# --------------------------------------------------------------------------- # A single env‑file (.env) contains ONLY non‑secret constants. # Every secret is exported from fetch‑secrets.sh and injected at deploy time. # --------------------------------------------------------------------------- x-env: &with-env env_file: - .env # committed, non‑secret restart: unless-stopped services: # ───────────────────────────── server1 ───────────────────────────── server1: <<: *with-env image: us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo/server1:${IMG_TAG} expose: ["${SERVER1_PORT}"] environment: JWT_SECRET: ${JWT_SECRET} DB_HOST: ${DB_HOST} DB_PORT: ${DB_PORT} DB_USER: ${DB_USER} DB_PASSWORD: ${DB_PASSWORD} DB_NAME: ${DB_NAME} DB_SSL_CERT: ${DB_SSL_CERT} DB_SSL_KEY: ${DB_SSL_KEY} DB_SSL_CA: ${DB_SSL_CA} CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS} SALARY_DB_PATH: /app/salary_info.db FROM_SECRETS_MANAGER: ${FROM_SECRETS_MANAGER} volumes: - ./salary_info.db:/app/salary_info.db:ro - ./user_profile.db:/app/user_profile.db healthcheck: test: ["CMD-SHELL", "curl -f http://localhost:${SERVER1_PORT}/healthz || exit 1"] interval: 30s timeout: 5s retries: 3 # ───────────────────────────── server2 ───────────────────────────── server2: <<: *with-env image: us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo/server2:${IMG_TAG} expose: ["${SERVER2_PORT}"] environment: ONET_USERNAME: ${ONET_USERNAME} ONET_PASSWORD: ${ONET_PASSWORD} JWT_SECRET: ${JWT_SECRET} OPENAI_API_KEY: ${OPENAI_API_KEY} DB_HOST: ${DB_HOST} DB_PORT: ${DB_PORT} DB_USER: ${DB_USER} DB_PASSWORD: ${DB_PASSWORD} DB_NAME: ${DB_NAME} CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS} SALARY_DB_PATH: /app/salary_info.db FROM_SECRETS_MANAGER: ${FROM_SECRETS_MANAGER} volumes: - ./public:/app/public:ro - ./salary_info.db:/app/salary_info.db:ro - ./user_profile.db:/app/user_profile.db healthcheck: test: ["CMD-SHELL", "curl -f http://localhost:${SERVER2_PORT}/healthz || exit 1"] interval: 30s timeout: 5s retries: 3 # ───────────────────────────── server3 ───────────────────────────── server3: <<: *with-env image: us-central1-docker.pkg.dev/aptivaai-dev/aptiva-repo/server3:${IMG_TAG} expose: ["${SERVER3_PORT}"] environment: JWT_SECRET: ${JWT_SECRET} OPENAI_API_KEY: ${OPENAI_API_KEY} STRIPE_SECRET_KEY: ${STRIPE_SECRET_KEY} STRIPE_PUBLISHABLE_KEY: ${STRIPE_PUBLISHABLE_KEY} STRIPE_WH_SECRET: ${STRIPE_WH_SECRET} STRIPE_PRICE_PREMIUM_MONTH: ${STRIPE_PRICE_PREMIUM_MONTH} STRIPE_PRICE_PREMIUM_YEAR: ${STRIPE_PRICE_PREMIUM_YEAR} STRIPE_PRICE_PRO_MONTH: ${STRIPE_PRICE_PRO_MONTH} STRIPE_PRICE_PRO_YEAR: ${STRIPE_PRICE_PRO_YEAR} TWILIO_ACCOUNT_SID: ${TWILIO_ACCOUNT_SID} TWILIO_AUTH_TOKEN: ${TWILIO_AUTH_TOKEN} TWILIO_MESSAGING_SERVICE_SID: ${TWILIO_MESSAGING_SERVICE_SID} DB_HOST: ${DB_HOST} DB_PORT: ${DB_PORT} DB_USER: ${DB_USER} DB_PASSWORD: ${DB_PASSWORD} DB_NAME: ${DB_NAME} DB_SSL_CERT: ${DB_SSL_CERT} DB_SSL_KEY: ${DB_SSL_KEY} DB_SSL_CA: ${DB_SSL_CA} CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS} SALARY_DB_PATH: /app/salary_info.db FROM_SECRETS_MANAGER: ${FROM_SECRETS_MANAGER} volumes: - ./salary_info.db:/app/salary_info.db:ro - ./user_profile.db:/app/user_profile.db healthcheck: test: ["CMD-SHELL", "curl -f http://localhost:${SERVER3_PORT}/healthz || exit 1"] interval: 30s timeout: 5s retries: 3 # ───────────────────────────── nginx ─────────────────────────────── nginx: <<: *with-env image: nginx:1.25-alpine command: ["nginx", "-g", "daemon off;"] depends_on: [server1, server2, server3] networks: [default, aptiva-shared] ports: ["80:80", "443:443"] volumes: - ./build:/usr/share/nginx/html:ro - ./nginx.conf:/etc/nginx/nginx.conf:ro - /etc/letsencrypt:/etc/letsencrypt:ro - ./empty:/etc/nginx/conf.d networks: default: name: aptiva_default aptiva-shared: external: true