radicale/docker-compose.yaml

# Can be enhanced with an additional compose file
# See also https://docs.docker.com/compose/production/#modify-your-compose-file-for-production

services:
  radicale:
    image: tomsquest/docker-radicale
    container_name: radicale
    init: true
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    cap_add:
      - SETUID
      - SETGID
      - CHOWN
      - KILL
    deploy:
      resources:
        limits:
          memory: 256M
          pids: 50
    healthcheck:
      test: curl -f http://127.0.0.1:5232 || exit 1
      interval: 30s
      retries: 3
    restart: always
    volumes:
      - ./data:/data
      - ./config:/config:ro
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.radicale.rule=Host(`radicale.moeny.ai`)"
      - "traefik.http.routers.radicale.entrypoints=https"
      - "traefik.http.routers.radicale.tls.certresolver=le"
      - "traefik.http.services.radicale.loadbalancer.server.port=5232"

  traefik:
    image: traefik:v2.10
    container_name: traefik
    restart: always
    command:
      - --api.insecure=false
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=https
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.https.address=:443
      - --certificatesresolvers.le.acme.tlschallenge=true
      - --certificatesresolvers.le.acme.email=radicale@moeny.ai
      - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - traefik:/letsencrypt:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy

networks:
  proxy:
    driver: bridge

volumes:
  traefik: { driver: local }
Docker and config 2025-02-05 20:34:33 +00:00			`# Can be enhanced with an additional compose file`
			`# See also https://docs.docker.com/compose/production/#modify-your-compose-file-for-production`

			`services:`
			`radicale:`
			`image: tomsquest/docker-radicale`
			`container_name: radicale`
			`init: true`
			`read_only: true`
			`security_opt:`
			`- no-new-privileges:true`
			`cap_drop:`
			`- ALL`
			`cap_add:`
			`- SETUID`
			`- SETGID`
			`- CHOWN`
			`- KILL`
			`deploy:`
			`resources:`
			`limits:`
			`memory: 256M`
			`pids: 50`
			`healthcheck:`
			`test: curl -f http://127.0.0.1:5232 \|\| exit 1`
			`interval: 30s`
			`retries: 3`
			`restart: always`
			`volumes:`
			`- ./data:/data`
			`- ./config:/config:ro`
			`networks:`
			`- proxy`
			`labels:`
			`- "traefik.enable=true"`
			- "traefik.http.routers.radicale.rule=Host(`radicale.moeny.ai`)"
			`- "traefik.http.routers.radicale.entrypoints=https"`
			`- "traefik.http.routers.radicale.tls.certresolver=le"`
			`- "traefik.http.services.radicale.loadbalancer.server.port=5232"`

			`traefik:`
			`image: traefik:v2.10`
			`container_name: traefik`
			`restart: always`
			`command:`
			`- --api.insecure=false`
			`- --providers.docker=true`
			`- --providers.docker.exposedbydefault=false`
			`- --entrypoints.web.address=:80`
			`- --entrypoints.web.http.redirections.entryPoint.to=https`
			`- --entrypoints.web.http.redirections.entryPoint.scheme=https`
			`- --entrypoints.https.address=:443`
			`- --certificatesresolvers.le.acme.tlschallenge=true`
			`- --certificatesresolvers.le.acme.email=radicale@moeny.ai`
			`- --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json`
			`ports:`
			`- "80:80"`
			`- "443:443"`
			`volumes:`
			`- traefik:/letsencrypt:rw`
			`- /var/run/docker.sock:/var/run/docker.sock:ro`
			`networks:`
			`- proxy`

			`networks:`
			`proxy:`
			`driver: bridge`

			`volumes:`
			`traefik: { driver: local }`