version: "3.7" services: reverse-proxy: container_name: reverse-proxy image: traefik:v2.8 restart: always ports: - ${NGINX_PORT-80}:80 - ${NGINX_PORT_SSL-443}:443 command: --providers.docker volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ${PWD}/traefik:/root/.config - ${PWD}/traefik/shared:/shared networks: - tipi_main_network tipi-db: container_name: tipi-db image: postgres:latest restart: on-failure stop_grace_period: 1m volumes: - ${PWD}/data/postgres:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} POSTGRES_USER: tipi POSTGRES_DB: tipi healthcheck: test: ["CMD-SHELL", "pg_isready -d tipi -U tipi"] interval: 5s timeout: 10s retries: 120 networks: - tipi_main_network api: image: meienberger/runtipi:${TIPI_VERSION} command: /bin/sh -c "cd /api && npm run start" restart: unless-stopped container_name: api depends_on: tipi-db: condition: service_healthy volumes: - ${PWD}/repos:/runtipi/repos:ro - ${PWD}/apps:/runtipi/apps - ${PWD}/state:/runtipi/state - ${PWD}/logs:/app/logs - ${STORAGE_PATH}:/app/storage environment: INTERNAL_IP: ${INTERNAL_IP} TIPI_VERSION: ${TIPI_VERSION} JWT_SECRET: ${JWT_SECRET} NGINX_PORT: ${NGINX_PORT} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} POSTGRES_USERNAME: tipi POSTGRES_DBNAME: tipi POSTGRES_HOST: tipi-db NODE_ENV: production APPS_REPO_ID: ${APPS_REPO_ID} APPS_REPO_URL: ${APPS_REPO_URL} DOMAIN: ${DOMAIN} networks: - tipi_main_network labels: traefik.enable: true # Web traefik.http.routers.api.rule: PathPrefix(`/api`) traefik.http.routers.api.service: api traefik.http.routers.api.entrypoints: web traefik.http.routers.api.middlewares: api-stripprefix traefik.http.services.api.loadbalancer.server.port: 3001 # Websecure traefik.http.routers.api-secure.rule: (Host(`${DOMAIN}`) && PathPrefix(`/api`)) traefik.http.routers.api-secure.entrypoints: websecure traefik.http.routers.api-secure.service: api-secure traefik.http.routers.api-secure.tls.certresolver: myresolver traefik.http.routers.api-secure.middlewares: api-stripprefix traefik.http.services.api-secure.loadbalancer.server.port: 3001 # Middlewares traefik.http.middlewares.api-stripprefix.stripprefix.prefixes: /api dashboard: image: meienberger/runtipi:${TIPI_VERSION} command: /bin/sh -c "cd /dashboard && npm run start" restart: unless-stopped container_name: dashboard networks: - tipi_main_network depends_on: api: condition: service_started environment: INTERNAL_IP: ${INTERNAL_IP} NODE_ENV: production DOMAIN: ${DOMAIN} NGINX_PORT: ${NGINX_PORT-80} labels: traefik.enable: true traefik.http.routers.dashboard-redirect.rule: PathPrefix("/") traefik.http.routers.dashboard-redirect.entrypoints: web traefik.http.routers.dashboard-redirect.middlewares: redirect-middleware traefik.http.routers.dashboard-redirect.service: dashboard traefik.http.services.dashboard-redirect.loadbalancer.server.port: 3000 traefik.http.routers.dashboard-redirect-secure.rule: Host(`${DOMAIN}`) && PathPrefix(`/`) traefik.http.routers.dashboard-redirect-secure.entrypoints: websecure traefik.http.routers.dashboard-redirect-secure.middlewares: redirect-middleware traefik.http.routers.dashboard-redirect-secure.service: dashboard traefik.http.routers.dashboard-redirect-secure.tls.certresolver: myresolver traefik.http.services.dashboard-redirect-secure.loadbalancer.server.port: 3000 # Web traefik.http.routers.dashboard.rule: PathPrefix("/dashboard") traefik.http.routers.dashboard.service: dashboard traefik.http.routers.dashboard.entrypoints: web traefik.http.services.dashboard.loadbalancer.server.port: 3000 # Websecure traefik.http.routers.dashboard-secure.rule: Host(`${DOMAIN}`) && PathPrefix(`/dashboard`) traefik.http.routers.dashboard-secure.service: dashboard-secure traefik.http.routers.dashboard-secure.entrypoints: websecure traefik.http.routers.dashboard-secure.tls.certresolver: myresolver traefik.http.services.dashboard-secure.loadbalancer.server.port: 3000 # Middlewares traefik.http.middlewares.redirect-middleware.redirectregex.regex: .* traefik.http.middlewares.redirect-middleware.redirectregex.replacement: /dashboard networks: tipi_main_network: driver: bridge driver_opts: com.docker.network.bridge.enable_ip_masquerade: "true" com.docker.network.bridge.enable_icc: "true" ipam: driver: default config: - subnet: 10.21.21.0/24