docker: multi-arch image via buildx BUILDPLATFORM/TARGETARCH

Rework the Dockerfile to produce a proper multi-arch manifest from a
single `docker buildx build --platform linux/amd64,linux/arm64`. The
builder stage runs on the host's native arch ($BUILDPLATFORM) and Go
cross-compiles to each requested $TARGETARCH via the Makefile's
build-$TARGETARCH targets — no qemu-emulated builder, no per-arch
Dockerfile duplication. VERSION/COMMIT/DATE flow from --build-arg
through to the -ldflags -X injection so images stamp the same metadata
as `make build` on bare metal.

docker-compose.yml gains Docker Compose "profiles" (collector,
aggregator, frontend) and an `env_file: .env`, mirroring vpp-maglev's
pattern. All three services ship from one multi-arch image and select
their binary via `command:`. Collector uses network_mode: host so UDP
from host nginx on 127.0.0.1 actually reaches it; aggregator/frontend
bridge-network with published ports.

.env.example documents every COLLECTOR_*, AGGREGATOR_*, FRONTEND_* env
var with its default plus COMPOSE_PROFILES and notes for Docker-specific
cases (service DNS names, AGGREGATOR_COLLECTORS spelling). .gitignore
excludes /.env so local tunables stay local.

Verified: `docker buildx build --platform linux/amd64,linux/arm64` goes
through cleanly from one invocation; local --load build's four binaries
report version 0.9.1 with the injected commit/date.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

docker-compose.yml

@@ -1,26 +1,69 @@
+# docker-compose.yml — nginx-logtail container stack
+#
+# One multi-arch image ships all four binaries (built by the companion
+# Dockerfile). Each service below picks which binary it runs via
+# `command:`. Services are opt-in via Docker Compose "profiles":
+#
+#   cp .env.example .env
+#   $EDITOR .env                  # set COMPOSE_PROFILES and tunables
+#   docker compose up -d
+#
+# Valid profile names: collector, aggregator, frontend.
+#
+# Typical deployments:
+#
+#   COMPOSE_PROFILES=aggregator,frontend      # central host (default)
+#   COMPOSE_PROFILES=collector                # nginx host running only the collector in Docker
+#   COMPOSE_PROFILES=collector,aggregator,frontend  # single-host all-in-one
+#
+# See .env.example for every tunable.
+
 services:
-  aggregator:
-    build: .
-    image: git.ipng.ch/ipng/nginx-logtail
-    command: ["/usr/local/bin/aggregator"]
+  collector:
+    profiles: [collector]
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: git.ipng.ch/ipng/nginx-logtail:latest
+    container_name: nginx-logtail-collector
     restart: unless-stopped
-    environment:
-      AGGREGATOR_LISTEN: ":9091"
-      AGGREGATOR_COLLECTORS: ""   # e.g. "collector1:9090,collector2:9090"
-      AGGREGATOR_SOURCE: ""       # defaults to container hostname
+    command: ["/usr/local/bin/collector"]
+    env_file: .env
+
+    # Host networking is the simplest way to accept UDP datagrams from a
+    # host nginx on 127.0.0.1:9514 — bridge networking with port mapping
+    # does not round-trip packets that never leave loopback. Mac/Windows
+    # Docker Desktop users must switch to a bridge + explicit
+    # COLLECTOR_LOGTAIL_BIND.
+    network_mode: host
+
+    # Mount nginx log directory so the file tailer can read it. Harmless
+    # when COLLECTOR_LOGS is empty (the collector simply runs UDP-only).
+    volumes:
+      - /var/log/nginx:/var/log/nginx:ro
+
+  aggregator:
+    profiles: [aggregator]
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: git.ipng.ch/ipng/nginx-logtail:latest
+    container_name: nginx-logtail-aggregator
+    restart: unless-stopped
+    command: ["/usr/local/bin/aggregator"]
+    env_file: .env
     ports:
-      - "9091:9091"
+      - "9091:9091"                 # gRPC
 
   frontend:
-    image: git.ipng.ch/ipng/nginx-logtail
-    command: ["/usr/local/bin/frontend"]
+    profiles: [frontend]
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: git.ipng.ch/ipng/nginx-logtail:latest
+    container_name: nginx-logtail-frontend
     restart: unless-stopped
-    environment:
-      FRONTEND_LISTEN: ":8080"
-      FRONTEND_TARGET: "aggregator:9091"
-      FRONTEND_N: "25"
-      FRONTEND_REFRESH: "30"
+    command: ["/usr/local/bin/frontend"]
+    env_file: .env
     ports:
-      - "8080:8080"
-    depends_on:
-      - aggregator
+      - "8080:8080"                 # HTTP dashboard