initial commit

docker-compose.yml

@@ -0,0 +1,100 @@
+---
+
+services:
+  nginx:
+    image: ghcr.io/nginx/nginx-unprivileged:${NGINX_TAG:?NGINX_TAG is not configured}
+    restart: unless-stopped
+    depends_on:
+      - bitpoll
+    read_only: true
+    volumes:
+      # - /etc/localtime:/etc/localtime:ro
+      # - /etc/timezone:/etc/timezone:ro
+      - ./data/config/nginx-templates:/etc/nginx/templates:ro
+      - static:/var/www
+    tmpfs:
+      - /etc/nginx/conf.d:uid=101,gid=101
+      - /tmp
+      - /var/cache/nginx
+    security_opt:
+      - no-new-privileges:true
+    cap_drop:
+      - ALL
+    networks:
+      - appnet
+      - dokploy-network
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=dokploy-network"
+
+      - "traefik.http.services.bitpoll-nginx.loadbalancer.server.port=8080" # set port the container listenes to
+      - "traefik.http.services.bitpoll-nginx.loadbalancer.server.scheme=http"
+
+      - "traefik.http.routers.bitpoll-nginx-web.rule=Host(`${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.bitpoll-nginx-web.service=bitpoll-nginx@docker"
+      - "traefik.http.routers.bitpoll-nginx-web.entrypoints=web"
+      - "traefik.http.routers.bitpoll-nginx-web.middlewares=redirect-to-https@file"
+
+      - "traefik.http.routers.bitpoll-nginx-websecure.rule=Host(`${PUBLIC_DOMAIN}`)" # change hostname!
+      - "traefik.http.routers.bitpoll-nginx-websecure.service=bitpoll-nginx@docker"
+      - "traefik.http.routers.bitpoll-nginx-websecure.entrypoints=websecure"
+      - "traefik.http.routers.bitpoll-nginx-websecure.tls=true"
+      - "traefik.http.routers.bitpoll-nginx-websecure.tls.options=modern@file"
+      - "traefik.http.routers.bitpoll-nginx-websecure.tls.certresolver=hetzner"
+      - "traefik.http.routers.bitpoll-nginx-websecure.tls.domains[0].main=${TLS_DOMAIN}"
+      - "traefik.http.routers.bitpoll-nginx-websecure.middlewares=secHeaders@file, hsts-header@file"
+
+  bitpoll:
+    image: ghcr.io/fsinfuhh/bitpoll:${BITPOLL_TAG:?BITPOLL_TAG is not configured}
+    build:
+      dockerfile: Dockerfile
+      context: ./src
+    restart: unless-stopped
+    depends_on:
+      postgresql:
+        condition: service_healthy
+    environment:
+      BITPOLL_SECRET_KEY: ${BITPOLL_SECRET_KEY?:BITPOLL_SECRET_KEY is required!}
+      BITPOLL_FIELD_ENCRYPTION_KEY: ${BITPOLL_FIELD_ENCRYPTION_KEY?:BITPOLL_FIELD_ENCRYPTION_KEY is required!}
+      BITPOLL_DB_PASSWORD: ${BITPOLL_DB_PASSWORD?:BITPOLL_DB_PASSWORD is required!}
+    networks:
+      - appnet
+    volumes:
+      # - /etc/localtime:/etc/localtime:ro
+      # - /etc/timezone:/etc/timezone:ro
+      - static:/opt/static
+      - ./data/config/bitpoll:/opt/config
+      - log:/opt/log
+
+  db:
+    image: postgres:${POSTGRES_TAG:?POSTGRES_TAG is not configured}
+    restart: unless-stopped
+    environment:
+      POSTGRES_USER: bitpoll
+      POSTGRES_DB: bitpoll
+      POSTGRES_PASSWORD: ${BITPOLL_DB_PASSWORD?:BITPOLL_DB_PASSWORD is required!}
+    healthcheck:
+      interval: 30s
+      retries: 5
+      start_period: 20s
+      test:
+      - CMD-SHELL
+      - pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}
+      timeout: 5s
+    networks:
+      - appnet
+    volumes:
+      - db:/var/lib/postgresql/data:rw
+
+volumes:
+  static:
+    driver: local
+  log:
+    driver: local
+  db:
+    driver: local
+
+networks:
+  appnet:
+  dokploy-network:
+    # external: true