diff --git a/.env.example b/.env.example index 2a7066c..18d3fd8 100644 --- a/.env.example +++ b/.env.example @@ -20,8 +20,9 @@ WALLET_RPC_USER= WALLET_RPC_PASS= # ─── Explorer web ──────────────────────────────────────────────────────────── -# Host port the explorer is published on -EXPLORER_PORT=3001 +# Public domain served by Caddy (gets a free Let's Encrypt cert automatically). +# Use 'localhost' for local testing (HTTP only, no cert). +DOMAIN=explorer.example.com # Bootswatch theme: Cerulean, Cosmo, Cyborg, Darkly, Flatly, Slate, Solar, ... EXPLORER_THEME=Purple diff --git a/Caddyfile b/Caddyfile new file mode 100644 index 0000000..b2e96ce --- /dev/null +++ b/Caddyfile @@ -0,0 +1,3 @@ +{$DOMAIN} { + reverse_proxy explorer:3001 +} diff --git a/docker-compose.yml b/docker-compose.yml index 14bcef3..513eec1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,6 +4,10 @@ networks: explorer-internal: # isolates MongoDB from the outside world name: purple-explorer-internal +volumes: + caddy_data: # TLS certificates — survives container restarts + caddy_config: + services: mongodb: image: mongo:7 @@ -35,6 +39,30 @@ services: max-size: "10m" max-file: "3" + caddy: + image: caddy:2-alpine + container_name: purple-explorer-caddy + restart: unless-stopped + depends_on: + - explorer + networks: + - explorer-internal + ports: + - "0.0.0.0:80:80" + - "0.0.0.0:443:443" + - "0.0.0.0:443:443/udp" # HTTP/3 + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile:ro + - caddy_data:/data + - caddy_config:/config + environment: + DOMAIN: ${DOMAIN} + logging: + driver: json-file + options: + max-size: "10m" + max-file: "3" + explorer: build: . image: purple-explorer:local @@ -45,8 +73,7 @@ services: networks: - purple # reach bitcoinpurpled:13495 for RPC - explorer-internal - ports: - - "0.0.0.0:${EXPLORER_PORT:-3001}:3001" + # Port 3001 is intentionally not published — Caddy proxies traffic env_file: .env command: web logging: