# Mailcow Alias Manager - Docker Compose Configuration
#
# Production vs Development Mode:
# --------------------------------
# FLASK_ENV=production + FLASK_DEBUG=False → Uses Gunicorn (4 workers, production-ready)
# FLASK_ENV=development or FLASK_DEBUG=True → Uses Flask dev server (auto-reload, debug info)
#
# Recommended Settings:
# - Production: FLASK_ENV=production, FLASK_DEBUG=False (default)
# - Development: FLASK_ENV=development, FLASK_DEBUG=True
#
# Reverse Proxy Support:
# ----------------------
# This application is configured to work behind reverse proxies (Nginx, Traefik, Zoraxy, Authelia, etc.)
# The ProxyFix middleware automatically handles X-Forwarded-* headers for HTTPS detection
# No additional configuration needed for most standard proxy setups

services:
  mailcow-alias-manager:
    image: gitlab.pm/rune/malias-web:latest
    container_name: mailcow-alias-manager
    ports:
      - "5172:5172"
    volumes:
      - ./data:/app/data
    restart: unless-stopped
    environment:
      - TZ=Europe/Oslo
      
      # Flask Configuration
      # Set to 'production' for Gunicorn (recommended) or 'development' for Flask dev server
      - FLASK_ENV=production
      
      # Debug mode: False for production (recommended), True for development/troubleshooting
      - FLASK_DEBUG=False
      
      # Port configuration (default: 5172)
      - FLASK_PORT=5172
      
      # Host binding (default: 0.0.0.0 for Docker)
      - FLASK_HOST=0.0.0.0
      
      # Secret key for sessions - CRITICAL for multi-worker Gunicorn!
      # All workers must use the SAME secret key to decode session cookies
      # Generate with: python3 -c "import secrets; print(secrets.token_hex(32))"
      # IMPORATNT! The key below is just an example. GENERATE YOUR OWN KEY WITH COMMAND ABOVE! 
      - SECRET_KEY=dca6920115b8bbc13c346c75d668a49849590c77d9baaf903296582f24ff816a
      
      # Reverse Proxy Mode
      # ------------------
      # Set to 'true' when accessing through reverse proxy (Authelia, Zoraxy, Nginx, etc.)
      # Set to 'false' for direct IP:port access (e.g., http://192.168.1.100:5172)
      #
      # ENABLE_PROXY=true (Proxy Mode):
      #   - ProxyFix middleware enabled (handles X-Forwarded-* headers)
      #   - Secure cookies required (HTTPS only)
      #   - SameSite=None (allows cross-origin authentication)
      #   - Access via: https://alias.yourdomain.com
      #
      # ENABLE_PROXY=false (Direct Mode) - DEFAULT:
      #   - ProxyFix middleware disabled
      #   - Standard cookies (HTTP allowed)
      #   - SameSite=Lax (standard browser behavior)
      #   - Access via: http://your-server-ip:5172
      #
      - ENABLE_PROXY=false