# Production overrides for docker-compose.yml # Usage: docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d --build # # This config adds Caddy reverse proxy with auto-SSL (Let's Encrypt) # Note: Internal service ports are still exposed but should be blocked by firewall # Only ports 80/443 should be open in Hetzner Cloud Firewall services: app: build: . ports: - '3000:3000' env_file: .env environment: # Docker-internal URLs (override .env values) - LETTA_BASE_URL=http://letta:8283 - LITELLM_URL=http://litellm:4000 - ANTHROPIC_PROXY_URL=http://anthropic-proxy:4001/v1 - TOOL_WEBHOOK_URL=http://app:3000 volumes: - ./data:/app/data - ./prompts:/app/prompts:ro networks: - assistant-net restart: unless-stopped depends_on: letta: condition: service_healthy healthcheck: test: ['CMD', 'curl', '-f', 'http://localhost:3000/health'] interval: 30s start_period: 10s start_interval: 2s timeout: 10s retries: 3 caddy: image: caddy:2-alpine restart: unless-stopped ports: - "80:80" - "443:443" volumes: - ./Caddyfile:/etc/caddy/Caddyfile:ro - caddy_data:/data - caddy_config:/config networks: - assistant-net depends_on: - app # Netdata: Real-time monitoring # Access via Tailscale: http://TAILSCALE_IP:19999 netdata: image: netdata/netdata restart: unless-stopped hostname: assistant ports: - '19999:19999' cap_add: - SYS_PTRACE security_opt: - apparmor:unconfined volumes: - netdata_config:/etc/netdata - netdata_lib:/var/lib/netdata - netdata_cache:/var/cache/netdata - /proc:/host/proc:ro - /sys:/host/sys:ro - /etc/os-release:/host/etc/os-release:ro - /var/run/docker.sock:/var/run/docker.sock:ro env_file: .env environment: - NETDATA_CLAIM_URL=https://app.netdata.cloud - NETDATA_DISABLE_CLOUD=1 networks: - assistant-net volumes: caddy_data: caddy_config: netdata_config: netdata_lib: netdata_cache: