dev-stack/docker-compose-tls.yaml

version: '3.2'

services:

  portainer:
    container_name: portainer
    image: portainer/portainer-ce
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer-data:/data
    restart: unless-stopped
    labels:
      - traefik.enable=true
      - traefik.http.routers.portainer.rule=Host(`${PORTAINER_VIRTUAL_HOST}`) || Host(`www.${PORTAINER_VIRTUAL_HOST}`)
      - traefik.http.services.portainer.loadbalancer.server.port=9000

  postgres:
    container_name: postgres
    image: postgres:16.3
    volumes:
      - postgres-data:/var/lib/postgresql/data
      - ./default/postgres:/docker-entrypoint-initdb.d
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB}
      PGDATA: /var/lib/postgresql/data/db-files/
      POSTGRES_MULTIPLE_DATABASES: ${WIKI_DB_NAME},${MATTERMOST_DB_NAME}
      POSTGRES_INITDB_ARGS: --encoding=UTF-8 --lc-collate=C --lc-ctype=C
      NETWORK_ACCESS: internal
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U '${POSTGRES_USER}' -d '${POSTGRES_DB}'"]
      interval: 5s
      timeout: 5s
      retries: 5

  pgadmin:
    container_name: pgadmin
    image: dpage/pgadmin4:8.8
    environment:
      PGADMIN_DEFAULT_EMAIL: ${PGADMIN_DEFAULT_EMAIL}
      PGADMIN_DEFAULT_PASSWORD: ${PGADMIN_DEFAULT_PASSWORD}
    labels:
      - traefik.enable=true
      - traefik.http.routers.pgadmin.rule=Host(`${PGADMIN_VIRTUAL_HOST}`) || Host(`www.${PGADMIN_VIRTUAL_HOST}`)
      - traefik.http.services.pgadmin.loadbalancer.server.port=80
    volumes:
       - pgadmin-data:/var/lib/pgadmin
        - ./default/pgadmin/servers.json:/pgadmin4/servers.json # preconfigured servers/connections
    restart: unless-stopped

  wiki:
    container_name: wiki
    image: requarks/wiki:2.5
    environment:
      DB_TYPE: postgres
      DB_HOST: postgres
      DB_PORT: 5432
      DB_USER: ${POSTGRES_USER}
      DB_PASS: ${POSTGRES_PASSWORD}
      DB_NAME: ${WIKI_DB_NAME}
    labels:
      - traefik.enable=true
      - traefik.http.routers.wiki.rule=Host(`${WIKI_VIRTUAL_HOST}`) || Host(`www.${WIKI_VIRTUAL_HOST}`)
      - traefik.http.services.wiki.loadbalancer.server.port=3000
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy

  artifactshub:
    container_name: artifactshub
    image: sonatype/nexus3
    restart: unless-stopped
    volumes:
      - nexus-data:/nexus-data
    labels:
      - traefik.enable=true
      - traefik.http.routers.artifactshub.rule=Host(`${ARTIFACTSHUB_VIRTUAL_HOST}`) || Host(`www.${ARTIFACTSHUB_VIRTUAL_HOST}`)
      - traefik.http.services.artifactshub.loadbalancer.server.port=8081

  jenkins:
    container_name: jenkins
    image: jenkins/jenkins:lts-jdk17
    restart: unless-stopped
    volumes:
      - jenkins-docker-certs:/certs/client
      - jenkins-data:/var/jenkins_home
    labels:
      - traefik.enable=true
      - traefik.http.routers.jenkins.rule=Host(`${JENKINS_VIRTUAL_HOST}`) || Host(`www.${JENKINS_VIRTUAL_HOST}`)
      - traefik.http.routers.jenkins.service=jenkins-service
      - traefik.http.services.jenkins-service.loadbalancer.server.port=8080
      - traefik.tcp.routers.jenkins-agent.rule=HostSNI(`*`)
      - traefik.tcp.routers.jenkins-agent.entryPoints=jenkins-agents
      - traefik.tcp.routers.jenkins-agent.service=jenkins-agent-service
      - traefik.tcp.services.jenkins-agent-service.loadbalancer.server.port=50000

  mattermost:
    container_name: mattermost
    depends_on:
      postgres:
        condition: service_healthy
    image: mattermost/mattermost-team-edition:release-8.1
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    pids_limit: 200
    read_only: false
    tmpfs:
      - /tmp
    volumes:
      - mattermost-config:/mattermost/config:rw
      - mattermost-data:/mattermost/data:rw
      - mattermost-logs:/mattermost/logs:rw
      - mattermost-plugins:/mattermost/plugins:rw
      - mattermost-client-plugins:/mattermost/client/plugins:rw
      - mattermost-bleve-indexes:/mattermost/bleve-indexes:rw
    environment:
      TZ: ${MATTERMOST_TIMEZONE}
      MM_SQLSETTINGS_DRIVERNAME: ${MATTERMOST_DB_TYPE}
      MM_SQLSETTINGS_DATASOURCE: postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${MATTERMOST_DB_NAME}?sslmode=disable&connect_timeout=10
      MM_BLEVESETTINGS_INDEXDIR: /mattermost/bleve-indexes
      DOMAIN: ${MATTERMOST_HOSTNAME}
      MM_SERVICESETTINGS_SITEURL: ${MATTERMOST_URL}
      MM_SERVICESETTINGS_FORWARD80TO443: 'false'
      MATTERMOST_CONTAINER_READONLY: 'false'
    labels:
      - traefik.enable=true
      - traefik.http.routers.mattermost.rule=Host(`${MATTERMOST_VIRTUAL_HOST}`) || Host(`${MATTERMOST_EXTERNAL_HOST}`)
      - traefik.http.routers.mattermost.tls=true
      - traefik.http.routers.mattermost.tls.certresolver=mymattermost
      - traefik.http.routers.mattermost.tls.domains[0].main=${MATTERMOST_EXTERNAL_HOST}
      - traefik.http.routers.mattermost.tls.domains[0].sans=${MATTERMOST_VIRTUAL_HOST}
      - traefik.http.services.mattermost.loadbalancer.server.port=8065

  reverse-proxy:
    container_name: reverse-proxy
    # The official v3 Traefik docker image
    image: traefik:v3.0
    command:
      - "--accesslog=true"
      - "--accesslog.filePath=/var/log/traefik/access.log"
      - "--log=true"
      - "--log.filePath=/var/log/traefik/traefik.log"
      - "--log.level=info"
      - "--api.insecure=true"
      - "--providers.docker"
      # spcificare i due entrypoints per la porta 80 e per la 443 (con ssl)
      - "--entryPoints.web.address=:80"
      - "--entryPoints.websecure.address=:443"
      - "--entryPoints.jenkins-agents.address=:50000"
      - "--certificatesresolvers.mymattermost.acme.tlschallenge=true"
      #- "--certificatesresolvers.mymattermost.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.mymattermost.acme.email=progettoemed@gmail.com"
      - "--certificatesresolvers.mymattermost.acme.storage=/etc/letsencrypt/acme.json"
    restart: unless-stopped
    ports:
      # The HTTP port
      - "80:80"
      # The HTTPS port
      - "443:443"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
      # The jenkins agents port
      - "50000:50000"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
      # posizione standard dei file letsencrypt
      - /etc/letsencrypt:/etc/letsencrypt
      # posizione log traefik (default to console)
      - /var/log/traefik:/var/log/traefik
      # posizione file di configurazione per il log
      #- ./traefik.yml:/etc/traefik/traefik.yml
networks:
  dev_network:

volumes:
  portainer-data:
  postgres-data:
  pgadmin-data:
  nexus-data:
  jenkins-docker-certs:
  jenkins-data:
  synapse-matrix-data:
  mattermost-config:
  mattermost-data:
  mattermost-logs:
  mattermost-plugins:
  mattermost-client-plugins:
  mattermost-bleve-indexes: