108 lines
3.8 KiB
YAML
108 lines
3.8 KiB
YAML
services:
|
|
web:
|
|
container_name: caddy-proxy-manager-web
|
|
image: ghcr.io/fuomag9/caddy-proxy-manager-web:latest
|
|
build:
|
|
context: .
|
|
dockerfile: docker/web/Dockerfile
|
|
args:
|
|
# User and group IDs for rootless operation
|
|
# Set these to match your host user to avoid permission issues
|
|
# Find your UID/GID with: id -u / id -g
|
|
PUID: ${PUID:-10001}
|
|
PGID: ${PGID:-10001}
|
|
restart: unless-stopped
|
|
ports:
|
|
- "3000:3000"
|
|
environment:
|
|
# Node environment
|
|
NODE_ENV: production
|
|
|
|
# REQUIRED: Session secret for encrypting cookies and sessions
|
|
# Generate with: openssl rand -base64 32
|
|
# SECURITY: You MUST set this to a unique value in production!
|
|
SESSION_SECRET: ${SESSION_SECRET:?ERROR - SESSION_SECRET is required}
|
|
|
|
# Caddy API endpoint (internal communication)
|
|
CADDY_API_URL: ${CADDY_API_URL:-http://caddy:2019}
|
|
|
|
# Public base URL for the application
|
|
BASE_URL: ${BASE_URL:-http://localhost:3000}
|
|
|
|
# Database configuration
|
|
DATABASE_PATH: /app/data/caddy-proxy-manager.db
|
|
DATABASE_URL: file:/app/data/caddy-proxy-manager.db
|
|
|
|
# NextAuth configuration
|
|
NEXTAUTH_URL: ${BASE_URL:-http://localhost:3000}
|
|
|
|
# REQUIRED: Admin credentials for login
|
|
# SECURITY: You MUST set these to secure values in production!
|
|
# Password must be 12+ chars with uppercase, lowercase, numbers, and special chars
|
|
ADMIN_USERNAME: ${ADMIN_USERNAME:?ERROR - ADMIN_USERNAME is required}
|
|
ADMIN_PASSWORD: ${ADMIN_PASSWORD:?ERROR - ADMIN_PASSWORD is required}
|
|
|
|
# OAuth2/OIDC Authentication (Optional - works with Authentik, Authelia, Keycloak, etc.)
|
|
OAUTH_ENABLED: ${OAUTH_ENABLED:-false}
|
|
OAUTH_PROVIDER_NAME: ${OAUTH_PROVIDER_NAME:-OAuth2}
|
|
OAUTH_CLIENT_ID: ${OAUTH_CLIENT_ID:-}
|
|
OAUTH_CLIENT_SECRET: ${OAUTH_CLIENT_SECRET:-}
|
|
OAUTH_ISSUER: ${OAUTH_ISSUER:-}
|
|
OAUTH_AUTHORIZATION_URL: ${OAUTH_AUTHORIZATION_URL:-}
|
|
OAUTH_TOKEN_URL: ${OAUTH_TOKEN_URL:-}
|
|
OAUTH_USERINFO_URL: ${OAUTH_USERINFO_URL:-}
|
|
OAUTH_ALLOW_AUTO_LINKING: ${OAUTH_ALLOW_AUTO_LINKING:-false}
|
|
volumes:
|
|
- ./data:/app/data
|
|
depends_on:
|
|
caddy:
|
|
condition: service_healthy
|
|
networks:
|
|
- caddy-network
|
|
healthcheck:
|
|
test: ["CMD", "node", "-e", "require('http').get('http://localhost:3000/api/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 40s
|
|
|
|
caddy:
|
|
container_name: caddy-proxy-manager-caddy
|
|
image: ghcr.io/fuomag9/caddy-proxy-manager-caddy:latest
|
|
build:
|
|
context: .
|
|
dockerfile: docker/caddy/Dockerfile
|
|
args:
|
|
# User and group IDs for rootless operation
|
|
# Set these to match your host user to avoid permission issues
|
|
# Find your UID/GID with: id -u / id -g
|
|
PUID: ${PUID:-10000}
|
|
PGID: ${PGID:-10000}
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
# Admin API (port 2019) is only exposed on internal network for security
|
|
# Web UI accesses via http://caddy:2019 internally
|
|
# Uncomment the line below to expose metrics externally for Grafana/Prometheus
|
|
# - "9090:9090" # Metrics available at http://localhost:9090/metrics (configure in Settings first)
|
|
environment:
|
|
# Primary domain for Caddy configuration
|
|
PRIMARY_DOMAIN: ${PRIMARY_DOMAIN:-caddyproxymanager.com}
|
|
volumes:
|
|
- ./caddy-data:/data
|
|
- ./caddy-config:/config
|
|
- ./caddy-logs:/logs
|
|
networks:
|
|
- caddy-network
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--quiet", "--tries=1", "-O", "/dev/null", "http://localhost:2019/config/"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 10s
|
|
|
|
networks:
|
|
caddy-network:
|
|
driver: bridge
|