Hugging Face's logo

IsmatS
/
SOCAR_Hackathon

Azerbaijani
Russian
English
rag
ocr
document-understanding
azerbaijani
llm
fastapi
pinecone
document-intelligence
Model card Files
xet
 Community
SOCAR_Hackathon
File size: 2,592 Bytes
54fdaaa
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# SOCAR AI System - Production Docker Compose with SSL/TLS Support
# This configuration includes nginx reverse proxy with SSL termination
#
# Prerequisites:
# 1. Set up CAA DNS records for your domain (see docs/markdowns/SSL_CAA_SETUP.md)
# 2. Generate SSL certificates using certbot or your CA
# 3. Copy certificates to ./nginx/ssl/
#
# Usage:
#   docker-compose -f docker-compose.prod.yml up -d

version: '3.8'

services:
  # Nginx reverse proxy with SSL termination
  nginx:
    image: nginx:alpine
    container_name: socar-nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
      - ./nginx/ssl:/etc/nginx/ssl:ro
      - ./certbot/www:/var/www/certbot:ro
    depends_on:
      socar-ai-system:
        condition: service_healthy
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:80/"]
      interval: 30s
      timeout: 10s
      retries: 3
    networks:
      - socar-network
    labels:
      - "com.socar.service=nginx-proxy"
      - "com.socar.ssl=enabled"

  # Certbot for automatic SSL certificate renewal (Let's Encrypt)
  certbot:
    image: certbot/certbot:latest
    container_name: socar-certbot
    volumes:
      - ./nginx/ssl:/etc/letsencrypt:rw
      - ./certbot/www:/var/www/certbot:rw
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
    networks:
      - socar-network
    labels:
      - "com.socar.service=certbot"
      - "com.socar.purpose=ssl-renewal"

  # Main SOCAR AI System
  socar-ai-system:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: socar-ai-system
    # Only expose internally to nginx (not to host)
    expose:
      - "8000"
    env_file:
      - .env
    environment:
      - PYTHONUNBUFFERED=1
      - PRODUCTION=true
      - HTTPS_ONLY=true
      - TRUSTED_HOSTS=${TRUSTED_HOSTS:-localhost}
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    networks:
      - socar-network
    labels:
      - "com.socar.description=SOCAR Historical Documents AI System"
      - "com.socar.features=OCR,LLM,Frontend"
      - "com.socar.version=1.0.0"
      - "com.socar.environment=production"

networks:
  socar-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.28.0.0/16

# Volume for persistent SSL certificates
volumes:
  ssl-certs:
    driver: local