version: '3.7' # Environment variables are replaced with definitions in .env, when run with: # # env $(cat .env | grep ^[A-Z] | xargs) docker stack deploy --compose-file docker-compose.yml server networks: default: driver: overlay volumes: traefik-certs: {} services: traefik: image: traefik:v2.6.6 ports: - 80:80 - 443:443 deploy: #replicas: 2 # https://youtu.be/btHpHjabRcc placement: constraints: - node.role == manager labels: - traefik.enable=true # Enable the dashboard UI - traefik.http.routers.api.rule=Host(`board.${DOMAIN}`) - traefik.http.routers.api.service=api@internal - traefik.http.routers.api.middlewares=auth - traefik.http.routers.api.tls=true - "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_API_USERS}" # Dummy service for Swarm port detection. The port can be any valid integer value. - traefik.http.services.dummy-svc.loadbalancer.server.port=9999 - traefik.http.routers.traefik.tls=true # Use LS to get/renew certs for the TLD & subdomains - traefik.http.routers.traefik.tls.certresolver=le - traefik.http.routers.traefik.tls.domains[0].main=${DOMAIN} - traefik.http.routers.traefik.tls.domains[0].sans=*.${DOMAIN} volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ${CONTAINERS_DIR}/traefik/static.toml:/static.toml # cert storage can't be shared: https://doc.traefik.io/traefik/https/acme/#storage - traefik-certs:/certificates command: # Require a "traefik.enable=true" label - --providers.docker.exposedbydefault=false - --providers.docker.swarmmode=true # HTTP redirects to HTTPS - --entrypoints.web.address=:80 - --entrypoints.web.http.redirections.entrypoint.permanent=false - --entrypoints.web.http.redirections.entryPoint.to=websecure - --entrypoints.web.http.redirections.entryPoint.scheme=https - --entrypoints.websecure.address=:443 # Auto cert renewal via cloudflare - --certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL} - --certificatesresolvers.le.acme.storage=/certificates/acme.json - --certificatesresolvers.le.acme.dnschallenge.provider=cloudflare - --certificatesresolvers.le.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53 # debug, uncomment for testing #- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory #- --log.level=DEBUG - --accesslog=true - --log=true # Enable the traefik dashboard - --api=true - --providers.file.filename=/static.toml environment: - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL} - CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY} jekyll: image: jibby0/docker-jekyll-webhook:test deploy: replicas: 2 labels: - traefik.enable=true - traefik.http.routers.jekyll.tls=true - traefik.http.routers.jekyll.rule=Host(`${DOMAIN}`) - traefik.http.services.jekyll.loadbalancer.server.port=80 environment: - TZ=America/New_York - WEBHOOK_SECRET=${WEBHOOK_SECRET} - REPO=https://github.com/jibby0/blog.git restart: always volumes: - ${CONTAINERS_DIR}/jekyll/vendor_cache:/vendor postgres: image: postgres:13.2 volumes: - ${CONTAINERS_DIR}/postgres/data:/var/lib/postgresql/data - ${CONTAINERS_DIR}/postgres/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d environment: - POSTGRES_USER=${POSTGRES_USER} - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} restart: always nextcloud: image: nextcloud:23.0.0 deploy: labels: - traefik.enable=true - traefik.http.routers.nextcloud.tls=true - traefik.http.routers.nextcloud.rule=Host(`nextcloud.${DOMAIN}`) - traefik.http.services.nextcloud.loadbalancer.server.port=80 expose: - "80" links: - postgres volumes: - ${CONTAINERS_DIR}/nextcloud:/var/www/html restart: always gogs: image: gogs/gogs:0.12.0 deploy: labels: - traefik.enable=true - traefik.http.routers.gogs.tls=true - traefik.http.routers.gogs.rule=Host(`gogs.${DOMAIN}`) - traefik.http.services.gogs.loadbalancer.server.port=3000 expose: - "3000" volumes: - ${CONTAINERS_DIR}/gogs:/data # NOTE: My gogs instance isn't happy with postgres. For now, it's a small server # and sqlite is fine, but I should fix this eventually. #links: # - postgres restart: always matrix: image: matrixdotorg/synapse:v1.55.2 deploy: labels: - traefik.enable=true - traefik.http.routers.matrix.tls=true - traefik.http.routers.matrix.rule=Host(`matrix.${DOMAIN}`) - traefik.http.services.matrix.loadbalancer.server.port=8008 expose: - "8008" links: - postgres # NOTE: These don't directly configure anything anymore. # They can be used with `migrate_config` to build # homeserver.yaml # environment: # - SYNAPSE_SERVER_NAME=matrix.${DOMAIN} # - SYNAPSE_REPORT_STATS=no # - SYNAPSE_NO_TLS=true # - SYNAPSE_ENABLE_REGISTRATION=no # - SYNAPSE_LOG_LEVEL=INFO # - SYNAPSE_REGISTRATION_SHARED_SECRET=${POSTGRES_PASSWORD} # - POSTGRES_DB=synapse # - POSTGRES_HOST=postgres # - POSTGRES_USER=synapse # - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} volumes: - ${CONTAINERS_DIR}/matrix:/data restart: always matrix_wellknown: image: adrianrudnik/matrix-wellknown-server:1.0.1 volumes: - ${CONTAINERS_DIR}/matrix/wellknown:/var/schema deploy: labels: - traefik.enable=true - traefik.http.routers.matrix-wellknown.tls=true - traefik.http.routers.matrix-wellknown.rule=Host(`matrix.${DOMAIN}`) && PathPrefix(`/.well-known/matrix/`) - traefik.http.services.matrix-wellknown.loadbalancer.server.port=8080 expose: - "8080" selfoss: image: jibby0/selfoss:2.18 deploy: labels: - traefik.enable=true - traefik.http.routers.selfoss.tls=true - traefik.http.routers.selfoss.rule=Host(`selfoss.${DOMAIN}`) - traefik.http.services.selfoss.loadbalancer.server.port=8888 expose: - "8888" links: - postgres volumes: - ${CONTAINERS_DIR}/selfoss:/selfoss/data environment: - CRON_PERIOD=5m restart: always