# Smart Contract Security Analyzer — Cloud Deployment (with Caddy HTTPS)
#
# Prerequisites:
#   - A domain name pointing to this server's IP (DNS A record)
#   - DOMAIN=yourdomain.com set in .env
#
# Usage:
#   docker compose -f docker-compose.cloud.yml up -d

services:
  redis:
    image: redis:7-alpine
    command: ["redis-server", "--appendonly", "yes", "--maxmemory-policy", "noeviction"]
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 3s
      retries: 10
    volumes:
      - redis-data:/data

  web:
    image: snome/scsa-web:latest
    environment:
      REDIS_URL: redis://redis:6379
      REPORT_DIR: /app/reports
      PORT: "3000"
    env_file:
      - .env
    depends_on:
      redis:
        condition: service_healthy
    volumes:
      - reports:/app/reports
    # No ports — Caddy is the only public entry point

  engine:
    image: snome/scsa-engine:latest
    env_file:
      - .env
    environment:
      REDIS_URL: redis://redis:6379
      REPORT_DIR: /app/reports
      TRACE_DIR: /app/traces
    depends_on:
      redis:
        condition: service_healthy
    volumes:
      - reports:/app/reports
      - traces:/app/traces

  caddy:
    image: caddy:alpine
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"   # HTTP/3
    command: caddy reverse-proxy --from ${DOMAIN} --to web:3000
    volumes:
      - caddy-data:/data      # Persists SSL certificates across restarts
      - caddy-config:/config
    depends_on:
      - web

volumes:
  redis-data:
  reports:
  traces:
  caddy-data:
  caddy-config: