# =============================================================================
# Node.js TLS Proxy Overlay
# =============================================================================
# 用法：
#   docker compose -f docker-compose.yml -f docker-compose.tls-proxy.yml up -d
#
# 架构：
#   Anthropic: sub2api → node-tls-proxy (Node.js TLS) → api.anthropic.com
# =============================================================================

services:
  # ===========================================================================
  # 覆盖 sub2api：加入 internal 网络 + 启用 Node.js TLS 代理
  # ===========================================================================
  sub2api:
    networks:
      - sub2api-internal
      - sub2api-network    # 保留：访问 postgres/redis
    environment:
      # Node.js TLS 代理（Anthropic）
      - GATEWAY_NODE_TLS_PROXY_ENABLED=true
      - GATEWAY_NODE_TLS_PROXY_LISTEN_PORT=3456
      - GATEWAY_NODE_TLS_PROXY_LISTEN_HOST=node-tls-proxy
      - GATEWAY_NODE_TLS_PROXY_UPSTREAM_HOST=api.anthropic.com
    depends_on:
      node-tls-proxy:
        condition: service_healthy

  # ===========================================================================
  # Node.js TLS Forward Proxy (Anthropic)
  # ===========================================================================
  node-tls-proxy:
    image: zfc931912343/sub2api-tls-proxy:latest
    container_name: sub2api-node-tls-proxy
    restart: unless-stopped
    user: "1000:1000"
    read_only: true
    tmpfs:
      - /tmp:size=10M
    environment:
      - PROXY_PORT=3456
      - PROXY_HOST=0.0.0.0
      - UPSTREAM_HOST=api.anthropic.com
      - UPSTREAM_PROXY=${TLS_PROXY_UPSTREAM_PROXY:-}
      - TZ=${TZ:-Asia/Shanghai}
    networks:
      - sub2api-internal
      - sub2api-external
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=1
      - net.ipv6.conf.default.disable_ipv6=1
    healthcheck:
      test: ["CMD", "node", "-e", "const h=require('http');h.get('http://127.0.0.1:3456/__health',r=>{process.exit(r.statusCode===200?0:1)}).on('error',()=>process.exit(1))"]
      interval: 15s
      timeout: 5s
      retries: 3
      start_period: 5s
    deploy:
      resources:
        limits:
          memory: 256M
          cpus: "1.0"

# =============================================================================
# Networks
# =============================================================================
networks:
  sub2api-internal:
    internal: true
    driver: bridge
  sub2api-external:
    driver: bridge