diff --git a/.github/workflows/deploy-billboard.yml b/.github/workflows/deploy-billboard.yml
index 74e1b571b..045e3edac 100644
--- a/.github/workflows/deploy-billboard.yml
+++ b/.github/workflows/deploy-billboard.yml
@@ -5,7 +5,7 @@ jobs:
     messenger-demo-deploy:
         environment: devconnect2023
         runs-on: ubuntu-latest
-        # if: ${{ contains( github.ref, vars.STAGING_BRANCH) }}
+        if: $[ "${{ github.ref }}" != "refs/heads/${{ vars.TRIGGER_BRANCH }}" ]
         steps:
             - uses: actions/checkout@v2
             - uses: actions/setup-node@v3
@@ -22,21 +22,21 @@ jobs:
             - name: Prepare SSH
               run: |
                   mkdir ~/.ssh
-                  echo "${{ secrets.STAGING_HOST_SSH }}" > ~/.ssh/known_hosts
+                  echo "${{ secrets.HOST_SSH_PUBLIC_KEY }}" > ~/.ssh/known_hosts
                   echo "${{ secrets.DO_SSH_KEY }}" > ./ssh-key
                   chmod 600 ./ssh-key
             - name: Create .env file
               env:
-                  TARGET_HOST: ${{ secrets.STAGING_HOST }}
+                  TARGET_HOST: ${{ secrets.HOST_DOMAIN}}
                   TARGET_IP: ${{ secrets.IP_ADDRESS }}
               run: |
                   echo "REACT_APP_ADDR_ENS_SUBDOMAIN=.addr.devconnect.dm3.eth" >> ./.env.react
-                  echo "REACT_APP_BACKEND=https://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
+                  echo "REACT_APP_BACKEND=https://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react
                   echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=bb-ds.devconnect.dm3.eth" >> ./.env.react
-                  echo "REACT_APP_DEFAULT_SERVICE=https://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
+                  echo "REACT_APP_DEFAULT_SERVICE=https://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react
                   echo "REACT_APP_ETHEREUM_PROVIDER=${{ secrets.REACT_APP_ETHEREUM_PROVIDER }}" >> ./.env.react
-                  echo "REACT_APP_PROFILE_BASE_URL=https://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
-                  echo "REACT_APP_RESOLVER_BACKEND=https://${{ secrets.STAGING_HOST }}/resolver-handler" >> ./.env.react
+                  echo "REACT_APP_PROFILE_BASE_URL=https://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react
+                  echo "REACT_APP_RESOLVER_BACKEND=https://${{ secrets.HOST_DOMAIN}}/resolver-handler" >> ./.env.react
                   echo "REACT_APP_USER_ENS_SUBDOMAIN=.user.devconnect.dm3.eth" >> ./.env.react
                   echo "REACT_APP_WALLET_CONNECT_PROJECT_ID=${{ secrets.REACT_APP_WALLET_CONNECT_PROJECT_ID }}" >> ./.env.react
                   echo "REACT_APP_COMMIT_HASH=${{ env.sha_short }}" >> ./.env.react
@@ -51,13 +51,13 @@ jobs:
                   echo "SPAM_PROTECTION=${{ secrets.SPAM_PROTECTION }}" >> ./.env
                   echo "ENCRYPTION_PUBLIC_KEY=${{ secrets.ENCRYPTION_PUBLIC_KEY }}" >> ./.env
                   echo "ENCRYPTION_PRIVATE_KEY=${{ secrets.ENCRYPTION_PRIVATE_KEY }}" >> ./.env
-                  echo "RPC=${{ secrets.STAGING_RPC }}" >> ./.env
+                  echo "RPC=${{ secrets.RPC }}" >> ./.env
                   echo "BILLBOARD_PRIVATE_KEY=${{ secrets.BILLBOARD_PRIVATE_KEY }}" >> ./.env
                   echo "interceptor=${{ secrets.INTERCEPTOR }}" >> ./.env
                   echo "DISABLE_SESSION_CHECK='true'" >> ./.env
                   echo "BILLBOARD_NAMES=${{ secrets.BILLBOARD_NAMES }}" >> ./.env
                   echo "CERT_MAIL=${{ secrets.CERT_MAIL }}" >> ./.env
-                  echo "URL=${{ secrets.STAGING_HOST }}" >> ./.env
+                  echo "URL=${{ secrets.HOST_DOMAIN}}" >> ./.env
                   envsubst '${TARGET_HOST}' < ./docker/billboard/nginx.conf > ./nginx.conf
                   cat ./.env
             - name: Build docker image
@@ -67,26 +67,26 @@ jobs:
                   docker save -o ./dm3-backend.tar dm3-backend:latest
             - name: Sync files
               run: |
-                  rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ secrets.STAGING_HOST }}:/home/app/dm3
-                  rsync -avz -e 'ssh -i ./ssh-key' ./dm3-backend.tar app@${{ secrets.STAGING_HOST }}:/home/app/dm3 
-                  rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ secrets.STAGING_HOST }}:/home/app/dm3
-                  rsync -avz -e 'ssh -i ./ssh-key' ./docker/billboard/docker-compose.yml app@${{ secrets.STAGING_HOST }}:/home/app/dm3
+                  rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3
+                  rsync -avz -e 'ssh -i ./ssh-key' ./dm3-backend.tar app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3 
+                  rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3
+                  rsync -avz -e 'ssh -i ./ssh-key' ./docker/billboard/docker-compose.yml app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3
             - name: Prepare docker
               run: |
-                  ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\
+                  ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\
                   cd dm3 && docker compose down && docker system prune -af"
-                  ssh -i ./ssh-key root@${{ secrets.STAGING_HOST }} "\
+                  ssh -i ./ssh-key root@${{ secrets.HOST_DOMAIN}} "\
                   systemctl restart docker.service"
             - name: Load docker image
               run: |
-                  ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\
+                  ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\
                   cd dm3 && docker load -i dm3-backend.tar; \
                   rm dm3-backend.tar || true"
             - name: Firewall config
               run: |
-                  ssh -i ./ssh-key root@${{ secrets.STAGING_HOST }} "\
+                  ssh -i ./ssh-key root@${{ secrets.HOST_DOMAIN}} "\
                   ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.IP_ADDRESS }} port 80"
             - name: Start
               run: |
-                  ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\
+                  ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\
                   cd dm3 && docker compose --env-file .env up -d"
diff --git a/.github/workflows/pord-deplo.yml b/.github/workflows/pord-deplo.yml
new file mode 100644
index 000000000..dc448103f
--- /dev/null
+++ b/.github/workflows/pord-deplo.yml
@@ -0,0 +1,85 @@
+name: Prod deploy
+on: push
+
+jobs:
+    messenger-demo-deploy:
+        environment: prod
+        runs-on: ubuntu-latest
+        if: $[ "${{ github.ref }}" != "refs/heads/${{ vars.TRIGGER_BRANCH }}" ]
+        steps:
+            - uses: actions/checkout@v2
+            - uses: actions/setup-node@v3
+              with:
+                  registry-url: 'https://npm.pkg.github.com'
+                  node-version: 18.0.0
+                  cache: 'yarn'
+            - name: Declare some variables
+              shell: bash
+              run: |
+                echo ${{ contains( github.ref, vars.TRIGGER_BRANCH) }}
+                echo "sha_short=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV"
+                echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >> "$GITHUB_ENV"
+                echo "now=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV
+            - name: Prepare SSH
+              run: |
+                  mkdir ~/.ssh
+                  echo "${{ secrets.HOST_SSH_PUBLIC_KEY }}" > ~/.ssh/known_hosts
+                  echo "${{ secrets.DO_SSH_KEY }}" > ./ssh-key
+                  chmod 600 ./ssh-key
+            - name: Create .env file
+              env:
+                  TARGET_HOST: ${{ secrets.HOST_DOMAIN}}
+              run: |
+                  echo "REACT_APP_ADDR_ENS_SUBDOMAIN=.beta-addr.dm3.eth" >> ./.env.react
+                  echo "REACT_APP_BACKEND=http://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react
+                  echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=beta-ds.dm3.eth" >> ./.env.react
+                  echo "REACT_APP_DEFAULT_SERVICE=http://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react
+                  echo "REACT_APP_ETHEREUM_PROVIDER=${{ secrets.RPC }}" >> ./.env.react
+                  echo "REACT_APP_PROFILE_BASE_URL=http://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react
+                  echo "REACT_APP_RESOLVER_BACKEND=http://${{ secrets.HOST_DOMAIN}}/resolver-handler" >> ./.env.react
+                  echo "REACT_APP_USER_ENS_SUBDOMAIN=.beta-user.dm3.eth" >> ./.env.react
+                  echo "REACT_APP_WALLET_CONNECT_PROJECT_ID=${{ secrets.REACT_APP_WALLET_CONNECT_PROJECT_ID }}" >> ./.env.react
+                  echo "REACT_APP_COMMIT_HASH=${{ env.sha_short }}" >> ./.env.react
+                  echo "REACT_APP_BRANCH=${{ env.branch }}" >> ./.env.react
+                  echo "REACT_APP_BUILD_TIME=${{ env.now }}" >> ./.env.react
+                  cat ./.env.react >> ./.env
+                  echo "RESOLVER_ADDR=0xae6646c22D8eE6479eE0a39Bf63B9bD9e57bAD9d" >> ./.env
+                  echo "SIGNING_PUBLIC_KEY=${{ secrets.SIGNING_PUBLIC_KEY }}" >> ./.env
+                  echo "SIGNING_PRIVATE_KEY=${{ secrets.SIGNING_PRIVATE_KEY }}" >> ./.env
+                  echo "SIGNER_PRIVATE_KEY=${{ secrets.SIGNER_PRIVATE_KEY }}" >> ./.env
+                  echo "SPAM_PROTECTION=${{ secrets.SPAM_PROTECTION }}" >> ./.env
+                  echo "ENCRYPTION_PUBLIC_KEY=${{ secrets.ENCRYPTION_PUBLIC_KEY }}" >> ./.env
+                  echo "ENCRYPTION_PRIVATE_KEY=${{ secrets.ENCRYPTION_PRIVATE_KEY }}" >> ./.env
+                  echo "RPC=${{ secrets.RPC }}" >> ./.env
+                  envsubst '${SSL_CERTIFICATE_BASE_LOC} ${TLS_CERTIFICATE_LOCATION} ${TARGET_HOST}' < ./docker/prod/nginx.conf > ./nginx.conf
+                  cat ./.env
+            - name: Build docker image
+              run: |
+                  cp ./.env.react packages/messenger-demo/.env
+                  docker build --progress=plain -t dm3-backend:latest -f ./docker/Dockerfile .
+                  docker save -o ./dm3-backend.tar dm3-backend:latest
+            - name: Prepare docker
+              run: |
+                  ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\
+                  cd dm3 && docker compose down && docker system prune -af"
+                  ssh -i ./ssh-key root@${{ secrets.HOST_DOMAIN}} "\
+                  systemctl restart docker.service \
+                  rm /home/app/dm3-backend.tar || true"
+            - name: Sync files
+              run: |
+                  rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3
+                  rsync -avz -e 'ssh -i ./ssh-key' ./dm3-backend.tar app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3 
+                  rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3
+                  rsync -avz -e 'ssh -i ./ssh-key' ./docker/prod/docker-compose.yml app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3
+            - name: Load docker image
+              run: |
+                  ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\
+                  cd dm3 && docker load -i dm3-backend.tar"
+            - name: Firewall config
+              run: |
+                  ssh -i ./ssh-key root@${{ secrets.HOST_DOMAIN}} "\
+                  ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.HOST_DOMAIN}} port 80"
+            - name: Start
+              run: |
+                  ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\
+                  cd dm3 && docker compose --env-file .env up -d"
diff --git a/.github/workflows/deploy.yml b/.github/workflows/staging-deploy.yml
similarity index 77%
rename from .github/workflows/deploy.yml
rename to .github/workflows/staging-deploy.yml
index 8b76c6ee1..9b1064bfb 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/staging-deploy.yml
@@ -3,8 +3,9 @@ on: push
 
 jobs:
     messenger-demo-deploy:
+        environment: staging
         runs-on: ubuntu-latest
-        if: ${{ contains( github.ref, vars.STAGING_BRANCH) }}
+        if: $[ "${{ github.ref }}" != "refs/heads/${{ vars.TRIGGER_BRANCH }}" ]
         steps:
             - uses: actions/checkout@v2
             - uses: actions/setup-node@v3
@@ -21,20 +22,20 @@ jobs:
             - name: Prepare SSH
               run: |
                   mkdir ~/.ssh
-                  echo "${{ secrets.STAGING_HOST_SSH }}" > ~/.ssh/known_hosts
+                  echo "${{ secrets.HOST_SSH_PUBLIC_KEY }}" > ~/.ssh/known_hosts
                   echo "${{ secrets.DO_SSH_KEY }}" > ./ssh-key
                   chmod 600 ./ssh-key
             - name: Create .env file
               env:
-                  TARGET_HOST: ${{ secrets.STAGING_HOST }}
+                  TARGET_HOST: ${{ secrets.HOST_DOMAIN}}
               run: |
                   echo "REACT_APP_ADDR_ENS_SUBDOMAIN=.beta-addr.dm3.eth" >> ./.env.react
-                  echo "REACT_APP_BACKEND=http://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
+                  echo "REACT_APP_BACKEND=http://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react
                   echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=beta-ds.dm3.eth" >> ./.env.react
-                  echo "REACT_APP_DEFAULT_SERVICE=http://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
-                  echo "REACT_APP_ETHEREUM_PROVIDER=${{ secrets.REACT_APP_ETHEREUM_PROVIDER }}" >> ./.env.react
-                  echo "REACT_APP_PROFILE_BASE_URL=http://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
-                  echo "REACT_APP_RESOLVER_BACKEND=http://${{ secrets.STAGING_HOST }}/resolver-handler" >> ./.env.react
+                  echo "REACT_APP_DEFAULT_SERVICE=http://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react
+                  echo "REACT_APP_ETHEREUM_PROVIDER=${{ secrets.RPC }}" >> ./.env.react
+                  echo "REACT_APP_PROFILE_BASE_URL=http://${{ secrets.HOST_DOMAIN}}/api" >> ./.env.react
+                  echo "REACT_APP_RESOLVER_BACKEND=http://${{ secrets.HOST_DOMAIN}}/resolver-handler" >> ./.env.react
                   echo "REACT_APP_USER_ENS_SUBDOMAIN=.beta-user.dm3.eth" >> ./.env.react
                   echo "REACT_APP_WALLET_CONNECT_PROJECT_ID=${{ secrets.REACT_APP_WALLET_CONNECT_PROJECT_ID }}" >> ./.env.react
                   echo "REACT_APP_COMMIT_HASH=${{ env.sha_short }}" >> ./.env.react
@@ -48,7 +49,7 @@ jobs:
                   echo "SPAM_PROTECTION=${{ secrets.SPAM_PROTECTION }}" >> ./.env
                   echo "ENCRYPTION_PUBLIC_KEY=${{ secrets.ENCRYPTION_PUBLIC_KEY }}" >> ./.env
                   echo "ENCRYPTION_PRIVATE_KEY=${{ secrets.ENCRYPTION_PRIVATE_KEY }}" >> ./.env
-                  echo "RPC=${{ secrets.STAGING_RPC }}" >> ./.env
+                  echo "RPC=${{ secrets.RPC }}" >> ./.env
                   envsubst '${SSL_CERTIFICATE_BASE_LOC} ${TLS_CERTIFICATE_LOCATION} ${TARGET_HOST}' < ./docker/nginx.conf > ./nginx.conf
                   cat ./.env
             - name: Build docker image
@@ -58,26 +59,26 @@ jobs:
                   docker save -o ./dm3-backend.tar dm3-backend:latest
             - name: Prepare docker
               run: |
-                  ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\
+                  ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\
                   cd dm3 && docker compose down && docker system prune -af"
-                  ssh -i ./ssh-key root@${{ secrets.STAGING_HOST }} "\
+                  ssh -i ./ssh-key root@${{ secrets.HOST_DOMAIN}} "\
                   systemctl restart docker.service \
                   rm /home/app/dm3-backend.tar || true"
             - name: Sync files
               run: |
-                  rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ secrets.STAGING_HOST }}:/home/app/dm3
-                  rsync -avz -e 'ssh -i ./ssh-key' ./dm3-backend.tar app@${{ secrets.STAGING_HOST }}:/home/app/dm3 
-                  rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ secrets.STAGING_HOST }}:/home/app/dm3
-                  rsync -avz -e 'ssh -i ./ssh-key' ./docker/docker-compose.yml app@${{ secrets.STAGING_HOST }}:/home/app/dm3
+                  rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3
+                  rsync -avz -e 'ssh -i ./ssh-key' ./dm3-backend.tar app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3 
+                  rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3
+                  rsync -avz -e 'ssh -i ./ssh-key' ./docker/docker-compose.yml app@${{ secrets.HOST_DOMAIN}}:/home/app/dm3
             - name: Load docker image
               run: |
-                  ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\
+                  ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\
                   cd dm3 && docker load -i dm3-backend.tar"
             - name: Firewall config
               run: |
-                  ssh -i ./ssh-key root@${{ secrets.STAGING_HOST }} "\
-                  ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.STAGING_HOST }} port 80"
+                  ssh -i ./ssh-key root@${{ secrets.HOST_DOMAIN}} "\
+                  ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.HOST_DOMAIN}} port 80"
             - name: Start
               run: |
-                  ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\
+                  ssh -i ./ssh-key app@${{ secrets.HOST_DOMAIN}} "\
                   cd dm3 && docker compose --env-file .env up -d"
diff --git a/docker/billboard/docker-compose.yml b/docker/billboard/docker-compose.yml
index adf1f4eee..acc10aa51 100644
--- a/docker/billboard/docker-compose.yml
+++ b/docker/billboard/docker-compose.yml
@@ -80,20 +80,20 @@ services:
       timeout: 10s
       retries: 5
 
-  # web:
-  #   image: dm3-backend
-  #   command: yarn workspace messenger-demo start
-  #   environment:
-  #     REACT_APP_ADDR_ENS_SUBDOMAIN: ${REACT_APP_ADDR_ENS_SUBDOMAIN}
-  #     REACT_APP_BACKEND: ${REACT_APP_BACKEND}
-  #     REACT_APP_DEFAULT_DELIVERY_SERVICE: ${REACT_APP_DEFAULT_DELIVERY_SERVICE}
-  #     REACT_APP_DEFAULT_SERVICE: ${REACT_APP_DEFAULT_SERVICE}
-  #     REACT_APP_ETHEREUM_PROVIDER: ${REACT_APP_ETHEREUM_PROVIDER}
-  #     REACT_APP_PROFILE_BASE_URL: ${REACT_APP_PROFILE_BASE_URL}
-  #     REACT_APP_RESOLVER_BACKEND: ${REACT_APP_RESOLVER_BACKEND}
-  #     REACT_APP_USER_ENS_SUBDOMAIN: ${REACT_APP_USER_ENS_SUBDOMAIN}
-  #     REACT_APP_WALLET_CONNECT_PROJECT_ID: ${REACT_APP_WALLET_CONNECT_PROJECT_ID}
-  #     RESOLVER_ADDR: ${RESOLVER_ADDR}
+  web:
+    image: dm3-backend
+    command: yarn workspace messenger-demo start
+    environment:
+      REACT_APP_ADDR_ENS_SUBDOMAIN: ${REACT_APP_ADDR_ENS_SUBDOMAIN}
+      REACT_APP_BACKEND: ${REACT_APP_BACKEND}
+      REACT_APP_DEFAULT_DELIVERY_SERVICE: ${REACT_APP_DEFAULT_DELIVERY_SERVICE}
+      REACT_APP_DEFAULT_SERVICE: ${REACT_APP_DEFAULT_SERVICE}
+      REACT_APP_ETHEREUM_PROVIDER: ${REACT_APP_ETHEREUM_PROVIDER}
+      REACT_APP_PROFILE_BASE_URL: ${REACT_APP_PROFILE_BASE_URL}
+      REACT_APP_RESOLVER_BACKEND: ${REACT_APP_RESOLVER_BACKEND}
+      REACT_APP_USER_ENS_SUBDOMAIN: ${REACT_APP_USER_ENS_SUBDOMAIN}
+      REACT_APP_WALLET_CONNECT_PROJECT_ID: ${REACT_APP_WALLET_CONNECT_PROJECT_ID}
+      RESOLVER_ADDR: ${RESOLVER_ADDR}
 
   certbot:
     image: certbot/certbot
diff --git a/docker/prod/docker-compose.yml b/docker/prod/docker-compose.yml
new file mode 100644
index 000000000..adf1f4eee
--- /dev/null
+++ b/docker/prod/docker-compose.yml
@@ -0,0 +1,134 @@
+version: "3.1"
+services:
+
+  nginx:
+    container_name: nginx
+    image: nginx:latest
+    restart: always
+    depends_on:
+      - billboard-client
+      - backend
+      - ccip-resolver
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf
+      - web-root:/var/www/html
+      - certbot-etc:/etc/letsencrypt
+      - certbot-var:/var/lib/letsencrypt
+    ports:
+      - "80:80"
+      - "443:443"
+
+  backend:
+    image: dm3-backend
+    command: yarn workspace dm3-backend start
+    depends_on:
+      - db
+    environment:
+      REDIS_URL: redis://db:6379
+      SIGNING_PUBLIC_KEY: ${SIGNING_PUBLIC_KEY}
+      SIGNING_PRIVATE_KEY: ${SIGNING_PRIVATE_KEY}
+      ENCRYPTION_PUBLIC_KEY: ${ENCRYPTION_PUBLIC_KEY}
+      ENCRYPTION_PRIVATE_KEY: ${ENCRYPTION_PRIVATE_KEY}
+      DISABLE_SESSION_CHECK: ${DISABLE_SESSION_CHECK}
+      RPC: ${RPC}
+      PORT: 8081
+      LOG_LEVEL: 'debug'
+  
+  billboard-client:
+    image: dm3-backend
+    command: yarn workspace dm3-billboard-client start
+    depends_on:
+      db:
+        condition: service_started
+      ccip-resolver:
+        condition: service_started
+      offchain-resolver:
+        condition: service_healthy
+    environment:
+      PORT: 8083
+      time: 0
+      privateKey: ${BILLBOARD_PRIVATE_KEY}
+      ensNames: ${BILLBOARD_NAMES}
+      mediators: '[]'
+      REDIS_URL: redis://db:6379
+      RPC: ${RPC}
+      LOG_LEVEL: 'debug'
+
+  db:
+    image: redis
+    restart: always
+
+  offchain-resolver-db:
+    image: postgres
+    restart: always
+    container_name: offchain_resolver_db
+    environment:
+        POSTGRES_PASSWORD: example
+
+  offchain-resolver:
+    image: dm3-backend
+    command: yarn workspace dm3-offchain-resolver start
+    depends_on:
+      - offchain-resolver-db
+    environment:
+      DATABASE_URL: postgresql://postgres:example@offchain-resolver-db:5432
+      PORT: 8082
+      LOG_LEVEL: 'debug'
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8082/0x26139b2349282de5ee2bd9c7a53171a28d6a6c84/0xf8c30f63000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000001c0a62696c6c626f617264310762622d7573657203646d3303657468000000000000000000000000000000000000000000000000000000000000000000000000243b3b57de8d7fcfd6548aae2cdb5851741139459856caadb3b9ad3d27872ae921b2348a7d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014bcd6de065fd7e889e3ec86aa2d2780d7553ab3cc000000000000000000000000"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+
+  # web:
+  #   image: dm3-backend
+  #   command: yarn workspace messenger-demo start
+  #   environment:
+  #     REACT_APP_ADDR_ENS_SUBDOMAIN: ${REACT_APP_ADDR_ENS_SUBDOMAIN}
+  #     REACT_APP_BACKEND: ${REACT_APP_BACKEND}
+  #     REACT_APP_DEFAULT_DELIVERY_SERVICE: ${REACT_APP_DEFAULT_DELIVERY_SERVICE}
+  #     REACT_APP_DEFAULT_SERVICE: ${REACT_APP_DEFAULT_SERVICE}
+  #     REACT_APP_ETHEREUM_PROVIDER: ${REACT_APP_ETHEREUM_PROVIDER}
+  #     REACT_APP_PROFILE_BASE_URL: ${REACT_APP_PROFILE_BASE_URL}
+  #     REACT_APP_RESOLVER_BACKEND: ${REACT_APP_RESOLVER_BACKEND}
+  #     REACT_APP_USER_ENS_SUBDOMAIN: ${REACT_APP_USER_ENS_SUBDOMAIN}
+  #     REACT_APP_WALLET_CONNECT_PROJECT_ID: ${REACT_APP_WALLET_CONNECT_PROJECT_ID}
+  #     RESOLVER_ADDR: ${RESOLVER_ADDR}
+
+  certbot:
+    image: certbot/certbot
+    container_name: certbot
+    volumes:
+      - certbot-etc:/etc/letsencrypt
+      - certbot-var:/var/lib/letsencrypt
+      - web-root:/var/www/html
+    depends_on:
+      - nginx
+    command: certonly --webroot --webroot-path=/var/www/html --email ${CERT_MAIL} --agree-tos --no-eff-email -d ${URL}
+
+  ccip-resolver:
+    image: dm3org/ccip-resolver:v0.2.7
+    restart: always
+    depends_on:
+      offchain-resolver:
+        condition: service_healthy
+    environment:
+      SIGNER_PRIVATE_KEY: ${BILLBOARD_SIGNER_PRIVATE_KEY}
+      LOG_LEVEL: debug
+      CONFIG: |
+        {
+          "0xc9bf092673b3a066df088a2a911e23e9b69b82f2": {
+            "type": "signing",
+            "handlerUrl": "http://offchain-resolver:8082"
+          }
+        }
+      PORT: 8181
+volumes:
+  certbot-etc:
+  certbot-var:
+  web-root:
+    driver: local
+    driver_opts:
+      type: none
+      device: /home/app/dm3/webroot/
+      o: bind
diff --git a/docker/prod/nginx.conf b/docker/prod/nginx.conf
new file mode 100644
index 000000000..be2f9766f
--- /dev/null
+++ b/docker/prod/nginx.conf
@@ -0,0 +1,123 @@
+events {
+    worker_connections 1024;
+}
+
+http {
+    keepalive_timeout 65;
+    limit_req_zone $binary_remote_addr zone=standardlimit:10m rate=3r/s;
+    limit_req_zone $binary_remote_addr zone=legacylimit:10m rate=2r/s;
+
+    server {
+        listen 80;
+        server_name ${TARGET_HOST};
+
+        return 301 https://$server_name$request_uri;
+    }
+
+    server {
+        listen 80;
+        server_name ${TARGET_IP};
+
+        return 301 https://${TARGET_HOST}$request_uri;
+    }
+
+    server {
+        listen 443 ssl;
+        server_name ${TARGET_HOST};
+
+        ssl_certificate /etc/letsencrypt/live/${TARGET_HOST}/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/${TARGET_HOST}/privkey.pem;
+
+        location  / {
+            limit_req zone=standardlimit burst=50;
+            proxy_pass http://web:8080;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_ssl_verify off;
+            proxy_redirect off;
+        }
+
+        location  /resolver {
+            rewrite ^/resolver(.*)$ $1 break;
+            limit_req zone=standardlimit burst=50;
+            proxy_pass http://ccip-resolver:8181;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_ssl_verify off;
+            proxy_redirect off;
+        }
+
+        location  /resolver-handler {
+            rewrite ^/resolver-handler(.*)$ $1 break;
+            limit_req zone=standardlimit burst=50;
+            proxy_pass http://offchain-resolver:8082;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_ssl_verify off;
+            proxy_redirect off;
+        }
+
+        location  /api {
+            rewrite ^/api(.*)$ $1 break;
+            limit_req zone=standardlimit burst=50;
+            proxy_pass http://backend:8081;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_ssl_verify off;
+            proxy_redirect off;
+        }
+
+        location  /bb-client {
+            rewrite ^/bb-client(.*)$ $1 break;
+            limit_req zone=standardlimit burst=50;
+            proxy_pass http://billboard-client:8083;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_ssl_verify off;
+            proxy_redirect off;
+        }
+
+        location /socket.io {
+            proxy_pass http://backend:8081/socket.io;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "Upgrade";
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_redirect off;
+            proxy_ssl_verify off;
+            proxy_set_header Host $host;
+        }
+
+        location /bb-client/socket.io {
+            rewrite ^/bb-client(.*)$ $1 break;
+            proxy_pass http://billboard-client:8083/socket.io;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "Upgrade";
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_redirect off;
+            proxy_set_header Host $host;
+        }
+
+        location ~ /.well-known/acme-challenge {
+            allow all;
+            root /var/www/html;
+        }
+
+
+    }
+}
\ No newline at end of file