--- version: "3.8" services: app: image: discourse/discourse:3.5.3 networks: - proxy - internal # official image CMD is /sbin/boot; wrapper injects the DB password secret first entrypoint: /usr/local/bin/cc-app-entrypoint.sh environment: - DISCOURSE_HOSTNAME=${DOMAIN} - DISCOURSE_DEVELOPER_EMAILS=${DISCOURSE_DEVELOPER_EMAILS} - DISCOURSE_DB_HOST=${STACK_NAME}_db - DISCOURSE_DB_PORT=5432 - DISCOURSE_DB_NAME=discourse - DISCOURSE_DB_USERNAME=discourse - DISCOURSE_REDIS_HOST=${STACK_NAME}_redis - DISCOURSE_REDIS_PORT=6379 - DISCOURSE_SMTP_ADDRESS - DISCOURSE_SMTP_PORT - DISCOURSE_SMTP_USER_NAME - DISCOURSE_SMTP_PASSWORD - DISCOURSE_SMTP_AUTHENTICATION - DISCOURSE_SMTP_ENABLE_START_TLS - DISCOURSE_NOTIFICATION_EMAIL volumes: - 'discourse_shared:/shared' # transition only: legacy bitnami volume, read-only, for one-time upload migration - 'discourse_data:/legacy:ro' secrets: - db_password configs: - source: app_entrypoint target: /usr/local/bin/cc-app-entrypoint.sh mode: 0555 - source: app_install_ssl target: /etc/runit/1.d/install-ssl mode: 0555 - source: app_migrate_uploads target: /etc/runit/1.d/02-migrate-bitnami-uploads mode: 0555 depends_on: - db - redis deploy: update_config: failure_action: rollback order: stop-first labels: - "traefik.enable=true" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "coop-cloud.${STACK_NAME}.version=1.0.0+3.5.3" healthcheck: test: "curl -fsS http://localhost/srv/status || exit 1" interval: 30s timeout: 10s retries: 6 start_period: 25m db: image: pgvector/pgvector:pg17 networks: - internal secrets: - db_password volumes: - 'postgresql_data:/var/lib/postgresql/data' configs: - source: db_entrypoint target: /docker-entrypoint.sh mode: 0555 - source: pg_backup target: /pg_backup.sh mode: 0555 entrypoint: /docker-entrypoint.sh environment: - POSTGRES_HOST_AUTH_METHOD=trust - POSTGRES_USER=discourse - POSTGRES_DB=discourse - POSTGRES_PASSWORD_FILE=/run/secrets/db_password healthcheck: test: "pg_isready -U discourse -d discourse" interval: 30s timeout: 10s retries: 5 # generous: a postgres major-version upgrade (apt install + pg_upgrade) runs # in the entrypoint before the server accepts connections — don't let the # healthcheck kill an in-progress migration start_period: 10m deploy: labels: backupbot.backup: "true" backupbot.backup.pre-hook: "/pg_backup.sh backup" backupbot.backup.volumes.postgresql_data.path: "backup.sql" backupbot.restore.post-hook: "/pg_backup.sh restore" redis: image: redis:7.4-alpine networks: - internal volumes: - 'redis_data:/data' healthcheck: test: "redis-cli ping | grep -q PONG" interval: 30s timeout: 5s retries: 5 start_period: 30s secrets: db_password: external: true name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} volumes: postgresql_data: redis_data: discourse_shared: discourse_data: networks: proxy: external: true internal: configs: app_entrypoint: name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION} file: cc-app-entrypoint.sh app_install_ssl: name: ${STACK_NAME}_app_install_ssl_${APP_INSTALL_SSL_VERSION} file: app-install-ssl.sh app_migrate_uploads: name: ${STACK_NAME}_app_migrate_uploads_${APP_MIGRATE_UPLOADS_VERSION} file: migrate-uploads.sh db_entrypoint: name: ${STACK_NAME}_db_entrypoint_${DB_ENTRYPOINT_VERSION} file: entrypoint.postgres.sh.tmpl template_driver: golang pg_backup: name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION} file: pg_backup.sh