70 lines
1.8 KiB
YAML
70 lines
1.8 KiB
YAML
# Can be enhanced with an additional compose file
|
|
# See also https://docs.docker.com/compose/production/#modify-your-compose-file-for-production
|
|
|
|
services:
|
|
radicale:
|
|
image: tomsquest/docker-radicale
|
|
container_name: radicale
|
|
init: true
|
|
read_only: true
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- SETUID
|
|
- SETGID
|
|
- CHOWN
|
|
- KILL
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 256M
|
|
pids: 50
|
|
healthcheck:
|
|
test: curl -f http://127.0.0.1:5232 || exit 1
|
|
interval: 30s
|
|
retries: 3
|
|
restart: always
|
|
volumes:
|
|
- ./data:/data
|
|
- ./config:/config:ro
|
|
networks:
|
|
- proxy
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.radicale.rule=Host(`radicale.moeny.ai`)"
|
|
- "traefik.http.routers.radicale.entrypoints=https"
|
|
- "traefik.http.routers.radicale.tls.certresolver=le"
|
|
- "traefik.http.services.radicale.loadbalancer.server.port=5232"
|
|
|
|
traefik:
|
|
image: traefik:v2.10
|
|
container_name: traefik
|
|
restart: always
|
|
command:
|
|
- --api.insecure=false
|
|
- --providers.docker=true
|
|
- --providers.docker.exposedbydefault=false
|
|
- --entrypoints.web.address=:80
|
|
- --entrypoints.web.http.redirections.entryPoint.to=https
|
|
- --entrypoints.web.http.redirections.entryPoint.scheme=https
|
|
- --entrypoints.https.address=:443
|
|
- --certificatesresolvers.le.acme.tlschallenge=true
|
|
- --certificatesresolvers.le.acme.email=radicale@moeny.ai
|
|
- --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- traefik:/letsencrypt:rw
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
networks:
|
|
- proxy
|
|
|
|
networks:
|
|
proxy:
|
|
driver: bridge
|
|
|
|
volumes:
|
|
traefik: { driver: local } |