version: '3.8' services: bcards-web: image: ${REGISTRY:-registry.redecarneir.us}/bcards:${IMAGE_TAG:-release-latest} container_name: bcards-staging restart: unless-stopped ports: - "8090:8080" - "8453:8443" environment: # Core ASP.NET Configuration - ASPNETCORE_ENVIRONMENT=Release - ASPNETCORE_URLS=http://+:8080 - ASPNETCORE_FORWARDEDHEADERS_ENABLED=true # MongoDB Configuration - MongoDb__ConnectionString=${MONGODB_CONNECTION_STRING:-mongodb://192.168.0.100:27017/BCardsDB} - MongoDb__DatabaseName=BCardsDB # Application Settings - AppSettings__Environment=Staging - AppSettings__Version=${IMAGE_TAG:-unknown} - AppSettings__AllowedHosts=* # Logging Configuration - Logging__LogLevel__Default=Information - Logging__LogLevel__Microsoft.AspNetCore=Warning - Logging__LogLevel__BCards=Debug # Performance Optimizations - DOTNET_RUNNING_IN_CONTAINER=true - DOTNET_EnableDiagnostics=0 - DOTNET_USE_POLLING_FILE_WATCHER=true - DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false - DOTNET_TieredPGO=1 - DOTNET_TC_QuickJitForLoops=1 # Security Headers - ASPNETCORE_HTTPS_PORT=8443 - ASPNETCORE_Kestrel__Certificates__Default__Path=/app/certs/cert.pfx - ASPNETCORE_Kestrel__Certificates__Default__Password=${CERT_PASSWORD:-} # Redis Configuration (if needed) - Redis__ConnectionString=localhost:6379 volumes: # Application logs - ./logs:/app/logs:rw # File uploads (if needed) - ./uploads:/app/uploads:rw # SSL certificates (if using HTTPS) # - ./certs:/app/certs:ro networks: - bcards-staging-network # Health check configuration healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8080/health"] interval: 30s timeout: 10s retries: 3 start_period: 60s # Resource limits for staging environment deploy: resources: limits: memory: 1G cpus: '1.0' reservations: memory: 512M cpus: '0.5' # Logging configuration logging: driver: "json-file" options: max-size: "100m" max-file: "5" # Platform specification (will use the appropriate arch from multi-arch image) # platform: linux/amd64 # Uncomment if forcing specific architecture # Security options security_opt: - no-new-privileges:true read_only: false # Set to true for extra security, but may need volume mounts for temp files # Process limits ulimits: nproc: 65535 nofile: soft: 65535 hard: 65535 # Optional: Redis for caching (if application uses it) redis: image: redis:7-alpine container_name: bcards-redis-staging restart: unless-stopped ports: - "6379:6379" command: redis-server --appendonly yes --maxmemory 256mb --maxmemory-policy allkeys-lru volumes: - redis_staging_data:/data networks: - bcards-staging-network deploy: resources: limits: memory: 256M cpus: '0.5' logging: driver: "json-file" options: max-size: "50m" max-file: "3" # Optional: Nginx reverse proxy for additional features nginx: image: nginx:alpine container_name: bcards-nginx-staging restart: unless-stopped ports: - "8091:80" - "8454:443" volumes: - ./nginx/staging.conf:/etc/nginx/conf.d/default.conf:ro - ./nginx/ssl:/etc/ssl/certs:ro - ./logs/nginx:/var/log/nginx:rw depends_on: - bcards-web networks: - bcards-staging-network deploy: resources: limits: memory: 128M cpus: '0.25' # Named volumes for persistent data volumes: redis_staging_data: driver: local driver_opts: type: none o: bind device: ./data/redis # Network for staging environment networks: bcards-staging-network: driver: bridge ipam: config: - subnet: 172.20.0.0/16