Update runner

deploy/vm/docker-compose.yml

@@ -0,0 +1,30 @@
+services:
+  api:
+    image: git.golife.love/chrischen/rolac-api:${TAG:-latest}
+    env_file: .env
+    environment:
+      ASPNETCORE_ENVIRONMENT: Production
+      ConnectionStrings__DefaultConnection: ${DB_CONNECTION}
+      Jwt__SecretKey: ${JWT_SECRET}
+      # Same-origin /api means CORS is not triggered by the browser; this is only
+      # a safety net for direct cross-origin calls / tools. Set to your VM URL.
+      Cors__AllowedOrigins__0: ${APP_ORIGIN:-http://localhost:8080}
+    volumes:
+      - ./data/api-storage:/app/App_Data/storage
+    restart: unless-stopped
+    expose: ["8080"]
+
+  app:
+    image: git.golife.love/chrischen/rolac-app:${TAG:-latest}
+    restart: unless-stopped
+    expose: ["80"]
+
+  nginx:
+    image: nginx:alpine
+    # HTTP only on a high port for now (TLS to be added later). Reach the app at
+    # http://<vm-ip>:8080 on the LAN / wherever the VM is reachable.
+    ports: ["8080:80"]
+    volumes:
+      - ./nginx/conf.d:/etc/nginx/conf.d:ro
+    depends_on: [api, app]
+    restart: unless-stopped