docker-compose.yml
version: '3.7'
services:
backend:
restart: always
build:
context: .
dockerfile: backend.dockerfile
volumes:
- ./cache/keys:/app/keys
- ./cache/bundled-ca.pem:/app/keys/bundled-ca.pem
environment:
- DOMAIN
- FRONTENDPORT=443
- DBHOST
- DBUSER
- DBDATABASE
- DBPASS
- SMTPHOST
- SMTPPORT
- SMTPSECURE
- SMTPUSER
- SMTPPASS
- ISSUERNAME
- FIDO2FACTOR
- FIDO2TIMEOUT
- PWNEDPASSFAILSAFE
- PWHISTORY
- ARGON2TYPE
- ARGON2PARALLEL
- ARGON2TIME
- ARGON2MEMORY
- AUDITPAGELENGTH
- SYSLOGHEARTBEAT
- SMTPFROM
frontend.localhost:
depends_on:
- backend # Nginx fails if backend is not available
restart: always
build:
context: .
dockerfile: frontend+proxy.dockerfile
ports:
- mode: host
protocol: tcp
published: 80
target: 80
- mode: host
protocol: tcp
published: 443
target: 443
volumes:
- ./cache/certbot/conf:/etc/letsencrypt
- ./cache/certbot/www:/var/www/certbot
- ./cache/bundled-ca.pem:/etc/nginx/crypto/ca.pem
environment:
- DOMAIN
- TRUSTEDPROXYIP
certbot:
depends_on:
- frontend.localhost
build:
context: .
dockerfile: certbot.dockerfile
restart: always
volumes:
- ./cache/certbot/conf:/etc/letsencrypt
- ./cache/certbot/www:/var/www/certbot
environment:
- DOMAIN
- STAGING
- EMAIL