proxitok/docker-compose.yml

85 lines
1.8 KiB
YAML

version: '3'
services:
web:
container_name: proxitok-web
image: ghcr.io/pablouser1/proxitok:master
# ports:
# - 8080:8080
environment:
- LATTE_CACHE=/cache
- API_CACHE=redis
- REDIS_HOST=proxitok-redis
- REDIS_PORT=6379
- API_SIGNER=remote
- API_SIGNER_URL=http://proxitok-signer:8080/signature
- APP_URL=https://proxitok.tams.tech
volumes:
- proxitok-cache:/cache
depends_on:
- redis
- signer
networks:
- proxitok
- web
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
labels:
# Traefik
traefik.docker.network: web
traefik.domain: tams.tech
traefik.enable: "true"
# Traefik v1
traefik.frontend.rule: Host:proxitok.tams.tech
# DNS discovery (not used)
tech.tams.dns_hosts: proxitok.tams.tech
# Traefik V2
traefik.http.routers.proxitok.rule: Host(`proxitok.tams.tech`)
traefik.http.routers.proxitok.tls: true
traefik.http.routers.proxitok.tls.certresolver: letsencrypt
redis:
container_name: proxitok-redis
image: redis:7-alpine
command: redis-server --save 60 1 --loglevel warning
restart: unless-stopped
networks:
- proxitok
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
tmpfs:
- /data:size=10M,mode=0770,uid=65534,gid=65534,noexec,nosuid,nodev
cap_drop:
- ALL
signer:
container_name: proxitok-signer
image: ghcr.io/pablouser1/signtok:master
init: true
networks:
- proxitok
user: nobody
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
volumes:
proxitok-cache:
networks:
proxitok:
internal: true
web:
external: true