deploy: Dockerfile + docker-compose Traefik per VPS pm.tielogic.xyz

Dockerfile (multi-arch, python 3.13-slim):
- uv copiato da ghcr.io/astral-sh/uv per install deps
- System deps: libgl1 libglib2.0-0 (cv2) + libgomp1 (numba)
- uv sync --frozen --no-dev da uv.lock
- ENV: IMAGES_DIR=/data/images, HOST=0.0.0.0, PORT=8080
- HEALTHCHECK su GET /images ogni 30s

docker-compose.yml:
- Service pm2d con image ${REGISTRY}/pm2d:${TAG}
- Volume ./images:/data/images (persistenza upload/UI)
- Network esterna 'traefik' (adattare se diverso)
- Labels Traefik:
  - Router HTTPS Host(pm.tielogic.xyz) entrypoint websecure TLS letsencrypt
  - Middleware bodysize 50MB (upload multipart)
  - Redirect HTTP->HTTPS automatico

main.py: HOST/PORT da env (default 127.0.0.1:8080 per dev locale).

README: sezione Deploy con build/push/run su VPS.

.dockerignore: esclude .venv, Test/, benchmarks/, md files.

Build + smoke test container: OK su port 18080.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

docker-compose.yml

@@ -0,0 +1,46 @@
+# docker-compose per deploy VPS con Traefik.
+# Assume che Traefik sia già attivo sulla VPS con:
+#   - network esterna "traefik" (adatta nome se diverso)
+#   - entrypoint "websecure" su :443
+#   - certresolver "letsencrypt" configurato
+#
+# Adattare eventualmente: nome network, entrypoint, certresolver.
+
+services:
+  pm2d:
+    image: ${REGISTRY:-localhost:5000}/pm2d:${TAG:-latest}
+    container_name: pm2d
+    restart: unless-stopped
+    environment:
+      IMAGES_DIR: /data/images
+      HOST: 0.0.0.0
+      PORT: 8080
+    volumes:
+      # Persistenza immagini tra restart (upload/selezione)
+      - ./images:/data/images
+    networks:
+      - traefik
+    labels:
+      - "traefik.enable=true"
+
+      # Router HTTPS principale
+      - "traefik.http.routers.pm2d.rule=Host(`pm.tielogic.xyz`)"
+      - "traefik.http.routers.pm2d.entrypoints=websecure"
+      - "traefik.http.routers.pm2d.tls=true"
+      - "traefik.http.routers.pm2d.tls.certresolver=letsencrypt"
+      - "traefik.http.services.pm2d.loadbalancer.server.port=8080"
+
+      # Middleware: upload fino a 50MB (default Traefik bufferizza a 4MB)
+      - "traefik.http.middlewares.pm2d-bodysize.buffering.maxRequestBodyBytes=52428800"
+      - "traefik.http.routers.pm2d.middlewares=pm2d-bodysize"
+
+      # Redirect HTTP → HTTPS
+      - "traefik.http.routers.pm2d-http.rule=Host(`pm.tielogic.xyz`)"
+      - "traefik.http.routers.pm2d-http.entrypoints=web"
+      - "traefik.http.routers.pm2d-http.middlewares=pm2d-redirect-https"
+      - "traefik.http.middlewares.pm2d-redirect-https.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.pm2d-redirect-https.redirectscheme.permanent=true"
+
+networks:
+  traefik:
+    external: true