83 lines
2.6 KiB
YAML
83 lines
2.6 KiB
YAML
services:
|
|
rmesh-online:
|
|
container_name: rmesh-online
|
|
restart: unless-stopped
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.rmesh.rule=(Host(`rspace.online`) || HostRegexp(`{subdomain:[a-z0-9-]+}.rspace.online`))
|
|
&& PathPrefix(`/rmesh`)
|
|
- traefik.http.routers.rmesh-online.rule=Host(`rmesh.online`)
|
|
- traefik.http.routers.rmesh-online.entrypoints=web
|
|
- traefik.http.routers.rmesh-online.priority=150
|
|
- traefik.http.routers.rmesh-online.service=rmesh
|
|
- traefik.http.routers.rmesh-online.middlewares=rmesh-rootredirect
|
|
- traefik.http.middlewares.rmesh-rootredirect.redirectregex.regex=^https?://rmesh\.online/?$
|
|
- traefik.http.middlewares.rmesh-rootredirect.redirectregex.replacement=https://rmesh.online/rmesh
|
|
- traefik.http.middlewares.rmesh-rootredirect.redirectregex.permanent=false
|
|
- traefik.http.routers.rmesh.entrypoints=web
|
|
- traefik.http.routers.rmesh.priority=140
|
|
- traefik.http.services.rmesh.loadbalancer.server.port=3000
|
|
- traefik.docker.network=traefik-public
|
|
environment:
|
|
- NEXTAUTH_URL=https://rspace.online/rmesh
|
|
- NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
|
|
- ENCRYPTID_SERVER_URL=https://auth.ridentity.online
|
|
- NEXT_PUBLIC_ENCRYPTID_SERVER_URL=https://auth.ridentity.online
|
|
- ROOT_DOMAIN=rspace.online
|
|
- NEXT_PUBLIC_ROOT_DOMAIN=rspace.online
|
|
- DATABASE_URL=postgresql://rmesh:${DB_PASSWORD}@rmesh-postgres:5432/rmesh
|
|
- INFISICAL_CLIENT_ID=${INFISICAL_CLIENT_ID}
|
|
- INFISICAL_CLIENT_SECRET=${INFISICAL_CLIENT_SECRET}
|
|
- INFISICAL_PROJECT_SLUG=rmesh
|
|
- RETICULUM_BRIDGE_URL=http://rmesh-reticulum:8000
|
|
- BRIDGE_API_KEY=${BRIDGE_API_KEY}
|
|
networks:
|
|
- traefik-public
|
|
- rmesh-internal
|
|
depends_on:
|
|
rmesh-postgres:
|
|
condition: service_healthy
|
|
cap_drop:
|
|
- ALL
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
image: localhost:3000/jeffemmett/rmesh-online:${IMAGE_TAG:-latest}
|
|
|
|
rmesh-postgres:
|
|
image: postgres:16-alpine
|
|
container_name: rmesh-postgres
|
|
restart: unless-stopped
|
|
environment:
|
|
- POSTGRES_USER=rmesh
|
|
- POSTGRES_PASSWORD=${DB_PASSWORD}
|
|
- POSTGRES_DB=rmesh
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
networks:
|
|
- rmesh-internal
|
|
healthcheck:
|
|
test:
|
|
- CMD-SHELL
|
|
- pg_isready -U rmesh -d rmesh
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- DAC_OVERRIDE
|
|
- FOWNER
|
|
- SETGID
|
|
- SETUID
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
|
|
networks:
|
|
traefik-public:
|
|
external: true
|
|
rmesh-internal:
|
|
internal: true
|
|
|
|
volumes:
|
|
postgres_data:
|