services:

db:

image: postgres:alpine

restart: always

environment:

POSTGRES_DB: ${DB_DATABASE:-nexquery_ai}

POSTGRES_USER: ${DB_USER:-postgres}

POSTGRES_PASSWORD: ${DB_PASSWORD:-root123}

PGDATA: /var/lib/postgresql/pgdata

ports:

- '${DB_PORT:-5432}:5432'

volumes:

- db_data:/var/lib/postgresql

networks:

- nexquery_network

redis:

image: redis:alpine

restart: always

ports:

- '6379:6379'

volumes:

- redis_data:/data

networks:

- nexquery_network

qdrant:

image: qdrant/qdrant:latest

restart: always

environment:

QDRANT__SERVICE__API_KEY: ${QDRANT_API_KEY}

ports:

- '6333:6333'

volumes:

- qdrant_data:/qdrant/storage

networks:

- nexquery_network

backend:

profiles: [app]

build:

context: .

dockerfile: backend/Dockerfile

restart: always

env_file: .env

environment:

NODE_ENV: production

HOST: 0.0.0.0

DB_HOST: db

QDRANT_HOST: qdrant

# Force encryption in production, even if .env says false

API_ENCRYPTION_ENABLED: 'true'

command: >

sh -c "node ace migration:run --force && node ace db:seed && node bin/server.js"

ports:

- '${PORT:-3008}:3008'

depends_on:

- db

networks:

- nexquery_network

volumes:

- ./backend/logs:/app/backend/build/logs

frontend:

profiles: [app]

build:

context: .

dockerfile: frontend/Dockerfile

args:

# Force encryption in production build

API_ENCRYPTION_ENABLED: 'true'

ports:

- 3000:3000

restart: always

env_file: .env

depends_on:

- backend

networks:

- nexquery_network

# es-setup:

# image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0

# container_name: es-setup

# volumes:

# - es_data:/usr/share/elasticsearch/data

# user: '0'

# command: >

# bash -c '

# PW=${ELASTIC_PASSWORD:-nexquery_secure_pwd};

# echo "Setting internal passwords using provided or default value...";

# echo $$PW | bin/elasticsearch-keystore add -x "bootstrap.password" || true;

# until curl -s http://elasticsearch:9200 | grep -q "missing authentication credentials"; do sleep 2; done;

# curl -s -X POST -u "elastic:$$PW" -H "Content-Type: application/json" http://elasticsearch:9200/_security/user/kibana_system/_password -d "{\"password\":\"$$PW\"}" | grep -q "^{}" || echo "Failed to set kibana_system password";

# echo "All done!";

# '

# networks:

# - nexquery_network

# depends_on:

# - elasticsearch

elasticsearch:

image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0

environment:

- discovery.type=single-node

- xpack.security.enabled=true

- ELASTIC_PASSWORD=${ELASTIC_PASSWORD:-nexquery_secure_pwd}

- ES_JAVA_OPTS=-Xms512m -Xmx512m

ulimits:

memlock:

soft: -1

hard: -1

ports:

- '9200:9200'

networks:

- nexquery_network

volumes:

- es_data:/usr/share/elasticsearch/data

kibana:

image: docker.elastic.co/kibana/kibana:8.12.0

environment:

- ELASTICSEARCH_HOSTS=http://elasticsearch:9200

- ELASTICSEARCH_USERNAME=kibana_system

- ELASTICSEARCH_PASSWORD=${ELASTIC_PASSWORD:-nexquery_secure_pwd}

ports:

- '5601:5601'

depends_on:

- elasticsearch

networks:

- nexquery_network

filebeat:

image: docker.elastic.co/beats/filebeat:8.12.0

user: root

volumes:

- ./docker/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro

- ./backend/logs:/var/log/app:ro

- /var/lib/docker/containers:/var/lib/docker/containers:ro

- /var/run/docker.sock:/var/run/docker.sock:ro

- filebeat_data:/usr/share/filebeat/data

environment:

- ELASTICSEARCH_HOSTS=http://elasticsearch:9200

- ELASTICSEARCH_USERNAME=elastic

- ELASTICSEARCH_PASSWORD=${ELASTIC_PASSWORD:-nexquery_secure_pwd}

depends_on:

- elasticsearch

networks:

- nexquery_network

networks:

nexquery_network:

driver: bridge

volumes:

db_data:

redis_data:

qdrant_data:

es_data:

filebeat_data: