version: '3.8'

services:
  # NGINX Load Balancer
  nginx:
    image: nginx:alpine
    container_name: bcards-nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      # Configuração do NGINX
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      
      # Certificados SSL (Let's Encrypt)
      - /etc/letsencrypt:/etc/letsencrypt:ro
      - /var/www/certbot:/var/www/certbot:ro
      
      # Logs
      - ./logs:/var/log/nginx
    networks:
      - bcards-network
    restart: unless-stopped
    depends_on:
      - certbot
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost/nginx-health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s
    labels:
      - "traefik.enable=false"

  # Certbot para SSL certificates
  certbot:
    image: certbot/certbot
    container_name: bcards-certbot
    volumes:
      - /etc/letsencrypt:/etc/letsencrypt
      - /var/www/certbot:/var/www/certbot
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
    restart: unless-stopped

  # Log aggregator (opcional)
  fluentd:
    image: fluent/fluentd:v1.16-debian-1
    container_name: bcards-fluentd
    volumes:
      - ./fluentd/fluent.conf:/fluentd/etc/fluent.conf:ro
      - ./logs:/var/log/nginx:ro
      - ./fluentd/logs:/fluentd/log
    ports:
      - "24224:24224"
      - "24224:24224/udp"
    networks:
      - bcards-network
    restart: unless-stopped
    environment:
      - FLUENTD_CONF=fluent.conf

networks:
  bcards-network:
    external: true