mc anonymous set none myminio/$$MEDIA_BUCKET;
+      echo 'MinIO bucket ensured:' $$MEDIA_BUCKET;
       "
+    restart: "no"
+    networks:
+      - itcloud-net
 
   redis:
     image: redis:7-alpine
-    ports:
-      - "${REDIS_PORT:-6388}:6379"
+    # ports: <-- УБРАЛИ! наружу не светим
+    expose:
+      - "6379"
     volumes:
       - redis-data:/data
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-
-  frontend:
-    build: ./frontend
-    ports:
-      - "${FRONTEND_PORT:-8095}:5173"
-    environment:
-      - VITE_API_URL=${VITE_API_URL}
-    volumes:
-      - ./frontend/src:/app/src
-      - ./frontend/public:/app/public
-    command: npm run dev -- --host 0.0.0.0
+      interval: 10s
+      timeout: 3s
+      retries: 20
+    networks:
+      - itcloud-net
 
 volumes:
   backend-data:
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
new file mode 100644
index 0000000..331dcff
--- /dev/null
+++ b/nginx/nginx.conf
@@ -0,0 +1,45 @@
+server {
+    listen 80;
+    server_name _;
+
+    client_max_body_size 500M;
+
+    # Frontend (Vite dev server)
+    location / {
+        proxy_pass http://frontend:5173;
+        proxy_http_version 1.1;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # WebSocket / HMR
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_cache_bypass $http_upgrade;
+    }
+
+    # Backend API
+    location /api/ {
+        proxy_pass http://backend:8000/;
+        proxy_http_version 1.1;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        proxy_connect_timeout 300;
+        proxy_send_timeout 300;
+        proxy_read_timeout 300;
+        send_timeout 300;
+    }
+
+    location /health {
+        proxy_pass http://backend:8000/health;
+    }
+
+    # (Опционально) MinIO Console только внутри (если захочешь)
+    # location /minio/ {
+    #     proxy_pass http://minio:9001/;
+    # }
+}