Add production Docker Compose deployment configurations

.env.traefik.example

@@ -0,0 +1,24 @@
+# Domain configuration (required)
+DOMAIN=example.com
+ACME_EMAIL=admin@example.com
+
+# Security (required - generate with: openssl rand -hex 32)
+SECRET_KEY=your_secure_secret_key_at_least_32_characters
+
+# Database
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=your_secure_database_password
+POSTGRES_DB=claudex
+
+# Docker image owner (change to your GitHub username for fork builds)
+IMAGE_OWNER=mng-dev-ai
+
+# Docker sandbox image
+DOCKER_IMAGE=ghcr.io/mng-dev-ai/claudex-sandbox:latest
+
+# Celery workers
+CELERY_CONCURRENCY=25
+CELERY_WORKER_REPLICAS=8
+
+# Logging
+LOG_LEVEL=INFO

.github/workflows/build-backend.yml

@@ -0,0 +1,59 @@
+name: Build Backend Image
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'backend/**'
+      - '.github/workflows/build-backend.yml'
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository_owner }}/claudex-backend
+
+jobs:
+  build-and-push:
+    name: Build and Push Backend Image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest
+            type=sha,prefix=
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: backend
+          file: backend/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/build-frontend.yml

@@ -0,0 +1,62 @@
+name: Build Frontend Image
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'frontend/**'
+      - '.github/workflows/build-frontend.yml'
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository_owner }}/claudex-frontend
+
+jobs:
+  build-and-push:
+    name: Build and Push Frontend Image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest
+            type=sha,prefix=
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: frontend
+          file: frontend/Dockerfile.prod
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            VITE_API_BASE_URL=__VITE_API_BASE_URL__
+            VITE_WS_URL=__VITE_WS_URL__
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

README.md

@@ -198,6 +198,36 @@ docker compose -p claudex-web -f docker-compose.yml logs -f    # Web logs
 
 For production deployment on a VPS, see the [Coolify Installation Guide](docs/coolify-installation-guide.md).
 
+### Docker Compose
+
+**Prerequisites**
+Currently, Claudex has two modes of deployment with Docker Compose:
+- On your localhost (mainly used for development purposes)
+- On an internet facing server
+
+There is currently no configuration provided for deploying it into a private network and accessing it across the LAN without allowing inbound. This is because it relies on wildcard DNS and publicly signed SSL certificates.
+
+In the future the plan is to add a configuration for a local, private deployment. For now, you must have a public domain with wildcard DNS support and port 80 and 443 open to the compose stack.
+
+**Traefik (HTTPS with Let's Encrypt):**
+
+```bash
+cp .env.traefik.example .env
+# Edit .env — set DOMAIN, ACME_EMAIL, POSTGRES_PASSWORD, SECRET_KEY
+docker compose -f docker-compose.traefik.yml up -d
+```
+
+Frontend at `https://DOMAIN`, API at `https://api.DOMAIN`. HTTP redirects to HTTPS automatically.
+
+Requires wildcard DNS pointing to your server. For example, if `DOMAIN=claudex.example.com`:
+
+```
+claudex.example.com       A  → your-server-ip
+*.claudex.example.com     A  → your-server-ip
+```
+
+**Fork builds:** Set `IMAGE_OWNER` in your `.env` to your GitHub username to use images built from your fork.
+
 ## API & Admin
 
 - **API Docs:** http://localhost:8080/api/v1/docs