# 对外仅暴露 443（HTTPS）；内部 api/web/admin 不映射宿主机端口
# version 已废弃，已移除

services:
  # 二进制由脚本构建到 deploy/api/server，挂载 deploy/api 即可更新，无需重建镜像
  api:
    build:
      context: .
      dockerfile: server/Dockerfile.run
      args:
        REGISTRY_MIRROR: ${REGISTRY_MIRROR:-}
    image: yh_web-api-run:latest
    container_name: yh_api
    volumes:
      - ./deploy/api:/app:ro
      - ./data/uploads:/uploads
    env_file:
      - ./server/.env
    environment:
      - PORT=8088
      - UPLOAD_DIR=/uploads
      - MONGODB_URI=${MONGODB_URI:-mongodb://mongo:27017}
      - MONGODB_DB=${MONGODB_DB:-yxd-agent-testing}
      - GIN_MODE=release
      - ALLOWED_ORIGINS=${ALLOWED_ORIGINS:-https://yuheng.yuxindazhineng.com}
    depends_on:
      - mongo
    networks:
      - yh_net

  # 静态文件由脚本构建到 deploy/web/dist，挂载后替换文件即可生效
  web:
    image: ${REGISTRY_MIRROR:-docker.m.daocloud.io/library/}nginx:alpine
    container_name: yh_web
    volumes:
      - ./deploy/web/dist:/usr/share/nginx/html:ro
      - ./deploy/web/default.conf:/etc/nginx/conf.d/default.conf:ro
      - ./verify-root:/verify-root:ro
    networks:
      - yh_net

  # 静态文件由脚本构建到 deploy/admin/dist，挂载后替换文件即可生效
  admin:
    image: ${REGISTRY_MIRROR:-docker.m.daocloud.io/library/}nginx:alpine
    container_name: yh_admin
    volumes:
      - ./deploy/admin/dist:/usr/share/nginx/html:ro
      - ./deploy/admin/default.conf:/etc/nginx/conf.d/default.conf:ro
    networks:
      - yh_net

  nginx:
    image: ${REGISTRY_MIRROR:-docker.m.daocloud.io/library/}nginx:alpine
    container_name: yh_nginx
    ports:
      - "443:443"
    # Podman 无 Docker 的 127.0.0.11：勿在 nginx 里用 resolver+变量 proxy_pass。先等 web/admin/api 可解析再启动 nginx。
    entrypoint: ["/bin/sh", "/nginx-entrypoint-wait-dns.sh"]
    volumes:
      - ./scripts/nginx-entrypoint-wait-dns.sh:/nginx-entrypoint-wait-dns.sh:ro
      - ./nginx/yuheng.docker.conf:/etc/nginx/conf.d/default.conf:ro
      - /etc/ssl/yh_web/yuheng.yuxindazhineng.com:/etc/ssl/yh_web/yuheng.yuxindazhineng.com:ro
    depends_on:
      - api
      - web
      - admin
    # Podman/慢盘：API 首次就绪可能超过 90s，避免 yh_nginx 等待超时后 Exited(1) → 全站 443 拒绝连接
    environment:
      - NGINX_WAIT_UPSTREAM_SEC=180
    networks:
      - yh_net

  mongo:
    # 国内默认走镜像；海外可 export REGISTRY_MIRROR= 后直连
    image: ${REGISTRY_MIRROR:-docker.m.daocloud.io/library/}mongo:7
    container_name: yh_mongo
    volumes:
      - mongo_data:/data/db
    networks:
      - yh_net
    # 仅内网，不暴露端口（API 容器内用 mongo:27017）
    # ports:
    #   - "27017:27017"

networks:
  yh_net:
    driver: bridge

volumes:
  mongo_data: