More domains here

CHEATSHEET.md

@@ -13,22 +13,21 @@
 - **Database (phpMyAdmin):** [http://localhost:8081](http://localhost:8081) (requires `--profile database`)
 - **Logs (Dozzle):** [http://localhost:8881](http://localhost:8881)
 
-## 🔌 Port Reference
-| Port | Variable              | Purpose                                          |
-|------|-----------------------|--------------------------------------------------|
-| 3001 | `AE_APP_GATEWAY_PORT` | App gateway — home nginx → ae_app replicas       |
-| 5060 | `AE_API_GATEWAY_PORT` | API gateway — home nginx → ae_api replicas       |
-| 8888 | `OSIT_WEB_HTTP_PORT`  | LAN HTTP direct access (no home server needed)   |
-| 8081 | `AE_PMA_PORT`         | phpMyAdmin (database profile only)               |
-| 8881 | —                     | Dozzle log viewer                                |
-| 3306 | `AE_DB_EXTERNAL_PORT` | MariaDB direct (database profile only)           |
+## 🔌 Multi-Stack Port Reference
+To run multiple stacks (`test`, `bak`, `prod`) on one host, you **must** assign unique host ports in each `.env`.
 
-## 📈 Scaling
-Both services scale via Docker DNS round-robin inside `ae_web_dev`.
-Home server nginx **never needs to change** — it always points to the same port.
+| Port Type       | Variable              | Example (Test) | Example (Bak) | Example (Prod) |
+|-----------------|-----------------------|----------------|---------------|----------------|
+| App Gateway     | `AE_APP_GATEWAY_PORT` | 3009           | 3002          | 3001           |
+| API Gateway     | `AE_API_GATEWAY_PORT` | 5063           | 5062          | 5061           |
+| LAN Direct HTTP | `OSIT_WEB_HTTP_PORT`  | 32887          | 32891         | 32890          |
+| Dozzle Logs     | `AE_DOZZLE_PORT`      | 8889           | 8882          | 8881           |
+| MariaDB Direct  | `AE_DB_EXTERNAL_PORT` | 32769          | 32770         | 32768          |
 
-- Edit `.env` → `AE_APP_REPLICAS=X` or `AE_API_REPLICAS=X`
-- Run `docker compose up -d` (or `up -d ae_app` for app-only)
+## 🏗️ Multi-Stack Isolation
+1. **Network Name:** Set `AE_NETWORK_NAME=ae_test_net` (etc) to prevent Docker network name collisions.
+2. **Container Names:** Set `CONTAINER_` variables (e.g., `CONTAINER_WEB=ae_web_test`) to prevent Docker from refusing to start "conflicting" containers.
+3. **Internal Shared Net:** All stacks must connect to `aether_shared_net` to reach a shared MariaDB/Redis.
 
 ## 💾 Database Operations
 - **Manual Backup:** `./backup_db.sh` (hot backup, live container)

README.md

@@ -4,7 +4,7 @@ This repository provides the unified Docker orchestration and configuration for
 
 ## 🌐 Traffic Architecture
 
-Understanding this prevents configuration mistakes.
+The V3 environment uses a **Dual-Network** strategy to support multiple isolated stacks (`test`, `bak`, `prod`) on a single host while sharing core services like MariaDB or Redis.
 
 ```
 External Internet
@@ -22,23 +22,22 @@ workstation:3001           workstation:5060
  ae_app replicas          ae_api replicas
 ```
 
-**Key points:**
-- Home server nginx terminates SSL and routes by domain name to one of two stable ports. It never needs to know about replicas.
-- `ae_web_dev` is the internal load balancer. It routes by `server_name` to the correct upstream, and Docker DNS automatically round-robins across all replicas.
-- SSL is terminated at the home server. Internal traffic (home server → workstation → containers) is plain HTTP — no internal certs needed.
-- To scale, change `AE_APP_REPLICAS` or `AE_API_REPLICAS` in `.env` and run `docker compose up -d`. Home server nginx never changes.
-
-**Host ports exposed by ae_web_dev:**
-- `:3001` — App gateway (SvelteKit)
-- `:5060` — API gateway (FastAPI)
-- `:8888` — LAN HTTP (direct local access without going through home server)
-- `:443` — commented out; SSL terminates at home server, not internally
+**Key Improvements:**
+- **Scalable Routing:** Nginx uses Regex (`~^(dev|test|bak|sr|prod)?-?...`) to automatically handle any environment prefix without configuration changes.
+- **Isolated Stacks:** Each deployment uses a unique `AE_NETWORK_NAME` and `CONTAINER_` prefix to prevent collisions.
+- **Shared Services:** Core infrastructure (DB/Redis) resides on the `aether_shared_net` which must be created manually once.
 
 ---
 
 ## 🚀 Quick Start
 
-### 1. Initialize Directory Structure
+### 1. Initialize Host Network
+Before starting your first stack, create the shared internal network:
+```bash
+docker network create aether_shared_net
+```
+
+### 2. Initialize Directory Structure
 Create the base directory and clone this environment:
 ```bash
 sudo mkdir -p /srv/env/aether
@@ -46,12 +45,12 @@ sudo chown -R $USER:$USER /srv/env/aether
 git clone https://bitbucket.org/oneskyit/one-sky-it-container-environment.git /srv/env/aether/container_env
 ```
 
-### 2. Configure Environment Settings
-Copy the template and update it with your local paths and credentials:
+### 3. Configure Environment Settings
+Copy the template and update it with your unique stack identifiers:
 ```bash
 cd /srv/env/aether/container_env
 cp env.default .env
-# Edit .env to match your host system (Paths, DB, Ports)
+# CRITICAL: Set unique CONTAINER_ prefixes and AE_NETWORK_NAME for each stack
 vim .env
 ```
 

conf/nginx/site-enabled_aether_app_svelte_node.conf

@@ -4,13 +4,12 @@ server {
 
     server_name
         ${DOCKER_AE_APP_SERVER_NAME}
-        ~^(dev|test|bak|sr|prod)?-?(app|demo|connect|aacc|aapor|ascm|businessgroup|chow|cmsc|idaa|ishlt|lci|ncsd|npa|rli)\.oneskyit\.com$
+        ~^(dev|test|bak|sk|sr|prod)?-?(app|demo|connect|aacc|aapor|ascm|bgh|businessgroup|chow|cmsc|idaa|ishlt|lci|ncsd|npa|rli|scott|dgr)\.oneskyit\.com$
         app.localhost
         demo.localhost
         connect.localhost
         svelte.localhost
         dev.localhost
-        localhost
         ;
 
     access_log  /logs/nginx/access_svelte_node.log;

conf/nginx/site-enabled_aether_fastapi_gunicorn.conf

@@ -12,7 +12,6 @@ server {
         ~^(dev|test|bak|sr|prod)?-?(api|fastapi)\.oneskyit\.com$
         api.localhost
         fastapi.localhost
-        localhost
         ;
 
     # server_name

docker-compose.yml

@@ -2,6 +2,9 @@ services:
     web:
         restart: unless-stopped
         container_name: ${CONTAINER_WEB}
+        networks:
+            - default
+            - shared
         build:
             context: ./
             dockerfile: aether_nginx.Dockerfile
@@ -12,7 +15,7 @@ services:
             - PGID=1000
             - TZ=US/Eastern
 
-            - NGINX_SERVER_NAMES="flask_gunicorn.localhost demo.localhost dev.localhost dev.oneskyit.com dev-app.oneskyit.com dev-connect.oneskyit.com dev-demo.oneskyit.com dev-aacc.oneskyit.com dev-aapor.oneskyit.com dev-ascm.oneskyit.com dev-businessgroup.oneskyt.com dev-chow.oneskyit.com dev-cmsc.oneskyit.com dev-idaa.oneskyit.com dev-ishlt.oneskyit.com dev-lci.oneskyit.com dev-ncsd.oneskyit.com dev-npa.oneskyit.com dev-rli.oneskyit.com test-app.oneskyit.com test-api.oneskyit.com test-demo.oneskyit.com test-lci.oneskyit.com test-idaa.oneskyit.com"
+            - NGINX_SERVER_NAMES="flask_gunicorn.localhost demo.localhost dev.localhost dev.oneskyit.com dev-app.oneskyit.com dev-connect.oneskyit.com dev-demo.oneskyit.com dev-aacc.oneskyit.com dev-aapor.oneskyit.com dev-ascm.oneskyit.com dev-businessgroup.oneskyt.com dev-chow.oneskyit.com dev-cmsc.oneskyit.com dev-idaa.oneskyit.com dev-ishlt.oneskyit.com dev-lci.oneskyit.com dev-ncsd.oneskyit.com dev-npa.oneskyit.com dev-rli.oneskyit.com test-app.oneskyit.com test-api.oneskyit.com test-demo.oneskyit.com test-lci.oneskyit.com test-idaa.oneskyit.com scott.oneskyit.com dgr.oneskyit.com"
         ports:
             - "${OSIT_WEB_HTTP_PORT}:80"   # LAN HTTP (local access without SSL)
             # - "${OSIT_WEB_HTTPS_PORT}:443" # HTTPS — not needed internally; terminate SSL at home server
@@ -48,6 +51,9 @@ services:
         restart: always
         container_name: ${CONTAINER_REDIS}
         image: redis
+        networks:
+            - default
+            - shared
         command: redis-server --save "" --loglevel warning
         logging:
             driver: "json-file"
@@ -60,6 +66,8 @@ services:
         image: mariadb:10.11
         container_name: ae_mariadb_dev
         profiles: ["database"]
+        networks:
+            - shared
         command: [
             "mysqld",
             "--max-connections=${MARIADB_MAX_CONNECTIONS}",
@@ -90,6 +98,8 @@ services:
         image: phpmyadmin/phpmyadmin
         container_name: ae_pma_dev
         profiles: ["database"]
+        networks:
+            - shared
         environment:
             PMA_HOST: mariadb
             UPLOAD_LIMIT: 64M
@@ -109,6 +119,15 @@ services:
             context: ${AE_API_SRC}
             dockerfile: Dockerfile
         scale: ${AE_API_REPLICAS}
+        networks:
+            - default
+            - shared
+        healthcheck:
+            test: ["CMD", "curl", "-f", "http://localhost:5005/health"]
+            interval: 30s
+            timeout: 10s
+            retries: 3
+            start_period: 60s
         env_file:
             - ./.env
         extra_hosts:
@@ -144,6 +163,9 @@ services:
             args:
                 BUILD_MODE: ${AE_APP_BUILD_MODE:-staging}
         scale: ${AE_APP_REPLICAS:-1}
+        networks:
+            - default
+            - shared
         env_file:
             - ./.env
         # No host ports — ae_web_dev proxies to ae_app:3000 via Docker DNS,
@@ -209,12 +231,12 @@ services:
     #             max-file: "3"
 
     dozzle:
-        container_name: ae_dozzle_dev
+        container_name: ${CONTAINER_DOZZLE:-ae_dozzle_dev}
         image: amir20/dozzle:latest
         volumes:
             - /var/run/docker.sock:/var/run/docker.sock
         ports:
-            - "8881:8080"
+            - "${AE_DOZZLE_PORT:-8881}:8080"
         restart: unless-stopped
         logging:
             driver: "json-file"
@@ -228,6 +250,8 @@ services:
         image: alpine:latest
         restart: always
         profiles: ["database"]
+        networks:
+            - shared
         env_file:
             - ./.env
         volumes:
@@ -247,4 +271,7 @@ services:
 
 networks:
   default:
-    name: ae_dev_net
+    name: ${AE_NETWORK_NAME:-ae_dev_net}
+  shared:
+    name: aether_shared_net
+    external: true

env.default

@@ -32,14 +32,23 @@ CONTAINER_AE_APP=ae_app_default
 CONTAINER_REDIS=ae_redis_default
 CONTAINER_MARIADB=ae_mariadb_default
 CONTAINER_PMA=ae_pma_default
+CONTAINER_DOZZLE=ae_dozzle_default
 
 # ------------------------------------------------------------------------------
 # NETWORK & PROXY SETTINGS
 # ------------------------------------------------------------------------------
+# Internal Docker network name (should be unique per environment)
+AE_NETWORK_NAME=ae_dev_net
+
 # Local Nginx listener ports on the host system
 OSIT_WEB_HTTP_PORT=8080
 OSIT_WEB_HTTPS_PORT=4443
 
+# Gateway ports (External entry points into the container mesh)
+AE_API_GATEWAY_PORT=5060
+AE_APP_GATEWAY_PORT=3001
+AE_DOZZLE_PORT=8881
+
 # Maximum allowed file upload size (Global for Nginx)
 OSIT_WEB_MAX_BODY_SIZE=5120M