rnotes-online/docker-compose.yml

services:
  rnotes:
    build:
      context: .
    container_name: rnotes-frontend
    restart: unless-stopped
    ports:
      - "3100:3000"
      - "4444:4444"
    environment:
      - DATABASE_URL=postgresql://rnotes:${DB_PASSWORD}@rnotes-db:5432/rnotes
      - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
      - NEXTAUTH_URL=https://rnotes.online
      - ENCRYPTID_SERVER_URL=https://auth.ridentity.online
      - NEXT_PUBLIC_ENCRYPTID_SERVER_URL=https://auth.ridentity.online
      - NEXT_PUBLIC_SYNC_URL=wss://rnotes.online/sync
      - SYNC_SERVER_PORT=4444
      - HOSTNAME=0.0.0.0
    depends_on:
      rnotes-db:
        condition: service_healthy
    networks:
      - traefik-public
      - rnotes-internal
    labels:
      - "traefik.enable=true"
      # Main app
      - "traefik.http.routers.rnotes.rule=Host(`rnotes.online`) || Host(`www.rnotes.online`) || HostRegexp(`{subdomain:[a-z0-9-]+}.rnotes.online`)"
      - "traefik.http.routers.rnotes.entrypoints=web"
      - "traefik.http.routers.rnotes.priority=130"
      - "traefik.http.routers.rnotes.service=rnotes"
      - "traefik.http.services.rnotes.loadbalancer.server.port=3000"
      # WebSocket sync
      - "traefik.http.routers.rnotes-sync.rule=(Host(`rnotes.online`) || HostRegexp(`{subdomain:[a-z0-9-]+}.rnotes.online`)) && PathPrefix(`/sync`)"
      - "traefik.http.routers.rnotes-sync.entrypoints=web"
      - "traefik.http.routers.rnotes-sync.priority=200"
      - "traefik.http.routers.rnotes-sync.service=rnotes-sync"
      - "traefik.http.services.rnotes-sync.loadbalancer.server.port=4444"
      - "traefik.http.middlewares.rnotes-sync-strip.stripprefix.prefixes=/sync"
      - "traefik.http.routers.rnotes-sync.middlewares=rnotes-sync-strip"
    security_opt:
      - no-new-privileges:true

  rnotes-db:
    image: postgres:16-alpine
    container_name: rnotes-db
    restart: unless-stopped
    environment:
      - POSTGRES_DB=rnotes
      - POSTGRES_USER=rnotes
      - POSTGRES_PASSWORD=${DB_PASSWORD}
    volumes:
      - rnotes-pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U rnotes"]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - rnotes-internal
    security_opt:
      - no-new-privileges:true

volumes:
  rnotes-pgdata:

networks:
  traefik-public:
    external: true
  rnotes-internal:
    driver: bridge