services: rnotes: build: context: . additional_contexts: sdk: ../encryptid-sdk container_name: rnotes-frontend restart: unless-stopped ports: - "3100:3000" - "4444:4444" environment: - DATABASE_URL=postgresql://rnotes:${DB_PASSWORD}@rnotes-db:5432/rnotes - NEXTAUTH_SECRET=${NEXTAUTH_SECRET} - NEXTAUTH_URL=https://rnotes.online - ENCRYPTID_SERVER_URL=https://auth.ridentity.online - NEXT_PUBLIC_ENCRYPTID_SERVER_URL=https://auth.ridentity.online - NEXT_PUBLIC_SYNC_URL=wss://rnotes.online/sync - SYNC_SERVER_PORT=4444 depends_on: rnotes-db: condition: service_healthy networks: - traefik-public - rnotes-internal labels: - "traefik.enable=true" # Main app - "traefik.http.routers.rnotes.rule=Host(`rnotes.online`) || HostRegexp(`{subdomain:[a-z0-9-]+}.rnotes.online`)" - "traefik.http.routers.rnotes.entrypoints=websecure" - "traefik.http.routers.rnotes.tls.certresolver=letsencrypt" - "traefik.http.services.rnotes.loadbalancer.server.port=3000" # WebSocket sync - "traefik.http.routers.rnotes-sync.rule=(Host(`rnotes.online`) || HostRegexp(`{subdomain:[a-z0-9-]+}.rnotes.online`)) && PathPrefix(`/sync`)" - "traefik.http.routers.rnotes-sync.entrypoints=websecure" - "traefik.http.routers.rnotes-sync.tls.certresolver=letsencrypt" - "traefik.http.services.rnotes-sync.loadbalancer.server.port=4444" - "traefik.http.middlewares.rnotes-sync-strip.stripprefix.prefixes=/sync" - "traefik.http.routers.rnotes-sync.middlewares=rnotes-sync-strip" security_opt: - no-new-privileges:true rnotes-db: image: postgres:16-alpine container_name: rnotes-db restart: unless-stopped environment: - POSTGRES_DB=rnotes - POSTGRES_USER=rnotes - POSTGRES_PASSWORD=${DB_PASSWORD} volumes: - rnotes-pgdata:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U rnotes"] interval: 10s timeout: 5s retries: 5 networks: - rnotes-internal security_opt: - no-new-privileges:true volumes: rnotes-pgdata: networks: traefik-public: external: true rnotes-internal: driver: bridge