--- version: "3.8" services: db: image: postgres:9.6-alpine networks: &internalNetwork - internal_network healthcheck: test: ["CMD", "pg_isready", "-U", "postgres"] volumes: - postgres:/var/lib/postgresql/data environment: - POSTGRES_PASSWORD=${DB_PASS} - POSTGRES_USER=${DB_USER} - POSTGRES_DB=${DB_NAME} redis: image: redis:6.0-alpine networks: *internalNetwork healthcheck: test: ["CMD", "redis-cli", "ping"] volumes: - redis:/data # es: # restart: always # image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.10 # environment: # - "ES_JAVA_OPTS=-Xms512m -Xmx512m" # - "cluster.name=es-mastodon" # - "discovery.type=single-node" # - "bootstrap.memory_lock=true" # networks: # - internal_network # healthcheck: # test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"] # volumes: # - ./elasticsearch:/usr/share/elasticsearch/data # ulimits: # memlock: # soft: -1 # hard: -1 web: image: &image tootsuite/mastodon:v3.3.0 command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" networks: &bothNetworks - proxy - internal_network healthcheck: test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:3000/health || exit 1"] deploy: restart_policy: condition: on-failure labels: - "traefik.enable=true" - "traefik.docker.network=proxy" - "traefik.http.services.${STACK_NAME}_web.loadbalancer.server.port=3000" - "traefik.http.routers.${STACK_NAME}_web.rule=Host(`${DOMAIN}`)" - "traefik.http.routers.${STACK_NAME}_web.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}_web.tls.certresolver=${LETS_ENCRYPT_ENV}" ## Redirect from EXTRA_DOMAINS to DOMAIN #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" depends_on: - db - redis # - es volumes: &appVolume - app:/mastodon/public/system # secrets: &secrets # - secret_key_base # - otp_secret environment: &env - DB_HOST - DB_USER - DB_NAME - DB_PASS - DB_PORT - REDIS_HOST - REDIS_PORT - VAPID_PRIVATE_KEY - VAPID_PUBLIC_KEY - OTP_SECRET - SECRET_KEY_BASE - LOCAL_DOMAIN streaming: image: *image command: node ./streaming networks: *bothNetworks healthcheck: test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1"] deploy: restart_policy: condition: on-failure labels: - "traefik.enable=true" - "traefik.docker.network=proxy" - "traefik.http.services.${STACK_NAME}_streaming.loadbalancer.server.port=4000" - "traefik.http.routers.${STACK_NAME}_streaming.rule=(Host(`${DOMAIN}`) && PathPrefix(`/api/v1/streaming`))" - "traefik.http.routers.${STACK_NAME}_streaming.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}_streaming.tls.certresolver=${LETS_ENCRYPT_ENV}" ## Redirect from EXTRA_DOMAINS to DOMAIN #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" depends_on: - db - redis environment: *env volumes: *appVolume # used to make sure this volume is created sidekiq: image: *image command: bundle exec sidekiq deploy: restart_policy: condition: on-failure depends_on: - db - redis networks: *bothNetworks volumes: *appVolume environment: *env # secrets: # secret_key_base: # name: ${STACK_NAME}_secret_key_base_${SECRET_DB_PASSWORD_VERSION} # external: true # otp_secret: # name: ${STACK_NAME}_otp_secret_${SECRET_DB_ROOT_PASSWORD_VERSION} # external: true volumes: app: redis: postgres: networks: proxy: external: true internal_network: internal: true