Hugging Face's logo

IsmatS
/
SOCAR_Hackathon

Azerbaijani
Russian
English
rag
ocr
document-understanding
azerbaijani
llm
fastapi
pinecone
document-intelligence
Model card Files
xet
 Community
SOCAR_Hackathon / docker-compose.prod.yml
Claude
Fix CAA production deployment with SSL/TLS configuration
54fdaaa
raw
history blame contribute delete
2.59 kB
# SOCAR AI System - Production Docker Compose with SSL/TLS Support
# This configuration includes nginx reverse proxy with SSL termination
#
# Prerequisites:
# 1. Set up CAA DNS records for your domain (see docs/markdowns/SSL_CAA_SETUP.md)
# 2. Generate SSL certificates using certbot or your CA
# 3. Copy certificates to ./nginx/ssl/
#
# Usage:
# docker-compose -f docker-compose.prod.yml up -d
version: '3.8'
services:
 # Nginx reverse proxy with SSL termination
 nginx:
 image: nginx:alpine
 container_name: socar-nginx
 ports:
 - "80:80"
 - "443:443"
 volumes:
 - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
 - ./nginx/ssl:/etc/nginx/ssl:ro
 - ./certbot/www:/var/www/certbot:ro
 depends_on:
 socar-ai-system:
 condition: service_healthy
 restart: unless-stopped
 healthcheck:
 test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:80/"]
 interval: 30s
 timeout: 10s
 retries: 3
 networks:
 - socar-network
 labels:
 - "com.socar.service=nginx-proxy"
 - "com.socar.ssl=enabled"
# Certbot for automatic SSL certificate renewal (Let's Encrypt)
 certbot:
 image: certbot/certbot:latest
 container_name: socar-certbot
 volumes:
 - ./nginx/ssl:/etc/letsencrypt:rw
 - ./certbot/www:/var/www/certbot:rw
 entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
 networks:
 - socar-network
 labels:
 - "com.socar.service=certbot"
 - "com.socar.purpose=ssl-renewal"
# Main SOCAR AI System
 socar-ai-system:
 build:
 context: .
 dockerfile: Dockerfile
 container_name: socar-ai-system
 # Only expose internally to nginx (not to host)
 expose:
 - "8000"
 env_file:
 - .env
 environment:
 - PYTHONUNBUFFERED=1
 - PRODUCTION=true
 - HTTPS_ONLY=true
 - TRUSTED_HOSTS=${TRUSTED_HOSTS:-localhost}
 restart: unless-stopped
 healthcheck:
 test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
 interval: 30s
 timeout: 10s
 retries: 3
 start_period: 40s
 networks:
 - socar-network
 labels:
 - "com.socar.description=SOCAR Historical Documents AI System"
 - "com.socar.features=OCR,LLM,Frontend"
 - "com.socar.version=1.0.0"
 - "com.socar.environment=production"
networks:
 socar-network:
 driver: bridge
 ipam:
 config:
 - subnet: 172.28.0.0/16
# Volume for persistent SSL certificates
volumes:
 ssl-certs:
 driver: local