Simplify compose file structure: Use docker-compose.yml as default

Changes:
- Renamed docker-compose.production.yml → docker-compose.yml (main config)
- Moved unused compose files to compose-variants/ folder:
  - docker-compose.local.yml → compose-variants/
  - docker-compose.authelia.yml → compose-variants/
  - docker-compose.caddy.yml → compose-variants/
  - docker-compose.yml (old) → compose-variants/docker-compose.old.yml
- Added compose-variants/README.md explaining the variants

Benefits:
- Default command now works: docker compose up -d (no -f flag needed)
- Cleaner project root directory
- Clear separation between active config and variants
- Multi-machine deployment is the default mode

Updated Documentation:
- MULTI_MACHINE_CONFIG_SNIPPETS.md: Removed -f flags from all commands
- README.md: Updated deploy commands to use simplified syntax
- All commands now use: docker compose up -d

Deployment Modes (from docker-compose.yml):
1. Multi-machine (default):
   docker compose up -d
   → Starts: Synapse, MAS, Element, PostgreSQL only

2. Single-machine with Authelia:
   docker compose --profile single-machine --profile authelia up -d
   → Starts everything including Caddy and Authelia

3. Single-machine without Authelia:
   docker compose --profile single-machine up -d
   → Starts everything with Caddy, no Authelia

This makes the default behavior match the multi-machine architecture
where Caddy and Authelia run on separate servers.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

MULTI_MACHINE_CONFIG_SNIPPETS.md

@@ -8,6 +8,7 @@ This document provides configuration snippets for deploying Matrix stack across
 ✅ **Authelia has its own reverse proxy on Machine 2**
 ✅ **MAS connects to Authelia via HTTPS (not internal port 9091)**
 ✅ **DNS points authelia.example.com directly to Machine 2**
+✅ **docker-compose.yml defaults to multi-machine mode (no Caddy/Authelia containers)**
 
 ## Architecture
 
@@ -670,14 +671,20 @@ curl https://auth.example.com/.well-known/openid-configuration
 cd /path/to/matrix-docker-compose
 
 # Start Matrix services ONLY (no Caddy, no Authelia)
-# (They're running on separate machines)
-
-# Start Matrix services
-docker compose -f docker-compose.production.yml up -d
-
+# Multi-machine mode (default) - only starts Synapse, MAS, Element, PostgreSQL
+docker compose up -d
+
 # Check services
 docker compose ps
-```
+
+# You should see ONLY these services running:
+# - matrix-postgres
+# - matrix-synapse
+# - matrix-mas
+# - matrix-element
+
+# Caddy and Authelia are NOT started (they run on separate machines)
+```
 
 ### Phase 5: Verify Everything Works
 
@@ -799,3 +806,43 @@ If any fail:
 - Check reverse proxy configs
 - Review Let's Encrypt certificate issuance in logs
 
+---
+
+## Docker Compose Deployment Modes
+
+The production compose file supports multiple deployment architectures:
+
+### Multi-Machine Mode (Default) ← YOU WANT THIS
+
+```bash
+docker compose up -d
+```
+
+**What starts:**
+- ✅ PostgreSQL
+- ✅ Synapse (Matrix homeserver)
+- ✅ MAS (Authentication service)
+- ✅ Element (Web client)
+
+**What does NOT start:**
+- ❌ Caddy (runs separately on Machine 1)
+- ❌ Authelia (runs separately on Machine 2)
+- ❌ Redis (only needed if Authelia is in Docker)
+
+This is the default mode - no profiles needed!
+
+### Single-Machine Mode
+
+For all-in-one deployments where everything runs on one server:
+
+```bash
+# With Authelia
+docker compose --profile single-machine --profile authelia up -d
+
+# Without Authelia
+docker compose --profile single-machine up -d
+```
+
+**What starts:** Everything including Caddy in Docker with Let's Encrypt
+
+

README.md

@@ -87,11 +87,14 @@ See [PRODUCTION_DEPLOYMENT.md](PRODUCTION_DEPLOYMENT.md) for:
 
 **Deploy command:**
 ```bash
-# With Authelia
-docker compose -f docker-compose.production.yml --profile authelia up -d
+# Multi-machine (default) - Matrix server only, Caddy/Authelia on separate machines
+docker compose up -d
 
-# Without Authelia
-docker compose -f docker-compose.production.yml up -d
+# Single-machine with Authelia - Everything on one server
+docker compose --profile single-machine --profile authelia up -d
+
+# Single-machine without Authelia
+docker compose --profile single-machine up -d
 ```
 
 ## Authentication Options

compose-variants/README.md

@@ -0,0 +1,26 @@
+# Compose File Variants
+
+This folder contains alternative Docker Compose configurations that are not used in the main deployment.
+
+## Files
+
+- **docker-compose.old.yml** - Original compose configuration (legacy)
+- **docker-compose.local.yml** - Local testing configuration with self-signed certificates
+- **docker-compose.authelia.yml** - Standalone Authelia service
+- **docker-compose.caddy.yml** - Standalone Caddy service
+
+## Active Configuration
+
+The active configuration is in the root directory as **docker-compose.yml** (production configuration).
+
+## Usage
+
+These variants can be used for:
+- Local development and testing (docker-compose.local.yml)
+- Reference for different deployment architectures
+- Standalone service testing
+
+To use a variant:
+```bash
+docker compose -f compose-variants/docker-compose.local.yml up -d
+```

compose-variants/docker-compose.old.yml

@@ -1,10 +1,3 @@
-# Production docker-compose file for Matrix stack
-# This configuration:
-# - Uses real domain names with Let's Encrypt SSL certificates
-# - Makes Authelia optional (use --profile authelia to enable)
-# - Includes Caddy for HTTPS termination
-# - Configures all services for production use
-
 services:
   # PostgreSQL Database
   postgres:
@@ -14,7 +7,7 @@ services:
     environment:
       POSTGRES_DB: synapse
       POSTGRES_USER: synapse
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
       POSTGRES_INITDB_ARGS: --encoding=UTF-8 --lc-collate=C --lc-ctype=C
     volumes:
       - ./postgres/data:/var/lib/postgresql/data
@@ -36,11 +29,9 @@ services:
       SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
     volumes:
       - ./synapse/data:/data
-      - ./bridges:/bridges:ro
     # Ports exposed only to internal network - access via Caddy
     expose:
       - "8008"
-      - "8448"  # Federation port
     networks:
       - matrix-network
     depends_on:
@@ -69,8 +60,6 @@ services:
 
   # Redis for Authelia session storage
   redis:
-    profiles:
-      - authelia  # Only started when Authelia profile is active
     image: redis:7-alpine
     container_name: matrix-redis
     restart: unless-stopped
@@ -82,6 +71,30 @@ services:
       timeout: 5s
       retries: 5
 
+  # Authelia SSO
+  authelia:
+    image: authelia/authelia:latest
+    container_name: matrix-authelia
+    restart: unless-stopped
+    environment:
+      TZ: Europe/Berlin
+      AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
+      AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
+      AUTHELIA_JWT_SECRET: ${AUTHELIA_JWT_SECRET}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+    volumes:
+      - ./authelia/config:/config
+    # Accessed via Caddy
+    expose:
+      - "9091"
+    networks:
+      - matrix-network
+    depends_on:
+      postgres:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+
   # Matrix Authentication Service (MAS)
   mas:
     image: ghcr.io/element-hq/matrix-authentication-service:latest
@@ -101,13 +114,34 @@ services:
     depends_on:
       postgres:
         condition: service_healthy
-      # Note: Redis/Authelia dependency removed - works with or without Authelia
-    # Healthcheck disabled: MAS uses distroless image without curl
-    # healthcheck:
-    #   test: ["CMD", "curl", "-f", "http://localhost:8081/health"]
-    #   interval: 30s
-    #   timeout: 10s
-    #   retries: 3
+      authelia:
+        condition: service_started
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8081/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+  # Caddy Reverse Proxy (HTTPS termination)
+  caddy:
+    image: caddy:2-alpine
+    container_name: matrix-caddy
+    restart: unless-stopped
+    ports:
+      - "443:443"
+      - "80:80"
+      - "2019:2019"  # Admin API
+    volumes:
+      - ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro
+      - ./caddy/data:/data
+      - ./caddy/config:/config
+    networks:
+      - matrix-network
+    depends_on:
+      - synapse
+      - element
+      - mas
+      - authelia
 
   # mautrix-telegram Bridge
   mautrix-telegram:
@@ -148,53 +182,6 @@ services:
       synapse:
         condition: service_healthy
 
-  # Authelia SSO (Optional - use profile "authelia" to enable)
-  authelia:
-    profiles:
-      - authelia  # Only started when Authelia profile is active
-    image: authelia/authelia:latest
-    container_name: matrix-authelia
-    restart: unless-stopped
-    environment:
-      TZ: ${TZ:-UTC}
-      AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
-      AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
-      AUTHELIA_JWT_SECRET: ${AUTHELIA_JWT_SECRET}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
-    volumes:
-      - ./authelia/config:/config
-    # Accessed via Caddy
-    expose:
-      - "9091"
-    networks:
-      - matrix-network
-    depends_on:
-      postgres:
-        condition: service_healthy
-      redis:
-        condition: service_healthy
-
-  # Caddy Reverse Proxy (HTTPS termination with Let's Encrypt)
-  caddy:
-    image: caddy:2-alpine
-    container_name: matrix-caddy
-    restart: unless-stopped
-    ports:
-      - "443:443"
-      - "80:80"
-      - "2019:2019"  # Admin API
-    volumes:
-      - ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro
-      - ./caddy/data:/data
-      - ./caddy/config:/config
-    networks:
-      - matrix-network
-    depends_on:
-      - synapse
-      - element
-      - mas
-      # Note: Authelia dependency removed - works with or without Authelia
-
 networks:
   matrix-network:
     driver: bridge

docker-compose.yml

@@ -1,3 +1,19 @@
+# Production docker-compose file for Matrix stack
+# This configuration:
+# - Uses real domain names with Let's Encrypt SSL certificates
+# - Makes Authelia optional (use --profile authelia to enable)
+# - Makes Caddy optional (use --profile single-machine for all-in-one deployment)
+# - Configures all services for production use
+#
+# Deployment Modes:
+# 1. Multi-machine (default): docker compose -f docker-compose.production.yml up -d
+#    - Runs: Synapse, MAS, Element, PostgreSQL only
+#    - Caddy and Authelia run on separate machines
+# 2. Single-machine with Authelia: docker compose -f docker-compose.production.yml --profile single-machine --profile authelia up -d
+#    - Runs everything on one machine with Caddy + Authelia
+# 3. Single-machine without Authelia: docker compose -f docker-compose.production.yml --profile single-machine up -d
+#    - Runs everything on one machine with Caddy, no Authelia
+
 services:
   # PostgreSQL Database
   postgres:
@@ -7,7 +23,7 @@ services:
     environment:
       POSTGRES_DB: synapse
       POSTGRES_USER: synapse
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-changeme}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
       POSTGRES_INITDB_ARGS: --encoding=UTF-8 --lc-collate=C --lc-ctype=C
     volumes:
       - ./postgres/data:/var/lib/postgresql/data
@@ -29,9 +45,11 @@ services:
       SYNAPSE_CONFIG_PATH: /data/homeserver.yaml
     volumes:
       - ./synapse/data:/data
+      - ./bridges:/bridges:ro
     # Ports exposed only to internal network - access via Caddy
     expose:
       - "8008"
+      - "8448"  # Federation port
     networks:
       - matrix-network
     depends_on:
@@ -60,6 +78,8 @@ services:
 
   # Redis for Authelia session storage
   redis:
+    profiles:
+      - authelia  # Only started when Authelia profile is active
     image: redis:7-alpine
     container_name: matrix-redis
     restart: unless-stopped
@@ -71,30 +91,6 @@ services:
       timeout: 5s
       retries: 5
 
-  # Authelia SSO
-  authelia:
-    image: authelia/authelia:latest
-    container_name: matrix-authelia
-    restart: unless-stopped
-    environment:
-      TZ: Europe/Berlin
-      AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
-      AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
-      AUTHELIA_JWT_SECRET: ${AUTHELIA_JWT_SECRET}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
-    volumes:
-      - ./authelia/config:/config
-    # Accessed via Caddy
-    expose:
-      - "9091"
-    networks:
-      - matrix-network
-    depends_on:
-      postgres:
-        condition: service_healthy
-      redis:
-        condition: service_healthy
-
   # Matrix Authentication Service (MAS)
   mas:
     image: ghcr.io/element-hq/matrix-authentication-service:latest
@@ -114,34 +110,13 @@ services:
     depends_on:
       postgres:
         condition: service_healthy
-      authelia:
-        condition: service_started
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8081/health"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-
-  # Caddy Reverse Proxy (HTTPS termination)
-  caddy:
-    image: caddy:2-alpine
-    container_name: matrix-caddy
-    restart: unless-stopped
-    ports:
-      - "443:443"
-      - "80:80"
-      - "2019:2019"  # Admin API
-    volumes:
-      - ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro
-      - ./caddy/data:/data
-      - ./caddy/config:/config
-    networks:
-      - matrix-network
-    depends_on:
-      - synapse
-      - element
-      - mas
-      - authelia
+      # Note: Redis/Authelia dependency removed - works with or without Authelia
+    # Healthcheck disabled: MAS uses distroless image without curl
+    # healthcheck:
+    #   test: ["CMD", "curl", "-f", "http://localhost:8081/health"]
+    #   interval: 30s
+    #   timeout: 10s
+    #   retries: 3
 
   # mautrix-telegram Bridge
   mautrix-telegram:
@@ -182,6 +157,57 @@ services:
       synapse:
         condition: service_healthy
 
+  # Authelia SSO (Optional - use profile "authelia" to enable)
+  authelia:
+    profiles:
+      - authelia  # Only started when Authelia profile is active
+    image: authelia/authelia:latest
+    container_name: matrix-authelia
+    restart: unless-stopped
+    environment:
+      TZ: ${TZ:-UTC}
+      AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
+      AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
+      AUTHELIA_JWT_SECRET: ${AUTHELIA_JWT_SECRET}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+    volumes:
+      - ./authelia/config:/config
+    # Accessed via Caddy
+    expose:
+      - "9091"
+    networks:
+      - matrix-network
+    depends_on:
+      postgres:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+
+  # Caddy Reverse Proxy (HTTPS termination with Let's Encrypt)
+  # For multi-machine deployments: Don't use this profile (Caddy runs separately)
+  # For single-machine deployments: Use --profile single-machine
+  caddy:
+    profiles:
+      - single-machine  # Only started for single-machine deployments
+    image: caddy:2-alpine
+    container_name: matrix-caddy
+    restart: unless-stopped
+    ports:
+      - "443:443"
+      - "80:80"
+      - "2019:2019"  # Admin API
+    volumes:
+      - ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro
+      - ./caddy/data:/data
+      - ./caddy/config:/config
+    networks:
+      - matrix-network
+    depends_on:
+      - synapse
+      - element
+      - mas
+      # Note: Authelia dependency removed - works with or without Authelia
+
 networks:
   matrix-network:
     driver: bridge