-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathdocker-compose.prod.yml
More file actions
118 lines (115 loc) · 3.98 KB
/
docker-compose.prod.yml
File metadata and controls
118 lines (115 loc) · 3.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
---
services:
db:
build:
context: .
dockerfile: pocketbase/Dockerfile.prod
restart: unless-stopped
healthcheck:
test: [CMD, wget, --spider, -q, http://localhost:8090/api/health]
interval: 10s
retries: 5
start_period: 30s
timeout: 5s
environment:
APP_NAME: Fushigi
APP_URL: https://fushigi.bunkbed.tech
SENDER_ADDRESS: tahoeschrader@gmail.com
SENDER_NAME: "Fushigi App"
ADMIN_EMAIL: ${ADMIN_EMAIL}
ADMIN_PASSWORD: ${ADMIN_PASSWORD}
SMTP_USERNAME: ${SMTP_EMAIL}
SMTP_PASSWORD: ${SMTP_PASSWORD}
SMTP_HOST: ${SMTP_HOST}
SMTP_PORT: ${SMTP_PORT}
PB_ENCRYPTION_KEY: ${PB_ENCRYPTION_KEY}
VITE_API_BASE: https://fushigi.bunkbed.tech
IS_PROD: true
APP_ENV: prod
labels:
- traefik.enable=true
- traefik.http.routers.db.rule=Host(`fushigi.bunkbed.tech`)
- traefik.http.services.db.loadbalancer.server.port=8090
- traefik.http.routers.db.entrypoints=websecure
- traefik.http.routers.db.tls.certresolver=myresolver
- traefik.http.routers.db.middlewares=security
logging:
driver: json-file
options:
max-size: 10m
max-file: 3
demo:
build:
context: .
dockerfile: pocketbase/Dockerfile.prod
restart: unless-stopped
healthcheck:
test: [CMD, wget, --spider, -q, http://localhost:8090/api/health]
interval: 10s
retries: 5
start_period: 30s
timeout: 5s
environment:
APP_NAME: Fushigi
APP_URL: https://demo.fushigi.bunkbed.tech
SENDER_ADDRESS: info@bunkbed.tech
SENDER_NAME: "Fushigi App"
ADMIN_EMAIL: ${ADMIN_EMAIL}
ADMIN_PASSWORD: ${ADMIN_PASSWORD}
SMTP_USERNAME: ${SMTP_EMAIL}
SMTP_PASSWORD: ${SMTP_PASSWORD}
SMTP_HOST: ${SMTP_HOST}
SMTP_PORT: ${SMTP_PORT}
PB_ENCRYPTION_KEY: ${PB_ENCRYPTION_KEY}
VITE_API_BASE: https://demo.fushigi.bunkbed.tech
IS_PROD: false
APP_ENV: demo
labels:
- traefik.enable=true
- traefik.http.routers.demo.rule=Host(`demo.fushigi.bunkbed.tech`)
- traefik.http.services.demo.loadbalancer.server.port=8090
- traefik.http.routers.demo.entrypoints=websecure
- traefik.http.routers.demo.tls.certresolver=myresolver
- traefik.http.routers.demo.middlewares=security
logging:
driver: json-file
options:
max-size: 5m
max-file: 1
traefik:
image: traefik:v3.5
labels:
# Extra security features from ai
- traefik.enable=true
- traefik.http.middlewares.security.headers.referrerPolicy=strict-origin-when-cross-origin
- traefik.http.middlewares.security.headers.frameDeny=true
- traefik.http.middlewares.security.headers.contentTypeNosniff=true
- traefik.http.middlewares.security.headers.browserXssFilter=true
command:
# - --log.level=DEBUG
# - --api.insecure=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entryPoints.websecure.address=:443
# Force to always use https (TODO: is the middleware better?)
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.web.http.redirections.entryPoint.permanent=true
# Issue certificates with Let's Encrypt
- --certificatesresolvers.myresolver.acme.httpchallenge=true
- --certificatesresolvers.myresolver.acme.caServer=https://acme-v02.api.letsencrypt.org/directory
- --certificatesresolvers.myresolver.acme.email=webmaster@bunkbed.tech
- --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./letsencrypt:/letsencrypt
logging:
driver: json-file
options:
max-size: 10m
max-file: 3