+45

ci/.env.prod.example

reviewed

··· 1 1 + # Public URL (used for CORS, email links, Caddy TLS) 2 2 + # Use your domain (e.g. https://cv.example.com) or IP for testing (http://123.45.67.89) 3 3 + PUBLIC_URL=https://cv.example.com 4 4 + DOMAIN=cv.example.com 5 5 + 6 6 + # Database (use strong credentials in production) 7 7 + POSTGRES_USER=cv 8 8 + POSTGRES_PASSWORD=CHANGE_ME_STRONG_PASSWORD 9 9 + POSTGRES_DB=cv 10 10 + 11 11 + # Secrets (generate with: openssl rand -hex 32) 12 12 + JWT_SECRET=CHANGE_ME_GENERATE_WITH_OPENSSL 13 13 + ENCRYPTION_KEY=CHANGE_ME_GENERATE_WITH_OPENSSL_64_CHARS 14 14 + 15 15 + # JWT Expiry 16 16 + JWT_ACCESS_TOKEN_EXPIRY=15m 17 17 + JWT_REFRESH_TOKEN_EXPIRY=7d 18 18 + 19 19 + # AI Provider (anthropic or openai — no local llama in production) 20 20 + AI_PROVIDER=anthropic 21 21 + ANTHROPIC_API_KEY=sk-ant-... 22 22 + # ANTHROPIC_MODEL=claude-sonnet-4-5-20250929 23 23 + 24 24 + # Or use OpenAI instead: 25 25 + # AI_PROVIDER=openai 26 26 + # OPENAI_API_KEY=sk-... 27 27 + # OPENAI_MODEL=gpt-4o-mini 28 28 + 29 29 + # Email (optional — logs to console if not set) 30 30 + # RESEND_API_KEY=re_... 31 31 + # EMAIL_FROM_ADDRESS=noreply@example.com 32 32 + # EMAIL_FROM_NAME=CV Generator 33 33 + 34 34 + # Worker 35 35 + POLL_INTERVAL_MS=2000 36 36 + PDF_TIMEOUT_MS=30000 37 37 + HEARTBEAT_DB_INTERVAL_MS=30000 38 38 + 39 39 + # Chromium launch args (comma-separated) 40 40 + # Default (dev): --no-sandbox,--disable-dev-shm-usage 41 41 + # Low-memory: --no-sandbox,--disable-dev-shm-usage,--disable-gpu,--single-process,--disable-extensions 42 42 + CHROMIUM_ARGS=--no-sandbox,--disable-dev-shm-usage,--disable-gpu,--single-process,--disable-extensions 43 43 + 44 44 + # project-q (path on the Droplet after setup) 45 45 + PROJECT_Q_PATH=/opt/cv-generator/project-q

+33

ci/Caddyfile

reviewed

··· 1 1 + {$DOMAIN:localhost} { 2 2 + @protected { 3 3 + not path /health 4 4 + } 5 5 + 6 6 + basic_auth @protected { 7 7 + {$BASIC_AUTH_USER:admin} {$BASIC_AUTH_HASH} 8 8 + } 9 9 + 10 10 + handle /graphql { 11 11 + reverse_proxy server:3000 12 12 + } 13 13 + 14 14 + handle /health { 15 15 + reverse_proxy server:3000 16 16 + } 17 17 + 18 18 + handle /api/* { 19 19 + reverse_proxy server:3000 20 20 + } 21 21 + 22 22 + handle { 23 23 + reverse_proxy client:80 24 24 + } 25 25 + } 26 26 + 27 27 + docs.{$DOMAIN:localhost} { 28 28 + basic_auth { 29 29 + {$BASIC_AUTH_USER:admin} {$BASIC_AUTH_HASH} 30 30 + } 31 31 + 32 32 + reverse_proxy docs:80 33 33 + }

+58

ci/deploy.sh

reviewed

··· 1 1 + #!/usr/bin/env bash 2 2 + set -euo pipefail 3 3 + 4 4 + # Deploy CV Generator to production 5 5 + # Run from the repo root: ci/deploy.sh 6 6 + 7 7 + SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" 8 8 + REPO_DIR="$(dirname "$SCRIPT_DIR")" 9 9 + ENV_FILE="$REPO_DIR/.env.prod" 10 10 + COMPOSE_FILE="$REPO_DIR/docker-compose.prod.yml" 11 11 + 12 12 + cd "$REPO_DIR" 13 13 + 14 14 + if [ ! -f "$ENV_FILE" ]; then 15 15 + echo "Error: $ENV_FILE not found. Copy ci/.env.prod.example to .env.prod and configure it." 16 16 + exit 1 17 17 + fi 18 18 + 19 19 + # Export env vars for Caddy / compose 20 20 + set -a 21 21 + source "$ENV_FILE" 22 22 + set +a 23 23 + 24 24 + echo "==> Pulling latest code" 25 25 + git pull --ff-only 26 26 + 27 27 + echo "==> Rebuilding project-q (if needed)" 28 28 + if [ -d "$PROJECT_Q_PATH" ]; then 29 29 + (cd "$PROJECT_Q_PATH" && git pull --ff-only && npm install && npm run build) 30 30 + else 31 31 + echo "Warning: PROJECT_Q_PATH=$PROJECT_Q_PATH not found. Build may fail." 32 32 + fi 33 33 + 34 34 + echo "==> Regenerating Docker manifests" 35 35 + sh .docker/copy-manifests.sh 36 36 + 37 37 + echo "==> Building images" 38 38 + docker compose -f "$COMPOSE_FILE" --env-file "$ENV_FILE" build 39 39 + 40 40 + echo "==> Running database migrations" 41 41 + docker compose -f "$COMPOSE_FILE" --env-file "$ENV_FILE" run --rm server \ 42 42 + sh -c "cd /app/apps/server && npx prisma migrate deploy" 43 43 + 44 44 + echo "==> Starting services" 45 45 + docker compose -f "$COMPOSE_FILE" --env-file "$ENV_FILE" up -d 46 46 + 47 47 + echo "==> Seeding database (idempotent)" 48 48 + docker compose -f "$COMPOSE_FILE" --env-file "$ENV_FILE" exec server \ 49 49 + node dist/scripts/seed.js 50 50 + 51 51 + echo "==> Cleaning up old images" 52 52 + docker image prune -f 53 53 + 54 54 + echo "" 55 55 + echo "==> Deploy complete!" 56 56 + docker compose -f "$COMPOSE_FILE" --env-file "$ENV_FILE" ps 57 57 + echo "" 58 58 + echo "Run 'docker compose -f $COMPOSE_FILE --env-file $ENV_FILE logs -f' to watch logs"

+115

ci/docker-compose.droplet.yml

reviewed

··· 1 1 + services: 2 2 + caddy: 3 3 + image: caddy:2-alpine 4 4 + environment: 5 5 + DOMAIN: ${DOMAIN} 6 6 + ports: 7 7 + - "80:80" 8 8 + - "443:443" 9 9 + volumes: 10 10 + - ./Caddyfile:/etc/caddy/Caddyfile:ro 11 11 + - caddy-data:/data 12 12 + - caddy-config:/config 13 13 + depends_on: 14 14 + server: 15 15 + condition: service_healthy 16 16 + client: 17 17 + condition: service_healthy 18 18 + restart: unless-stopped 19 19 + 20 20 + db: 21 21 + image: postgres:16-alpine 22 22 + environment: 23 23 + POSTGRES_USER: ${POSTGRES_USER} 24 24 + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} 25 25 + POSTGRES_DB: ${POSTGRES_DB} 26 26 + volumes: 27 27 + - db-data:/var/lib/postgresql/data 28 28 + healthcheck: 29 29 + test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"] 30 30 + interval: 10s 31 31 + timeout: 5s 32 32 + retries: 3 33 33 + restart: unless-stopped 34 34 + 35 35 + server: 36 36 + image: cv-generator-server:latest 37 37 + environment: 38 38 + PORT: "3000" 39 39 + NODE_ENV: production 40 40 + DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB} 41 41 + JWT_SECRET: ${JWT_SECRET} 42 42 + JWT_ACCESS_TOKEN_EXPIRY: ${JWT_ACCESS_TOKEN_EXPIRY:-15m} 43 43 + JWT_REFRESH_TOKEN_EXPIRY: ${JWT_REFRESH_TOKEN_EXPIRY:-7d} 44 44 + ENCRYPTION_KEY: ${ENCRYPTION_KEY} 45 45 + RESEND_API_KEY: ${RESEND_API_KEY:-} 46 46 + EMAIL_FROM_ADDRESS: ${EMAIL_FROM_ADDRESS:-} 47 47 + EMAIL_FROM_NAME: ${EMAIL_FROM_NAME:-CV Generator} 48 48 + CLIENT_URL: ${PUBLIC_URL} 49 49 + ALLOWED_ORIGINS: ${PUBLIC_URL} 50 50 + AI_PROVIDER: ${AI_PROVIDER:-anthropic} 51 51 + AI_TEMPERATURE: ${AI_TEMPERATURE:-0.1} 52 52 + AI_MAX_TOKENS: ${AI_MAX_TOKENS:-8192} 53 53 + AI_TIMEOUT: ${AI_TIMEOUT:-60000} 54 54 + ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY:-} 55 55 + ANTHROPIC_MODEL: ${ANTHROPIC_MODEL:-claude-sonnet-4-5-20250929} 56 56 + OPENAI_API_KEY: ${OPENAI_API_KEY:-} 57 57 + OPENAI_MODEL: ${OPENAI_MODEL:-gpt-4o-mini} 58 58 + PDF_OUTPUT_DIR: /app/pdf-output 59 59 + depends_on: 60 60 + db: 61 61 + condition: service_healthy 62 62 + volumes: 63 63 + - worker-output:/app/pdf-output:ro 64 64 + healthcheck: 65 65 + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] 66 66 + interval: 15s 67 67 + timeout: 5s 68 68 + retries: 3 69 69 + start_period: 30s 70 70 + restart: unless-stopped 71 71 + 72 72 + client: 73 73 + image: cv-generator-client:latest 74 74 + healthcheck: 75 75 + test: ["CMD", "curl", "-f", "http://localhost:80"] 76 76 + interval: 15s 77 77 + timeout: 5s 78 78 + retries: 3 79 79 + start_period: 5s 80 80 + restart: unless-stopped 81 81 + 82 82 + worker: 83 83 + image: cv-generator-worker:latest 84 84 + environment: 85 85 + DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB} 86 86 + QUEUE_SCHEMA: ${QUEUE_SCHEMA:-queue} 87 87 + QUEUE_NAME: ${QUEUE_NAME:-default} 88 88 + POLL_INTERVAL_MS: ${POLL_INTERVAL_MS:-2000} 89 89 + PDF_OUTPUT_DIR: /app/pdf-output 90 90 + PDF_TIMEOUT_MS: ${PDF_TIMEOUT_MS:-30000} 91 91 + HEARTBEAT_FILE_PATH: /tmp/worker-heartbeat 92 92 + HEARTBEAT_DB_INTERVAL_MS: ${HEARTBEAT_DB_INTERVAL_MS:-30000} 93 93 + CHROMIUM_ARGS: ${CHROMIUM_ARGS:---no-sandbox,--disable-dev-shm-usage,--disable-gpu,--single-process,--disable-extensions} 94 94 + depends_on: 95 95 + db: 96 96 + condition: service_healthy 97 97 + volumes: 98 98 + - worker-output:/app/pdf-output 99 99 + deploy: 100 100 + resources: 101 101 + limits: 102 102 + memory: 512M 103 103 + healthcheck: 104 104 + test: ["CMD-SHELL", "find /tmp/worker-heartbeat -mmin -1 | grep -q ."] 105 105 + interval: 30s 106 106 + timeout: 5s 107 107 + retries: 3 108 108 + start_period: 15s 109 109 + restart: unless-stopped 110 110 + 111 111 + volumes: 112 112 + db-data: 113 113 + worker-output: 114 114 + caddy-data: 115 115 + caddy-config:

+85

ci/setup-droplet.sh

reviewed

··· 1 1 + #!/usr/bin/env bash 2 2 + set -euo pipefail 3 3 + 4 4 + # One-time Droplet setup for CV Generator 5 5 + # Run as root on a fresh Ubuntu 24.04 Droplet: 6 6 + # curl -sSL <raw-url> | bash 7 7 + # Or: ssh root@droplet 'bash -s' < ci/setup-droplet.sh 8 8 + 9 9 + DEPLOY_DIR="/opt/cv-generator" 10 10 + DEPLOY_USER="deploy" 11 11 + 12 12 + echo "==> Installing Docker" 13 13 + apt-get update 14 14 + apt-get install -y ca-certificates curl gnupg 15 15 + install -m 0755 -d /etc/apt/keyrings 16 16 + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg 17 17 + chmod a+r /etc/apt/keyrings/docker.gpg 18 18 + echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null 19 19 + apt-get update 20 20 + apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin 21 21 + 22 22 + echo "==> Configuring firewall" 23 23 + ufw allow OpenSSH 24 24 + ufw allow 80/tcp 25 25 + ufw allow 443/tcp 26 26 + ufw --force enable 27 27 + 28 28 + echo "==> Creating deploy user" 29 29 + if ! id "$DEPLOY_USER" &>/dev/null; then 30 30 + adduser --disabled-password --gecos "" "$DEPLOY_USER" 31 31 + usermod -aG docker "$DEPLOY_USER" 32 32 + fi 33 33 + 34 34 + echo "==> Creating deploy directory" 35 35 + mkdir -p "$DEPLOY_DIR" 36 36 + chown "$DEPLOY_USER:$DEPLOY_USER" "$DEPLOY_DIR" 37 37 + 38 38 + echo "==> Cloning project-q (build dependency)" 39 39 + su - "$DEPLOY_USER" -c " 40 40 + cd $DEPLOY_DIR 41 41 + if [ ! -d project-q ]; then 42 42 + git clone https://github.com/riotbyte/project-q.git project-q 43 43 + fi 44 44 + cd project-q 45 45 + npm install 46 46 + npm run build 47 47 + " 48 48 + 49 49 + echo "==> Cloning cv-generator" 50 50 + su - "$DEPLOY_USER" -c " 51 51 + cd $DEPLOY_DIR 52 52 + if [ ! -d app ]; then 53 53 + git clone https://github.com/mokkenstorm-dev/cv-generator.git app 54 54 + fi 55 55 + " 56 56 + 57 57 + echo "==> Creating .env.prod" 58 58 + if [ ! -f "$DEPLOY_DIR/app/.env.prod" ]; then 59 59 + cp "$DEPLOY_DIR/app/ci/.env.prod.example" "$DEPLOY_DIR/app/.env.prod" 60 60 + # Generate secrets 61 61 + JWT_SECRET=$(openssl rand -hex 32) 62 62 + ENCRYPTION_KEY=$(openssl rand -hex 32) 63 63 + DB_PASSWORD=$(openssl rand -hex 16) 64 64 + sed -i "s|CHANGE_ME_GENERATE_WITH_OPENSSL_64_CHARS|$ENCRYPTION_KEY|" "$DEPLOY_DIR/app/.env.prod" 65 65 + sed -i "s|CHANGE_ME_GENERATE_WITH_OPENSSL|$JWT_SECRET|" "$DEPLOY_DIR/app/.env.prod" 66 66 + sed -i "s|CHANGE_ME_STRONG_PASSWORD|$DB_PASSWORD|" "$DEPLOY_DIR/app/.env.prod" 67 67 + 68 68 + # Generate basic auth hash (Caddy bcrypt format) 69 69 + BASIC_AUTH_PASS=$(openssl rand -hex 8) 70 70 + BASIC_AUTH_HASH=$(docker run --rm caddy:2-alpine caddy hash-password --plaintext "$BASIC_AUTH_PASS") 71 71 + sed -i "s|CHANGE_ME_CADDY_HASH|$BASIC_AUTH_HASH|" "$DEPLOY_DIR/app/.env.prod" 72 72 + echo "" 73 73 + echo " Generated secrets in $DEPLOY_DIR/app/.env.prod" 74 74 + echo " Basic auth password: $BASIC_AUTH_PASS (user: admin)" 75 75 + echo " Edit this file to set your domain, AI keys, etc." 76 76 + fi 77 77 + 78 78 + echo "" 79 79 + echo "==> Setup complete!" 80 80 + echo "" 81 81 + echo "Next steps:" 82 82 + echo " 1. Edit $DEPLOY_DIR/app/.env.prod (set DOMAIN, PUBLIC_URL, API keys)" 83 83 + echo " 2. Run: cd $DEPLOY_DIR/app && ci/deploy.sh" 84 84 + echo " 3. Point your DNS A record to this Droplet's IP" 85 85 + echo ""

+153

docker-compose.prod.yml

reviewed

··· 1 1 + services: 2 2 + caddy: 3 3 + image: caddy:2-alpine 4 4 + environment: 5 5 + DOMAIN: ${DOMAIN} 6 6 + BASIC_AUTH_USER: ${BASIC_AUTH_USER:-admin} 7 7 + BASIC_AUTH_HASH: ${BASIC_AUTH_HASH} 8 8 + ports: 9 9 + - "80:80" 10 10 + - "443:443" 11 11 + volumes: 12 12 + - ./ci/Caddyfile:/etc/caddy/Caddyfile:ro 13 13 + - caddy-data:/data 14 14 + - caddy-config:/config 15 15 + depends_on: 16 16 + server: 17 17 + condition: service_healthy 18 18 + client: 19 19 + condition: service_healthy 20 20 + restart: unless-stopped 21 21 + 22 22 + db: 23 23 + image: postgres:16-alpine 24 24 + environment: 25 25 + POSTGRES_USER: ${POSTGRES_USER} 26 26 + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} 27 27 + POSTGRES_DB: ${POSTGRES_DB} 28 28 + volumes: 29 29 + - db-data:/var/lib/postgresql/data 30 30 + healthcheck: 31 31 + test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"] 32 32 + interval: 10s 33 33 + timeout: 5s 34 34 + retries: 3 35 35 + restart: unless-stopped 36 36 + 37 37 + server: 38 38 + build: 39 39 + context: . 40 40 + dockerfile: .docker/server.Dockerfile 41 41 + target: production 42 42 + additional_contexts: 43 43 + project-q: ${PROJECT_Q_PATH} 44 44 + nest-service-locator: ${NEST_SERVICE_LOCATOR_PATH} 45 45 + environment: 46 46 + PORT: "3000" 47 47 + NODE_ENV: production 48 48 + DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB} 49 49 + JWT_SECRET: ${JWT_SECRET} 50 50 + JWT_ACCESS_TOKEN_EXPIRY: ${JWT_ACCESS_TOKEN_EXPIRY:-15m} 51 51 + JWT_REFRESH_TOKEN_EXPIRY: ${JWT_REFRESH_TOKEN_EXPIRY:-7d} 52 52 + ENCRYPTION_KEY: ${ENCRYPTION_KEY} 53 53 + RESEND_API_KEY: ${RESEND_API_KEY:-} 54 54 + EMAIL_FROM_ADDRESS: ${EMAIL_FROM_ADDRESS:-} 55 55 + EMAIL_FROM_NAME: ${EMAIL_FROM_NAME:-CV Generator} 56 56 + CLIENT_URL: ${PUBLIC_URL} 57 57 + ALLOWED_ORIGINS: ${PUBLIC_URL} 58 58 + AI_PROVIDER: ${AI_PROVIDER:-anthropic} 59 59 + AI_TEMPERATURE: ${AI_TEMPERATURE:-0.1} 60 60 + AI_MAX_TOKENS: ${AI_MAX_TOKENS:-8192} 61 61 + AI_TIMEOUT: ${AI_TIMEOUT:-60000} 62 62 + ANTHROPIC_API_KEY: ${ANTHROPIC_API_KEY:-} 63 63 + ANTHROPIC_MODEL: ${ANTHROPIC_MODEL:-claude-sonnet-4-5-20250929} 64 64 + OPENAI_API_KEY: ${OPENAI_API_KEY:-} 65 65 + OPENAI_MODEL: ${OPENAI_MODEL:-gpt-4o-mini} 66 66 + PDF_OUTPUT_DIR: /app/pdf-output 67 67 + depends_on: 68 68 + db: 69 69 + condition: service_healthy 70 70 + volumes: 71 71 + - worker-output:/app/pdf-output:ro 72 72 + healthcheck: 73 73 + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] 74 74 + interval: 15s 75 75 + timeout: 5s 76 76 + retries: 3 77 77 + start_period: 30s 78 78 + restart: unless-stopped 79 79 + 80 80 + client: 81 81 + build: 82 82 + context: . 83 83 + dockerfile: .docker/client.Dockerfile 84 84 + target: production 85 85 + args: 86 86 + VITE_SERVER_URL: ${PUBLIC_URL} 87 87 + VITE_DOCS_URL: https://docs.${DOMAIN} 88 88 + healthcheck: 89 89 + test: ["CMD", "curl", "-f", "http://localhost:80"] 90 90 + interval: 15s 91 91 + timeout: 5s 92 92 + retries: 3 93 93 + start_period: 5s 94 94 + restart: unless-stopped 95 95 + 96 96 + worker: 97 97 + build: 98 98 + context: . 99 99 + dockerfile: .docker/worker.Dockerfile 100 100 + target: production 101 101 + additional_contexts: 102 102 + project-q: ${PROJECT_Q_PATH} 103 103 + nest-service-locator: ${NEST_SERVICE_LOCATOR_PATH} 104 104 + environment: 105 105 + DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB} 106 106 + QUEUE_SCHEMA: ${QUEUE_SCHEMA:-queue} 107 107 + QUEUE_NAME: ${QUEUE_NAME:-default} 108 108 + POLL_INTERVAL_MS: ${POLL_INTERVAL_MS:-2000} 109 109 + PDF_OUTPUT_DIR: /app/pdf-output 110 110 + PDF_TIMEOUT_MS: ${PDF_TIMEOUT_MS:-30000} 111 111 + HEARTBEAT_FILE_PATH: /tmp/worker-heartbeat 112 112 + HEARTBEAT_DB_INTERVAL_MS: ${HEARTBEAT_DB_INTERVAL_MS:-30000} 113 113 + CHROMIUM_ARGS: ${CHROMIUM_ARGS:---no-sandbox,--disable-dev-shm-usage,--disable-gpu,--single-process,--disable-extensions} 114 114 + depends_on: 115 115 + db: 116 116 + condition: service_healthy 117 117 + volumes: 118 118 + - worker-output:/app/pdf-output 119 119 + deploy: 120 120 + resources: 121 121 + limits: 122 122 + memory: 512M 123 123 + healthcheck: 124 124 + test: ["CMD-SHELL", "find /tmp/worker-heartbeat -mmin -1 | grep -q ."] 125 125 + interval: 30s 126 126 + timeout: 5s 127 127 + retries: 3 128 128 + start_period: 15s 129 129 + restart: unless-stopped 130 130 + 131 131 + docs: 132 132 + profiles: 133 133 + - docs 134 134 + build: 135 135 + context: . 136 136 + dockerfile: .docker/docs.Dockerfile 137 137 + target: production 138 138 + args: 139 139 + VITE_CLIENT_URL: ${PUBLIC_URL} 140 140 + VITE_SERVER_URL: ${PUBLIC_URL} 141 141 + healthcheck: 142 142 + test: ["CMD", "curl", "-f", "http://localhost:80"] 143 143 + interval: 15s 144 144 + timeout: 5s 145 145 + retries: 3 146 146 + start_period: 5s 147 147 + restart: unless-stopped 148 148 + 149 149 + volumes: 150 150 + db-data: 151 151 + worker-output: 152 152 + caddy-data: 153 153 + caddy-config: