gitea-docker/docker-compose.yml

version: "3"

networks:
  gitnet:

volumes:
  gitea-data:
  pg-db:
  traefik-acme:
  
    
services:
  gitea:
    image: gitea/gitea:latest
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - RUN_MODE= prod
      - GITEA__database__DB_TYPE=postgres
      - GITEA__database__HOST=db:5432
      - GITEA__database__USER=${DB_USER}
      - GITEA__database__PASSWD=${DB_PASSWORD}
      - GITEA__database__NAME=${DB_NAME}
      - SSH_PORT=2222
      - SSH_LISTEN_PORT=22
      - ROOT_URL=https://${SITE_URL}
    restart: unless-stopped
    networks:
      - gitnet
    volumes:
      - gitea-data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitea.rule=Host(`${SITE_URL}`)"
      - "traefik.http.routers.gitea.service=gitea"
      - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
      - "traefik.http.routers.gitea.entrypoints=websecure"
      - "traefik.http.services.gitea.loadbalancer.passhostheader=true"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
    ports:
      - "3000:3000"
      - "2222:22"
    depends_on:
      - db

  db:
    image: postgres:13
    container_name: db
    restart: unless-stopped
    environment:
      - POSTGRES_USER=${DB_USER}
      - POSTGRES_PASSWORD=${DB_PASSWORD}
      - POSTGRES_DB=${DB_NAME}
    networks:
      - gitnet
    volumes:
      - pg-db:/var/lib/postgresql/data

  traefik:
    image: traefik:2.5
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - gitnet
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik/traefik.yml:/traefik.yml:ro
      - ./traefik/dynamic.yml:/dynamic.yml
      - ./traefik/.users:/.users
      - traefik-acme:/acme/
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik-secure.entrypoints=websecure"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.${SITE_URL}`)"
      - "traefik.http.routers.traefik-secure.middlewares=user-auth@file"
      - "traefik.http.routers.traefik-secure.service=api@internal"