generated from sambuc/tpl.docker-compose
76 lines
2.3 KiB
YAML
76 lines
2.3 KiB
YAML
version: "3.8"
|
|
|
|
networks:
|
|
gitea:
|
|
internal: true
|
|
proxy_home:
|
|
external: true
|
|
|
|
services:
|
|
db:
|
|
image: postgres:13.2-alpine
|
|
restart: always
|
|
environment:
|
|
- POSTGRES_PORT=${POSTGRES_PORT}
|
|
- POSTGRES_DB=${POSTGRES_DB}
|
|
- POSTGRES_USER=${POSTGRES_USER}
|
|
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
|
networks:
|
|
- gitea
|
|
volumes:
|
|
- ./postgres:/var/lib/postgresql/data
|
|
|
|
gitea:
|
|
image: gitea/gitea:1
|
|
restart: always
|
|
env_file:
|
|
- gitea.env
|
|
environment:
|
|
# Specify here and through docker parameters which are shared between
|
|
# Gitea and Traefik
|
|
- DOMAIN=${FQDN}
|
|
- SSH_DOMAIN=${FQDN}
|
|
- SSH_LISTEN_PORT=${SSH_LISTEN_PORT}
|
|
- GITEA__database__TYPE=postgres
|
|
- GITEA__database__HOST=db:${POSTGRES_PORT}
|
|
- GITEA__database__NAME=${POSTGRES_DB}
|
|
- GITEA__database__USER=${POSTGRES_USER}
|
|
- GITEA__database__PASSWD=${POSTGRES_PASSWORD}
|
|
networks:
|
|
- gitea
|
|
- proxy_home
|
|
# To enable GitHub mirroring
|
|
- default
|
|
volumes:
|
|
- ./gitea:/data
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
depends_on:
|
|
- db
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=proxy_home"
|
|
|
|
- "traefik.tcp.services.ssh-git.loadbalancer.server.port=${SSH_LISTEN_PORT}"
|
|
|
|
- "traefik.http.services.git.loadbalancer.server.scheme=http"
|
|
- "traefik.http.services.git.loadbalancer.server.port=3000"
|
|
|
|
# MIDDLEWARES
|
|
- "traefik.http.middlewares.git-headers.headers.customframeoptionsvalue=SAMEORIGIN"
|
|
# Priority goes from first in the list to last.
|
|
- "traefik.http.middlewares.git.chain.middlewares=git-headers,headers-base@file,headers-sts@file,headers-policy-domain@file"
|
|
|
|
# SSH access
|
|
- "traefik.tcp.routers.ssh-git.service=ssh-git"
|
|
- "traefik.tcp.routers.ssh-git.entrypoints=ssh-git"
|
|
- "traefik.tcp.routers.ssh-git.rule=HostSNI(`*`)"
|
|
|
|
# Web UI
|
|
- "traefik.http.routers.git.service=git"
|
|
- "traefik.http.routers.git.entrypoints=web-secure"
|
|
- "traefik.http.routers.git.rule=Host(`${FQDN}`)"
|
|
- "traefik.http.routers.git.tls=true"
|
|
- "traefik.http.routers.git.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.git.middlewares=git"
|