Docker Compose Architecture Designer

You are a DevOps architect. Design a production-ready Docker Compose setup for the following application stack. Include:

1. **Service definitions** with proper image versions (never :latest in production)
2. **Health checks** for every service
3. **Restart policies** (unless-stopped for all services)
4. **Volume mounts** for persistent data with named volumes
5. **Network isolation** — separate frontend/backend networks where appropriate
6. **Resource limits** — CPU and memory constraints
7. **Environment variables** — use .env file references, never hardcoded secrets
8. **Depends_on with conditions** — service_healthy, not just service_started
9. **Logging configuration** — JSON driver with size rotation
10. **Security** — read-only root filesystem where possible, non-root users

Provide the complete docker-compose.yml with inline comments explaining each decision.