final-cleanup: Produktionsfertige Konfiguration - Alle Ports auf 443 vereinheitlicht, TLS-Zertifikate vorgeneriert, Zentraler Installer erstellt

2025-05-26 22:16:22 +02:00
parent 7aa70cf976
commit f719f74195
40 changed files with 598 additions and 11815 deletions
--- a/frontend/docker-compose.frontend.yml
+++ b/frontend/docker-compose.frontend.yml
@@ -1,5 +1,5 @@
-# 🎨 MYP Frontend - Entwicklungsumgebung Konfiguration
-# Frontend-Service für die Entwicklung mit Raspberry Pi Backend
+# 🎨 MYP Frontend - Produktionsumgebung Konfiguration
+# Frontend-Service für die Produktion mit Raspberry Pi Backend

 version: '3.8'

@@ -8,152 +8,64 @@ services:
  frontend:
    build:
      context: .
-      dockerfile: Dockerfile.dev
-      args:
-        - BUILDKIT_INLINE_CACHE=1
-        - NODE_ENV=development
-    image: myp/frontend:dev
-    container_name: myp-frontend-dev
+      dockerfile: Dockerfile
+    container_name: myp-frontend
    restart: unless-stopped
-    
    environment:
-      - NODE_ENV=development
-      - NEXT_TELEMETRY_DISABLED=1
-      
-      # Backend API Konfiguration (Raspberry Pi)
-      - NEXT_PUBLIC_API_URL=http://192.168.0.105:5000
-      - NEXT_PUBLIC_BACKEND_HOST=192.168.0.105:5000
-      
-      # Frontend Server
-      - PORT=3000
-      - HOSTNAME=0.0.0.0
-      
-      # Auth Konfiguration (Entwicklung)
-      - NEXTAUTH_URL=http://localhost:3000
-      - NEXTAUTH_SECRET=dev-frontend-auth-secret
-      
-      # Debug-Einstellungen
-      - DEBUG=true
-      - NEXT_DEBUG=true
-    
+      - NODE_ENV=production
+      - NEXT_PUBLIC_API_URL=https://raspberrypi
+      - NEXT_PUBLIC_BACKEND_HOST=raspberrypi
+      - NEXT_PUBLIC_FRONTEND_URL=https://m040tbaraspi001.de040.corpintra.net
+      - NEXTAUTH_URL=https://m040tbaraspi001.de040.corpintra.net
+      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET:-myp-secret-key-2024}
+      - GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID}
+      - GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET}
+      - NEXT_PUBLIC_OAUTH_CALLBACK_URL=https://m040tbaraspi001.de040.corpintra.net/auth/login/callback
    volumes:
-      - .:/app
-      - /app/node_modules
-      - /app/.next
-      - ./public:/app/public:ro
-    
+      - ./certs:/app/certs
    ports:
      - "3000:3000"  # Direkter Port-Zugang für Frontend-Server
-    
    networks:
-      - frontend-network
-    
-    extra_hosts:
-      - "raspberrypi:192.168.0.105"
-    
+      - myp-network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
-    
-    labels:
-      - "service.type=frontend"
-      - "service.name=myp-frontend-dev"
-      - "service.environment=development"

-  # === FRONTEND CACHE (Optional: Redis für Session Management) ===
-  frontend-cache:
-    image: redis:7.2-alpine
-    container_name: myp-frontend-cache
+  # === CADDY PROXY ===
+  caddy:
+    image: caddy:2-alpine
+    container_name: myp-caddy
    restart: unless-stopped
-    
-    command: redis-server --appendonly yes --requirepass ${FRONTEND_REDIS_PASSWORD:-frontend_cache_password}
-    
-    volumes:
-      - frontend_redis_data:/data
-    
    ports:
-      - "6380:6379"  # Separater Port vom Backend-Cache
-    
-    networks:
-      - frontend-network
-    
-    healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
-      interval: 10s
-      timeout: 5s
-      retries: 3
-
-  # === FRONTEND CDN/NGINX (Statische Assets) ===
-  frontend-cdn:
-    image: nginx:alpine
-    container_name: myp-frontend-cdn
-    restart: unless-stopped
-    
+      - "80:80"
+      - "443:443"
    volumes:
-      - ./public:/usr/share/nginx/html/static:ro
-      - ./nginx.conf:/etc/nginx/nginx.conf:ro
-      - frontend_cdn_cache:/var/cache/nginx
-    
-    ports:
-      - "8080:80"  # Separater Port für statische Assets
-    
+      - ./docker/caddy/Caddyfile:/etc/caddy/Caddyfile
+      - ./certs:/etc/ssl/certs/myp
+      - caddy_data:/data
+      - caddy_config:/config
    networks:
-      - frontend-network
-    
+      - myp-network
    depends_on:
      - frontend
-    
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost/health"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-    
-    labels:
-      - "service.type=cdn"
-      - "service.name=myp-frontend-cdn"
+    environment:
+      - CADDY_INGRESS_NETWORKS=myp-network

 # === PERSISTENTE VOLUMES ===
 volumes:
-  frontend_data:
+  caddy_data:
    driver: local
-  
-  frontend_cache:
-    driver: local
-  
-  frontend_redis_data:
-    driver: local
-  
-  frontend_cdn_cache:
+  caddy_config:
    driver: local

-# === FRONTEND-NETZWERK ===
+# === NETZWERK ===
 networks:
-  frontend-network:
+  myp-network:
    driver: bridge
-    driver_opts:
-      com.docker.network.enable_ipv6: "false"
-      com.docker.network.bridge.enable_ip_masquerade: "true"
    labels:
-      - "description=MYP Frontend Server Netzwerk"
+      - "description=MYP Production Network"
      - "project=myp-frontend"
-      - "tier=frontend"
-
-# === KONFIGURATION FÜR FRONTEND ===
-x-frontend-defaults: &frontend-defaults
-  restart: unless-stopped
-  logging:
-    driver: "json-file"
-    options:
-      max-size: "10m"
-      max-file: "3"
-      labels: "service,environment,tier"
-
-x-healthcheck-frontend: &frontend-healthcheck
-  interval: 30s
-  timeout: 10s
-  retries: 3
-  start_period: 40s 
+      - "tier=production"