services:
  # -------- Nginx 静态网站服务 --------
  nginx-webws:
    image: nginx:alpine
    container_name: nginx-webws
    restart: always
    volumes:
      - webws-data:/usr/share/nginx/html:ro
      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
    networks:
      - frontend
    labels:
      - "traefik.enable=true"
      
      # HTTP 路由 (端口 80) - 重定向到 HTTPS
      - "traefik.http.routers.webws-http.rule=Host(`amiap.hzau.edu.cn`) && PathPrefix(`/ABM`)"
      - "traefik.http.routers.webws-http.entrypoints=web"
      - "traefik.http.routers.webws-http.middlewares=redirect-to-https"
      
      # HTTPS 路由 (端口 443)
      - "traefik.http.routers.webws-https.rule=Host(`amiap.hzau.edu.cn`) && PathPrefix(`/ABM`)"
      - "traefik.http.routers.webws-https.entrypoints=websecure"
      - "traefik.http.routers.webws-https.tls.certresolver=myresolver"
      - "traefik.http.routers.webws-https.service=webws"
      
      # 重定向中间件
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
      
      # 服务定义
      - "traefik.http.services.webws.loadbalancer.server.port=80"

  # -------- PostgreSQL 数据库 --------
  postgres:
    image: postgres:16-alpine
    container_name: webws-postgres
    restart: always
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB}
      PGDATA: /var/lib/postgresql/data/pgdata
    volumes:
      # 使用绑定挂载到 /vol1 大容量存储
      - ./postgres_data:/var/lib/postgresql/data
    networks:
      - frontend
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
      interval: 10s
      timeout: 5s
      retries: 5

volumes:
  webws-data:
    external: true   # 已经手动创建好的外部卷

networks:
  frontend:
    external: true