version: "3" networks: gitnet: volumes: gitea-data: pg-db: traefik-acme: services: gitea: image: gitea/gitea:latest container_name: gitea environment: - USER_UID=1000 - USER_GID=1000 - RUN_MODE= prod - GITEA__database__DB_TYPE=postgres - GITEA__database__HOST=db:5432 - GITEA__database__USER=${DB_USER} - GITEA__database__PASSWD=${DB_PASSWORD} - GITEA__database__NAME=${DB_NAME} - SSH_PORT=2222 - SSH_LISTEN_PORT=22 - ROOT_URL=https://${SITE_URL} restart: unless-stopped networks: - gitnet volumes: - gitea-data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro labels: - "traefik.enable=true" - "traefik.http.routers.gitea.rule=Host(`${SITE_URL}`)" - "traefik.http.routers.gitea.service=gitea" - "traefik.http.routers.gitea.tls.certresolver=letsencrypt" - "traefik.http.routers.gitea.entrypoints=websecure" - "traefik.http.services.gitea.loadbalancer.passhostheader=true" - "traefik.http.services.gitea.loadbalancer.server.port=3000" ports: - "3000:3000" - "2222:22" depends_on: - db db: image: postgres:13 container_name: db restart: unless-stopped environment: - POSTGRES_USER=${DB_USER} - POSTGRES_PASSWORD=${DB_PASSWORD} - POSTGRES_DB=${DB_NAME} networks: - gitnet volumes: - pg-db:/var/lib/postgresql/data traefik: image: traefik:2.5 container_name: traefik restart: unless-stopped security_opt: - no-new-privileges:true networks: - gitnet ports: - 80:80 - 443:443 volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - ./traefik/traefik.yml:/traefik.yml:ro - ./traefik/dynamic.yml:/dynamic.yml - ./traefik/.users:/.users - traefik-acme:/acme/ labels: - "traefik.enable=true" - "traefik.http.routers.traefik-secure.entrypoints=websecure" - "traefik.http.routers.traefik-secure.rule=Host(`traefik.${SITE_URL}`)" - "traefik.http.routers.traefik-secure.middlewares=user-auth@file" - "traefik.http.routers.traefik-secure.service=api@internal"