version: '3' # See https://docs.docker.com/compose/overview/ for more information. # If you make changes to this file or any related files, apply them by # navigating to the directory that holds this file and run this as root: # docker-compose down; docker-compose up -d networks: frontend: backend: volumes: vol-db: services: traefik: # https://hub.docker.com/_/traefik/ image: traefik:alpine command: # This enables the Traefik dashboard. # Make sure you put this behind at least basic auth #- --web - --entryPoints=Name:http Address::80 Redirect.EntryPoint:https - --entryPoints=Name:https Address::443 TLS - --defaultEntryPoints=http,https - --docker - --docker.endpoint=unix:///var/run/docker.sock - --docker.domain=domain.localhost - --docker.watch=true - --acme - --acme.storage=/etc/traefik/acme/acme.json - --acme.email=${ACME_EMAIL} - --acme.OnHostRule=true - --acme.entryPoint=https - --acme.httpChallenge.entrypoint=http restart: unless-stopped networks: - backend - frontend volumes: - /var/run/docker.sock:/var/run/docker.sock # - ./config/traefik.toml:/traefik.toml - ./config/acme:/etc/traefik/acme ports: # Map port 80 and 443 on the host to this container. - "80:80" - "443:443" labels: - "traefik.enable=true" - "traefik.docker.network=frontend" - "traefik.frontend.rule=Host:${DOMAINS_TRAEFIK}" - "traefik.port=8080" - "traefik.protocol=http" # Enable the next line to enable a basic auth login prompt for the dashboard. #- "traefik.frontend.auth.basic=${BASIC_AUTH}" watchtower: # https://hub.docker.com/r/centurylink/watchtower/ image: v2tec/watchtower:latest # https://github.com/v2tec/watchtower#options # This schedule applies updates (if available) at midnight. command: --cleanup --schedule "0 0 0 * * *" restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock db: # https://hub.docker.com/_/mariadb/ image: mariadb:10.3 command: --max_allowed_packet=256M restart: unless-stopped networks: - backend volumes: # Ensure the database persists between restarts. - vol-db:/var/lib/mysql environment: MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD} MYSQL_DATABASE: ${DB_NAME} MYSQL_USER: ${DB_USER} MYSQL_PASSWORD: ${DB_PASSWORD} ghost: # https://hub.docker.com/_/ghost/ image: ghost:2-alpine restart: unless-stopped links: - db networks: - backend - frontend volumes: - ./content:/var/lib/ghost/content labels: - "traefik.docker.network=frontend" - "traefik.enable=true" - "traefik.frontend.rule=Host:${DOMAINS_BLOG}" - "traefik.port=2368" - "traefik.protocol=http" environment: url: ${BLOG_URL} database__client: mysql database__connection__host: db database__connection__database: ${DB_NAME} database__connection__user: ${DB_USER} database__connection__password: ${DB_PASSWORD} mail__transport: SMTP mail__from: "Server <${ACME_EMAIL}>" mail__options__service: SMTP mail__options__host: mail mail__options__port: 25 # Uncomment the next line to enable HSTS header. #- "traefik.frontend.headers.STSSeconds=15768000" matomo: image: matomo:3 restart: unless-stopped links: - db networks: - backend - frontend volumes: - ./config/matomo:/var/www/html/config:rw - ./config/php.ini:/usr/local/etc/php/php.ini labels: - "traefik.enable=true" - "traefik.docker.network=frontend" - "traefik.frontend.rule=Host:${DOMAINS_MATOMO}" - "traefik.port=80" # Uncomment the next line to enable HSTS header. #- "traefik.frontend.headers.STSSeconds=15768000" # This allows Matomo and Ghost to send email straight out of the box. # It makes an SMTP host available at the hostname "mail". mail: # https://hub.docker.com/r/bytemark/smtp image: bytemark/smtp restart: unless-stopped networks: - frontend