A painless self-hosted Git service
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

98 lines
2.3 KiB

  1. ---
  2. version: "3.8"
  3. services:
  4. gitea:
  5. image: "gitea/gitea:1.12.4"
  6. configs:
  7. - source: app_ini
  8. target: /data/gitea/conf/app.ini
  9. secrets:
  10. - db_passwd
  11. - internal_token
  12. - jwt_secret
  13. - secret_key
  14. environment:
  15. - GITEA_APP_NAME=${APP_NAME}
  16. - GITEA_DB_HOST=${DB_HOST}
  17. - GITEA_DB_NAME=${DB_NAME}
  18. - GITEA_DB_TYPE=${DB_TYPE}
  19. - GITEA_DB_USER=${DB_USER}
  20. - GITEA_DOMAIN=${DOMAIN}
  21. - GITEA_SSH_PORT=${SSH_HOST_PORT}
  22. volumes:
  23. - "git:/data"
  24. networks:
  25. - proxy
  26. - internal
  27. healthcheck:
  28. test: ["CMD", "curl", "-f", "http://localhost:3000"]
  29. interval: 15s
  30. timeout: 10s
  31. retries: 10
  32. start_period: 15s
  33. deploy:
  34. update_config:
  35. failure_action: rollback
  36. order: start-first
  37. labels:
  38. - "traefik.enable=true"
  39. - "traefik.http.routers.gitea.rule=Host(`${DOMAIN}`)"
  40. - "traefik.http.routers.gitea.entrypoints=web-secure"
  41. - "traefik.http.services.gitea.loadbalancer.server.port=3000"
  42. - "traefik.http.routers.gitea.tls.certresolver=${LETS_ENCRYPT_ENV:production}"
  43. - "traefik.tcp.routers.gitea-ssh.rule=HostSNI(`*`)"
  44. - "traefik.tcp.routers.gitea-ssh.entrypoints=gitea-ssh"
  45. - "traefik.tcp.services.gitea-ssh.loadbalancer.server.port=${SSH_HOST_PORT}"
  46. mariadb:
  47. image: "mariadb:10.5"
  48. command: |
  49. mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
  50. environment:
  51. - MYSQL_DATABASE=gitea
  52. - MYSQL_USER=gitea
  53. - MYSQL_PASSWORD_FILE=/run/secrets/db_passwd
  54. - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_passwd
  55. secrets:
  56. - db_passwd
  57. - db_root_passwd
  58. volumes:
  59. - "mariadb:/var/lib/mysql"
  60. networks:
  61. - internal
  62. networks:
  63. internal:
  64. proxy:
  65. external: true
  66. configs:
  67. app_ini:
  68. name: ${APP_INI_VERSION}
  69. file: app.ini.tmpl
  70. template_driver: golang
  71. secrets:
  72. db_passwd:
  73. name: ${DB_PASSWD_VERSION}
  74. external: true
  75. db_root_passwd:
  76. name: ${DB_ROOT_PASSWD_VERSION}
  77. external: true
  78. internal_token:
  79. name: ${INTERNAL_TOKEN_VERSION}
  80. external: true
  81. jwt_secret:
  82. name: ${JWT_SECRET_VERSION}
  83. external: true
  84. secret_key:
  85. name: ${SECRET_KEY_VERSION}
  86. external: true
  87. volumes:
  88. git:
  89. mariadb: