85 lines
1.8 KiB
YAML
85 lines
1.8 KiB
YAML
version: '3'
|
|
|
|
services:
|
|
web:
|
|
container_name: proxitok-web
|
|
image: ghcr.io/pablouser1/proxitok:master
|
|
# ports:
|
|
# - 8080:8080
|
|
environment:
|
|
- LATTE_CACHE=/cache
|
|
- API_CACHE=redis
|
|
- REDIS_HOST=proxitok-redis
|
|
- REDIS_PORT=6379
|
|
- API_SIGNER=remote
|
|
- API_SIGNER_URL=http://proxitok-signer:8080/signature
|
|
- APP_URL=https://proxitok.tams.tech
|
|
volumes:
|
|
- proxitok-cache:/cache
|
|
depends_on:
|
|
- redis
|
|
- signer
|
|
networks:
|
|
- proxitok
|
|
- web
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- SETGID
|
|
- SETUID
|
|
labels:
|
|
# Traefik
|
|
traefik.docker.network: web
|
|
traefik.domain: tams.tech
|
|
traefik.enable: "true"
|
|
# Traefik v1
|
|
traefik.frontend.rule: Host:proxitok.tams.tech
|
|
# DNS discovery (not used)
|
|
tech.tams.dns_hosts: proxitok.tams.tech
|
|
# Traefik V2
|
|
traefik.http.routers.proxitok.rule: Host(`proxitok.tams.tech`)
|
|
traefik.http.routers.proxitok.tls: true
|
|
traefik.http.routers.proxitok.tls.certresolver: letsencrypt
|
|
|
|
|
|
redis:
|
|
container_name: proxitok-redis
|
|
image: redis:7-alpine
|
|
command: redis-server --save 60 1 --loglevel warning
|
|
restart: unless-stopped
|
|
networks:
|
|
- proxitok
|
|
user: nobody
|
|
read_only: true
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
tmpfs:
|
|
- /data:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
|
|
cap_drop:
|
|
- ALL
|
|
|
|
signer:
|
|
container_name: proxitok-signer
|
|
image: ghcr.io/pablouser1/signtok:master
|
|
init: true
|
|
networks:
|
|
- proxitok
|
|
user: nobody
|
|
read_only: true
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
cap_drop:
|
|
- ALL
|
|
|
|
volumes:
|
|
proxitok-cache:
|
|
|
|
networks:
|
|
proxitok:
|
|
internal: true
|
|
web:
|
|
external: true
|