feat: Production-ready Docker infrastructure with Directus CMS

- Add separated Docker Compose architecture (astro/infrastructure/override)
- Implement Directus + PostgreSQL with pinned versions (10.12.0/15.5-alpine)
- Add comprehensive database safety protections and backup scripts
- Configure production-ready NGINX reverse proxy setup
- Add container names, labels, and enhanced healthchecks
- Remove fallback environment variables for explicit production config
- Include log rotation and monitoring improvements

Infrastructure deployment:
- npm run docker:infrastructure:up (one-time setup)
- npm run docker:astro:up (regular deployments)
- npm run db:backup/restore/status (database management)

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

docker-compose.infrastructure.yml

@@ -0,0 +1,101 @@
+version: '3.8'
+
+services:
+  postgres:
+    image: postgres:15.5-alpine
+    container_name: bct-postgres
+    environment:
+      POSTGRES_DB: directus
+      POSTGRES_USER: directus
+      POSTGRES_PASSWORD: ${DIRECTUS_DB_PASSWORD}
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U directus -d directus"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - bct-network
+
+  directus:
+    image: directus/directus:10.12.0
+    container_name: bct-directus
+    ports:
+      - "8055:8055"
+    environment:
+      KEY: ${DIRECTUS_KEY}
+      SECRET: ${DIRECTUS_SECRET}
+      
+      # Database
+      DB_CLIENT: pg
+      DB_HOST: postgres
+      DB_PORT: 5432
+      DB_DATABASE: directus
+      DB_USER: directus
+      DB_PASSWORD: ${DIRECTUS_DB_PASSWORD}
+      
+      # Security
+      CORS_ENABLED: true
+      CORS_ORIGIN: ${DIRECTUS_CORS_ORIGIN}
+      
+      # Database initialization & safety
+      DB_INIT_TIMEOUT: 60000
+      DB_EXCLUDE_DEFAULTS: false
+      
+      # Admin user (only creates if no users exist)
+      ADMIN_EMAIL: ${DIRECTUS_ADMIN_EMAIL}
+      ADMIN_PASSWORD: ${DIRECTUS_ADMIN_PASSWORD}
+      
+      # Safety: Prevent database reinitialization
+      DB_RESET_ON_START: false
+      
+      # Storage
+      STORAGE_LOCATIONS: local
+      STORAGE_LOCAL_ROOT: /directus/uploads
+      
+      # Cache & Session
+      CACHE_ENABLED: false
+      RATE_LIMITER_ENABLED: true
+      RATE_LIMITER_POINTS: 25
+      RATE_LIMITER_DURATION: 1
+      
+      # Email (optional - configure in .env.infrastructure.local)
+      EMAIL_FROM: ${DIRECTUS_EMAIL_FROM}
+      EMAIL_TRANSPORT: ${DIRECTUS_EMAIL_TRANSPORT}
+      EMAIL_SMTP_HOST: ${DIRECTUS_SMTP_HOST}
+      EMAIL_SMTP_PORT: ${DIRECTUS_SMTP_PORT}
+      EMAIL_SMTP_USER: ${DIRECTUS_SMTP_USER}
+      EMAIL_SMTP_PASSWORD: ${DIRECTUS_SMTP_PASSWORD}
+      
+    volumes:
+      - directus_uploads:/directus/uploads
+      # Extensions: Choose one option below
+      - directus_extensions:/directus/extensions  # Option 1: Docker volume (not version controlled)
+      # - ./directus/extensions:/directus/extensions  # Option 2: Bind mount (version controlled)
+    restart: unless-stopped
+    depends_on:
+      postgres:
+        condition: service_healthy
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8055/server/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 30s
+    networks:
+      - bct-network
+
+volumes:
+  postgres_data:
+    driver: local
+  directus_uploads:
+    driver: local  
+  directus_extensions:
+    driver: local
+
+networks:
+  default:
+    external:
+      name: bct-network