feat: add Docker production deployment for teal.dotmavriq.life

Multi-stage Dockerfile (Node + Composer + FrankenPHP), docker-compose
with app/db/queue services, Traefik routing with TLS, entrypoint
scripts with env validation/migration/caching, and deploy helper script.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: dotMavriQ

.dockerignore

@@ -0,0 +1,51 @@
+# Version control
+.git
+.gitignore
+.gitattributes
+
+# Dependencies (rebuilt in Docker)
+node_modules
+vendor
+
+# Build artifacts (rebuilt in Docker)
+public/build
+public/hot
+
+# Environment files (injected at runtime)
+.env
+.env.*
+!.env.example
+
+# Development/testing
+.phpunit.result.cache
+.phpunit.cache
+phpunit.xml
+tests
+.editorconfig
+.styleci.yml
+
+# Docker meta (prevent recursive context)
+docker-compose*.yml
+Dockerfile*
+.dockerignore
+
+# IDE
+.idea
+.vscode
+*.swp
+*.swo
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Runtime data (persisted via volumes)
+storage/logs/*
+storage/framework/cache/*
+storage/framework/sessions/*
+storage/framework/views/*
+storage/app/public/covers/*
+
+# Old deployment files
+docker-compose.dotmavriq.fixed.yml
+docker-compose.frankenphp.yml

.env.production.example

@@ -0,0 +1,50 @@
+# =============================================================================
+# TEAL Production Environment (.env.production)
+# Copy this to .env.production and fill in the secrets
+# On gerty: /opt/teal/.env.production (chmod 600, owned by root)
+# =============================================================================
+
+# ---- Application ----
+APP_NAME=TEAL
+APP_ENV=production
+APP_KEY=                          # Generate: php artisan key:generate --show
+APP_DEBUG=false
+APP_URL=https://teal.dotmavriq.life
+
+# ---- Database ----
+DB_CONNECTION=pgsql
+DB_HOST=db
+DB_PORT=5432
+DB_DATABASE=teal
+DB_USERNAME=teal
+DB_PASSWORD=                      # Use: openssl rand -base64 32
+
+# ---- Drivers (all database — no Redis needed) ----
+SESSION_DRIVER=database
+SESSION_LIFETIME=120
+SESSION_ENCRYPT=true
+SESSION_SECURE_COOKIE=true
+SESSION_DOMAIN=teal.dotmavriq.life
+CACHE_STORE=database
+QUEUE_CONNECTION=database
+BROADCAST_CONNECTION=log
+FILESYSTEM_DISK=local
+
+# ---- Logging (stderr → Docker log driver) ----
+LOG_CHANNEL=stderr
+LOG_LEVEL=warning
+
+# ---- Security ----
+BCRYPT_ROUNDS=12
+
+# ---- Octane / FrankenPHP ----
+OCTANE_SERVER=frankenphp
+OCTANE_HTTPS=true
+
+# ---- API Keys ----
+TMDB_API_KEY=                     # From themoviedb.org
+TMDB_ACCESS_TOKEN=                # From themoviedb.org
+TRAKT_CLIENT_ID=                  # From trakt.tv
+
+# ---- Mail (log only — no outbound email) ----
+MAIL_MAILER=log

.gitignore

@@ -40,3 +40,4 @@ goodreads.txt
 IMDBEXPORT.csv
 theplan.txt
 frankenphp
+backups/

Dockerfile

@@ -0,0 +1,125 @@
+# =============================================================================
+# TEAL Production Dockerfile
+# Multi-stage build: Node (frontend) → Composer (PHP deps) → FrankenPHP runtime
+# =============================================================================
+
+# ---------------------------------------------------------------------------
+# Stage 1: Build frontend assets with Vite
+# ---------------------------------------------------------------------------
+FROM node:22-alpine AS node-builder
+
+WORKDIR /build
+
+# Copy dependency manifests first for layer caching
+COPY package.json package-lock.json ./
+RUN npm ci --no-audit --no-fund \
+    && echo "[node-builder] npm dependencies installed"
+
+# Copy frontend source files needed for the build
+COPY vite.config.js tailwind.config.js postcss.config.js ./
+COPY resources/ resources/
+
+# Build production assets
+RUN npm run build \
+    && echo "[node-builder] Vite build complete" \
+    && ls -la public/build/ \
+    && echo "[node-builder] Manifest:" \
+    && cat public/build/manifest.json
+
+# ---------------------------------------------------------------------------
+# Stage 2: Install PHP dependencies with Composer
+# ---------------------------------------------------------------------------
+FROM composer:2 AS composer-builder
+
+WORKDIR /build
+
+# Copy dependency manifests
+COPY composer.json composer.lock ./
+
+# Install production dependencies only (no scripts — avoids needing artisan)
+RUN composer install \
+    --no-dev \
+    --no-scripts \
+    --no-interaction \
+    --prefer-dist \
+    --optimize-autoloader \
+    && echo "[composer-builder] PHP dependencies installed" \
+    && echo "[composer-builder] Vendor size:" \
+    && du -sh vendor/
+
+# ---------------------------------------------------------------------------
+# Stage 3: Production runtime image
+# ---------------------------------------------------------------------------
+FROM serversideup/php:8.4-frankenphp AS production
+
+LABEL maintainer="dotmavriq" \
+      app="TEAL" \
+      description="TEAL - Track Everything About Life"
+
+# ---- Install additional PHP extensions ----
+# pgsql/pdo_pgsql: PostgreSQL
+# gd:             Image processing (intervention/image)
+# intl:           Unicode/i18n support
+# opcache:        Production PHP performance
+# pcntl:          Process control for Octane graceful shutdown
+# bcmath:         Precision math (Laravel dependency)
+RUN install-php-extensions \
+    pdo_pgsql \
+    pgsql \
+    gd \
+    intl \
+    opcache \
+    pcntl \
+    bcmath \
+    && echo "[production] PHP extensions installed:" \
+    && php -m | sort
+
+# ---- Set environment defaults ----
+ENV APP_ENV=production \
+    APP_DEBUG=false \
+    OCTANE_SERVER=frankenphp \
+    SERVER_NAME=":8080" \
+    LOG_CHANNEL=stderr \
+    LOG_LEVEL=warning \
+    AUTORUN_ENABLED=false
+
+# ---- Set working directory ----
+WORKDIR /var/www/html
+
+# ---- Copy application source ----
+COPY --chown=www-data:www-data . .
+
+# ---- Copy built vendor directory from composer stage ----
+COPY --from=composer-builder --chown=www-data:www-data /build/vendor ./vendor
+
+# ---- Copy built frontend assets from node stage ----
+COPY --from=node-builder --chown=www-data:www-data /build/public/build ./public/build
+
+# ---- Run composer post-install scripts (package discovery, etc.) ----
+RUN composer dump-autoload --optimize --no-dev \
+    && echo "[production] Autoloader optimized"
+
+# ---- Ensure storage directories and permissions ----
+RUN mkdir -p \
+    storage/app/public/covers \
+    storage/framework/cache/data \
+    storage/framework/sessions \
+    storage/framework/views \
+    storage/logs \
+    bootstrap/cache \
+    && chown -R www-data:www-data storage bootstrap/cache \
+    && chmod -R 775 storage bootstrap/cache \
+    && echo "[production] Storage directories created"
+
+# ---- Copy entrypoint scripts ----
+COPY docker/entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+COPY docker/queue-entrypoint.sh /usr/local/bin/docker-queue-entrypoint.sh
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-queue-entrypoint.sh
+
+# ---- Healthcheck ----
+HEALTHCHECK --interval=15s --timeout=5s --retries=3 --start-period=20s \
+    CMD php artisan octane:status --server=frankenphp || exit 1
+
+EXPOSE 8080
+
+ENTRYPOINT ["docker-entrypoint.sh"]