services:
  # Redis 快取服務
  redis:
    image: redis:7-alpine
    container_name: tempspec-redis
    restart: unless-stopped
    command: redis-server --appendonly yes --maxmemory 256mb --maxmemory-policy allkeys-lru
    volumes:
      - redis_data:/data
    networks:
      - tempspec-network
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 30s
      timeout: 10s
      retries: 5

  # ONLYOFFICE Document Server
  onlyoffice:
    image: onlyoffice/documentserver:8.0
    container_name: tempspec-onlyoffice
    restart: unless-stopped
    environment:
      JWT_ENABLED: "true"
      JWT_SECRET: ${ONLYOFFICE_JWT_SECRET:-your_jwt_secret_key_here}
      JWT_HEADER: "Authorization"
      JWT_IN_BODY: "true"
    ports:
      - "${ONLYOFFICE_PORT:-12011}:80"
    volumes:
      - onlyoffice_data:/var/www/onlyoffice/Data
      - onlyoffice_logs:/var/log/onlyoffice
    networks:
      - tempspec-network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost/healthcheck"]
      interval: 30s
      timeout: 10s
      retries: 5

  # Flask 應用程式
  app:
    build: .
    container_name: tempspec-app
    restart: unless-stopped
    environment:
      # Flask 設定
      FLASK_ENV: ${FLASK_ENV:-production}
      SECRET_KEY: ${SECRET_KEY:-your-secret-key-here}
      
      # 使用外部資料庫 (與 .env 相同)
      DATABASE_URL: ${DATABASE_URL:-mysql+pymysql://user:pass@host:port/dbname}
      
      # Redis 設定
      REDIS_URL: redis://redis:6379/0
      
      # CDN 設定
      CDN_DOMAIN: ${CDN_DOMAIN:-}
      
      # LDAP 設定
      LDAP_SERVER: ${LDAP_SERVER:-ldap://your-dc.company.com}
      LDAP_PORT: ${LDAP_PORT:-389}
      LDAP_USE_SSL: ${LDAP_USE_SSL:-False}
      LDAP_SEARCH_BASE: ${LDAP_SEARCH_BASE:-DC=company,DC=com}
      LDAP_BIND_USER_DN: ${LDAP_BIND_USER_DN:-CN=service,DC=company,DC=com}
      LDAP_BIND_USER_PASSWORD: ${LDAP_BIND_USER_PASSWORD:-service_password}
      LDAP_USER_LOGIN_ATTR: ${LDAP_USER_LOGIN_ATTR:-userPrincipalName}
      
      # SMTP 郵件設定
      SMTP_SERVER: ${SMTP_SERVER:-smtp.company.com}
      SMTP_PORT: ${SMTP_PORT:-587}
      SMTP_USE_TLS: ${SMTP_USE_TLS:-True}
      SMTP_SENDER_EMAIL: ${SMTP_SENDER_EMAIL:-noreply@company.com}
      SMTP_SENDER_PASSWORD: ${SMTP_SENDER_PASSWORD:-smtp_password}
      
      # ONLYOFFICE 設定
      ONLYOFFICE_URL: http://localhost:12011/
      ONLYOFFICE_INTERNAL_URL: http://onlyoffice:80
      ONLYOFFICE_JWT_SECRET: ${ONLYOFFICE_JWT_SECRET:-your_jwt_secret_key_here}
      
      # 其他設定
      UPLOAD_FOLDER: uploads
    ports:
      - "${APP_PORT:-12010}:5000"
    volumes:
      - ./uploads:/app/uploads
      - ./static/generated:/app/static/generated
      - ./logs:/app/logs
      - ./template_with_placeholders.docx:/app/template_with_placeholders.docx:ro
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 1G
        reservations:
          cpus: '0.5'
          memory: 512M
    depends_on:
      redis:
        condition: service_healthy
      onlyoffice:
        condition: service_healthy
    networks:
      - tempspec-network
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:5000/"]
      interval: 30s
      timeout: 10s
      retries: 5

  # Nginx 反向代理 (生產環境自動啟用)
  nginx:
    image: nginx:alpine
    container_name: tempspec-nginx
    restart: unless-stopped
    ports:
      - "${NGINX_PORT:-12013}:80"
      - "${NGINX_SSL_PORT:-12014}:443"
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
      - ./nginx/ssl:/etc/nginx/ssl:ro
    depends_on:
      - app
    networks:
      - tempspec-network

volumes:
  redis_data:
    driver: local
  onlyoffice_data:
    driver: local
  onlyoffice_logs:
    driver: local

networks:
  tempspec-network:
    driver: bridge