From cf7656399b9c822130238ca43ff042a2998b720e Mon Sep 17 00:00:00 2001
From: TronoSfera <119615520+TronoSfera@users.noreply.github.com>
Date: Sat, 28 Feb 2026 16:09:47 +0300
Subject: [PATCH] add cert 2.4

---
 Makefile                              |  4 ++--
 README.md                             |  3 ++-
 context/13_production_deploy_ruakb.md |  2 ++
 docker-compose.local.yml              | 22 ++++++++++++++++++++++
 docker-compose.yml                    |  5 -----
 5 files changed, 28 insertions(+), 8 deletions(-)
 create mode 100644 docker-compose.local.yml

diff --git a/Makefile b/Makefile
index 653b832..2ce0027 100644
--- a/Makefile
+++ b/Makefile
@@ -10,7 +10,7 @@ DOMAIN ?= ruakb.ru
 WWW_DOMAIN ?= www.ruakb.ru
 LETSENCRYPT_EMAIL ?= admin@ruakb.ru
 
-LOCAL_COMPOSE = docker compose -f docker-compose.yml
+LOCAL_COMPOSE = docker compose -f docker-compose.yml -f docker-compose.local.yml
 PROD_COMPOSE = docker compose -f docker-compose.yml -f docker-compose.prod.nginx.yml
 CERT_COMPOSE = docker compose -f docker-compose.yml -f docker-compose.prod.nginx.yml -f docker-compose.prod.cert.yml
 
@@ -57,7 +57,7 @@ check-cert-files: check-prod-files
 	@test -f deploy/nginx/edge-https.conf || (echo "[ERROR] Missing deploy/nginx/edge-https.conf. Run: git pull"; exit 1)
 
 prod-up: check-prod-files
-	$(PROD_COMPOSE) up -d --build
+	$(PROD_COMPOSE) up -d --build --force-recreate --remove-orphans
 	$(PROD_COMPOSE) exec -T backend alembic upgrade head
 
 prod-down: check-prod-files
diff --git a/README.md b/README.md
index 30f8de7..0b887c3 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ Backend skeleton: public requests + OTP + public JWT cookie + admin (admin/lawye
 ## Run (Docker)
 ```bash
 cp .env.example .env
-docker compose up --build
+docker compose -f docker-compose.yml -f docker-compose.local.yml up --build
 ```
 Landing (frontend): http://localhost:8081
 Admin UI: http://localhost:8081/admin
@@ -43,6 +43,7 @@ Checks:
 curl -I https://ruakb.ru
 curl -fsS https://ruakb.ru/health
 curl -fsS https://ruakb.ru/chat-health
+ss -lntp | egrep ':(80|443|5432|6379|8002|8081|9000|9001)\\b'
 ```
 
 ## Migrations
diff --git a/context/13_production_deploy_ruakb.md b/context/13_production_deploy_ruakb.md
index a041048..896744a 100644
--- a/context/13_production_deploy_ruakb.md
+++ b/context/13_production_deploy_ruakb.md
@@ -4,6 +4,7 @@
 Развернуть платформу на сервере `45.150.36.116` c HTTPS на `80/443` для домена `ruakb.ru`.
 
 ## Что добавлено
+- `docker-compose.local.yml` — локальные публикации портов (`8081/8080/8002/5432/6379/9000/9001`)
 - `docker-compose.prod.nginx.yml` — production override:
   - edge nginx на `80/443`
   - certbot volume для сертификатов
@@ -39,6 +40,7 @@ curl -I http://ruakb.ru
 curl -I https://ruakb.ru
 curl -fsS https://ruakb.ru/health
 curl -fsS https://ruakb.ru/chat-health
+ss -lntp | egrep ':(80|443|5432|6379|8002|8081|9000|9001)\b'
 ```
 
 ## Обновление
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
new file mode 100644
index 0000000..d33489b
--- /dev/null
+++ b/docker-compose.local.yml
@@ -0,0 +1,22 @@
+services:
+  frontend:
+    ports:
+      - "8081:80"
+      - "8080:80"
+
+  backend:
+    ports:
+      - "8002:8000"
+
+  db:
+    ports:
+      - "5432:5432"
+
+  redis:
+    ports:
+      - "6379:6379"
+
+  minio:
+    ports:
+      - "9000:9000"
+      - "9001:9001"
diff --git a/docker-compose.yml b/docker-compose.yml
index 9afa37c..2d9e3e5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -16,7 +16,6 @@ services:
       timeout: 5s
       retries: 5
       start_period: 20s
-    ports: ["8081:80", "8080:80"]
 
   e2e:
     build:
@@ -53,7 +52,6 @@ services:
       timeout: 5s
       retries: 5
       start_period: 25s
-    ports: ["8002:8000"]
     volumes: [".:/app"]
 
   chat-service:
@@ -109,7 +107,6 @@ services:
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
       POSTGRES_USER: ${POSTGRES_USER:-postgres}
       POSTGRES_DB: ${POSTGRES_DB:-legal}
-    ports: ["5432:5432"]
     volumes: ["pgdata:/var/lib/postgresql/data"]
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U postgres -d legal"]
@@ -122,7 +119,6 @@ services:
     image: redis:7
     container_name: law-redis
     restart: unless-stopped
-    ports: ["6379:6379"]
     healthcheck:
       test: ["CMD", "redis-cli", "ping"]
       interval: 10s
@@ -138,7 +134,6 @@ services:
     environment:
       MINIO_ROOT_USER: minioadmin
       MINIO_ROOT_PASSWORD: minioadmin
-    ports: ["9000:9000", "9001:9001"]
     volumes: ["miniodata:/data"]
 
 volumes: