services: rtube: build: context: .. dockerfile: rtube-online/Dockerfile container_name: rtube restart: unless-stopped environment: - INFISICAL_CLIENT_ID=${INFISICAL_CLIENT_ID} - INFISICAL_CLIENT_SECRET=${INFISICAL_CLIENT_SECRET} - INFISICAL_PROJECT_SLUG=rtube - INFISICAL_ENV=prod - INFISICAL_URL=http://infisical:8080 security_opt: - no-new-privileges:true cap_drop: - ALL read_only: true tmpfs: - /tmp labels: - "traefik.enable=true" - "traefik.http.routers.rtube.rule=Host(`rtube.online`) || Host(`www.rtube.online`)" - "traefik.http.routers.rtube.entrypoints=web,websecure" - "traefik.http.services.rtube.loadbalancer.server.port=3000" - "traefik.docker.network=traefik-public" networks: - traefik-public - rtube-internal nginx-rtmp: image: tiangolo/nginx-rtmp:latest container_name: rtube-rtmp restart: unless-stopped ports: - "1936:1935" volumes: - ./nginx-rtmp/nginx.conf:/etc/nginx/nginx.conf:ro - rtmp-recordings:/recordings - rtmp-hls:/hls security_opt: - no-new-privileges:true cap_drop: - ALL cap_add: - NET_BIND_SERVICE - CHOWN - DAC_OVERRIDE - SETGID - SETUID labels: - "traefik.enable=true" - "traefik.http.routers.rtube-hls.rule=Host(`rtube.online`) && PathPrefix(`/hls`)" - "traefik.http.routers.rtube-hls.entrypoints=web,websecure" - "traefik.http.services.rtube-hls.loadbalancer.server.port=8080" - "traefik.docker.network=traefik-public" networks: - traefik-public - rtube-internal depends_on: - archive-worker archive-worker: build: context: . dockerfile: nginx-rtmp/Dockerfile.archive container_name: rtube-archive restart: unless-stopped environment: - R2_BUCKET=${R2_BUCKET:-rtube-videos} volumes: - rtmp-recordings:/recordings - /root/.config/rclone:/root/.config/rclone:ro security_opt: - no-new-privileges:true cap_drop: - ALL networks: - rtube-internal volumes: rtmp-recordings: rtmp-hls: networks: traefik-public: external: true rtube-internal: driver: bridge