Docker Compose Setup
NeXuS runs as a Docker Compose stack with 15+ containers. All configuration lives in infrastructure/docker/docker-compose.yml.
Quick Start
cd infrastructure/docker
cp .env.example .env
# Edit .env with your credentials
docker compose up -d
Service Definitions
The compose file defines three categories of services:
Public Services (Traefik-routed)
Each public service includes Traefik labels for automatic HTTPS routing:
api:
build: ../../backend
container_name: nexus-api
restart: unless-stopped
env_file: .env
depends_on:
- postgres
- redis
- mongodb
networks:
- traefik-public
- nexus-internal
labels:
- "traefik.enable=true"
- "traefik.http.routers.nexus-api.rule=Host(`api.sebhosting.com`)"
- "traefik.http.routers.nexus-api.entrypoints=websecure"
- "traefik.http.routers.nexus-api.tls.certresolver=letsencrypt"
- "traefik.http.services.nexus-api.loadbalancer.server.port=4000"
- "traefik.docker.network=traefik-public"
Databases (Internal only)
Databases run on the nexus-internal network with no Traefik labels:
postgres:
image: postgres:16-alpine
container_name: nexus-postgres
restart: unless-stopped
environment:
POSTGRES_DB: nexus
POSTGRES_USER: seb
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_HOST_AUTH_METHOD: scram-sha-256
volumes:
- postgres_data:/var/lib/postgresql/data
networks:
- nexus-internal # Internal ONLY
Volumes
volumes:
postgres_data: # PostgreSQL data
mongodb_data: # MongoDB data
redis_data: # Redis persistence
grafana_data: # Grafana dashboards and config
Networks
networks:
traefik-public:
external: true # Managed by Traefik
nexus-internal:
driver: bridge
internal: true # No external routing
Common Operations
# Start all services
docker compose up -d
# View logs for all services
docker compose logs -f
# View logs for a specific service
docker compose logs -f api
# Restart a service
docker compose restart auth-service
# Rebuild and restart a service
docker compose up -d --build api
# Stop all services
docker compose down
# Stop and remove volumes (DESTRUCTIVE)
docker compose down -v
Build Contexts
Each service has its own Dockerfile in its directory:
| Service | Build Context | Dockerfile |
|---|---|---|
| Frontend | ../../frontend | frontend/Dockerfile |
| API | ../../backend | backend/Dockerfile |
| Auth | ../../services/auth-service | services/auth-service/Dockerfile |
| CMS | ../../services/cms-service | services/cms-service/Dockerfile |
| CDN | ../../services/cdn-service | services/cdn-service/Dockerfile |
| Cache | ../../services/cache-service | services/cache-service/Dockerfile |
| WAF | ../../services/waf-service | services/waf-service/Dockerfile |
| AI Gateway | ../../services/ai-gateway | services/ai-gateway/Dockerfile |
| MCP Server | ../../services/mcp-server | services/mcp-server/Dockerfile |
Dependency Order
postgres ──┐
redis ─────┼──▶ api ──▶ frontend
mongodb ───┘
redis ─────┬──▶ auth-service
postgres ──┘
redis ─────┬──▶ cache-service
memcached ─┘
postgres ──┬──▶ cms-service
mongodb ───┘