radicale/docker-compose.yaml
2025-02-05 15:34:33 -05:00

70 lines
1.8 KiB
YAML

# Can be enhanced with an additional compose file
# See also https://docs.docker.com/compose/production/#modify-your-compose-file-for-production
services:
radicale:
image: tomsquest/docker-radicale
container_name: radicale
init: true
read_only: true
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- SETUID
- SETGID
- CHOWN
- KILL
deploy:
resources:
limits:
memory: 256M
pids: 50
healthcheck:
test: curl -f http://127.0.0.1:5232 || exit 1
interval: 30s
retries: 3
restart: always
volumes:
- ./data:/data
- ./config:/config:ro
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.radicale.rule=Host(`radicale.moeny.ai`)"
- "traefik.http.routers.radicale.entrypoints=https"
- "traefik.http.routers.radicale.tls.certresolver=le"
- "traefik.http.services.radicale.loadbalancer.server.port=5232"
traefik:
image: traefik:v2.10
container_name: traefik
restart: always
command:
- --api.insecure=false
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entryPoint.to=https
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.https.address=:443
- --certificatesresolvers.le.acme.tlschallenge=true
- --certificatesresolvers.le.acme.email=radicale@moeny.ai
- --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
ports:
- "80:80"
- "443:443"
volumes:
- traefik:/letsencrypt:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- proxy
networks:
proxy:
driver: bridge
volumes:
traefik: { driver: local }