forked from coop-cloud/firefly-iii
Initial commit
This commit is contained in:
commit
931c86b56a
|
@ -0,0 +1,29 @@
|
|||
TYPE=firefly-iii
|
||||
DOMAIN=example.com
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
APP_NAME=FireflyIII
|
||||
SITE_OWNER=mail@example.com
|
||||
TZ=Europe/Amsterdam
|
||||
DEFAULT_LANGUAGE=en_US
|
||||
DEFAULT_LOCALE=equal
|
||||
APP_DEBUG=false
|
||||
# You can disable the Content Security Policy header when you're using an ancient browser
|
||||
# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really)
|
||||
# This leaves you with the risk of not being able to stop XSS bugs should they ever surface.
|
||||
# This is at your own risk.
|
||||
DISABLE_CSP_HEADER=false
|
||||
# Webhooks are ecurity sensitive!
|
||||
ALLOW_WEBHOOKS=false
|
||||
# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy.
|
||||
# Set it to ** and reverse proxies work just fine.
|
||||
TRUSTED_PROXIES=
|
||||
|
||||
SECRET_APP_KEY_VERSION=v1 # length=32
|
||||
SECRET_STATIC_CRON_TOKEN_VERSION=v1 # length=32
|
||||
SECRET_DB_PASSWORD_VERSION=v1 # length=32
|
||||
|
||||
# TODO: Implement redis/memcached (see: https://github.com/firefly-iii/firefly-iii/blob/10545f3e1baf5c53097392887f38469ffb75cab5/.env.example#L91)
|
||||
# TODO: Implement mail (see: https://github.com/firefly-iii/firefly-iii/blob/10545f3e1baf5c53097392887f38469ffb75cab5/.env.example#L123)
|
||||
# TODO: Implement map (https://github.com/firefly-iii/firefly-iii/blob/10545f3e1baf5c53097392887f38469ffb75cab5/.env.example#L159)
|
||||
# TODO: Implement ldap and remote user guard (you know where to look)
|
|
@ -0,0 +1,129 @@
|
|||
version: '3.8'
|
||||
|
||||
services:
|
||||
app:
|
||||
image: fireflyiii/core:version-5.5.13
|
||||
volumes:
|
||||
- firefly_iii_upload:/var/www/html/storage/upload
|
||||
secrets:
|
||||
- db_password
|
||||
- cron_token
|
||||
- app_key
|
||||
environment:
|
||||
- APP_NAME
|
||||
- SITE_OWNER
|
||||
- TZ
|
||||
- DEFAULT_LANGUAGE
|
||||
- DEFAULT_LOCALE
|
||||
- APP_DEBUG
|
||||
- DISABLE_CSP_HEADER
|
||||
- ALLOW_WEBHOOKS
|
||||
- TRUSTED_PROXIES
|
||||
- APP_KEY_FILE=/run/secrets/app_key
|
||||
- STATIC_CRON_TOKEN_FILE=
|
||||
- LOG_CHANNEL=stack
|
||||
- APP_LOG_LEVEL=notice
|
||||
- AUDIT_LOG_LEVEL=info
|
||||
- DB_CONNECTION=pgsql
|
||||
- DB_HOST=db
|
||||
- DB_PORT=5432
|
||||
- DB_DATABASE=firefly
|
||||
- DB_USERNAME=firefly
|
||||
- DB_PASSWORD_FILE=/run/secrets/db_password
|
||||
- PGSQL_SSL_MODE=prefer
|
||||
- PGSQL_SSL_ROOT_CERT=null
|
||||
- PGSQL_SSL_CERT=null
|
||||
- PGSQL_SSL_KEY=null
|
||||
- PGSQL_SSL_CRL_FILE=null
|
||||
- CACHE_DRIVER=file
|
||||
- SESSION_DRIVER=file
|
||||
- COOKIE_PATH="/"
|
||||
- COOKIE_DOMAIN=
|
||||
- COOKIE_SECURE=false
|
||||
- COOKIE_SAMESITE=lax
|
||||
- SEND_REGISTRATION_MAIL=false
|
||||
- SEND_ERROR_MESSAGE=false
|
||||
- SEND_LOGIN_NEW_IP_WARNING=false
|
||||
- SEND_REPORT_JOURNALS=false
|
||||
- ENABLE_EXTERNAL_MAP=false
|
||||
- AUTHENTICATION_GUARD=web
|
||||
- CUSTOM_LOGOUT_URL=
|
||||
- DISABLE_FRAME_HEADER=false
|
||||
- DKR_CHECK_SQLITE=false
|
||||
- DKR_RUN_MIGRATION=true
|
||||
- DKR_RUN_UPGRADE=true
|
||||
- DKR_RUN_VERIFY=true
|
||||
- DKR_RUN_REPORT=true
|
||||
- DKR_RUN_PASSPORT_INSTALL=true
|
||||
- ADLDAP_CONNECTION=default
|
||||
- BROADCAST_DRIVER=log
|
||||
- QUEUE_DRIVER=sync
|
||||
- CACHE_PREFIX=firefly
|
||||
- PUSHER_KEY=
|
||||
- IPINFO_TOKEN=
|
||||
- PUSHER_SECRET=
|
||||
- PUSHER_ID=
|
||||
- DEMO_USERNAME=
|
||||
- DEMO_PASSWORD=
|
||||
- IS_HEROKU=false
|
||||
- FIREFLY_III_LAYOUT=v1
|
||||
- APP_URL=http://localhost
|
||||
depends_on:
|
||||
- db
|
||||
networks:
|
||||
- internal
|
||||
- proxy
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=proxy"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- coop-cloud.${STACK_NAME}.web.version=0.1
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "http://localhost:8080"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 2m
|
||||
db:
|
||||
image: postgres:13-alpine
|
||||
environment:
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
|
||||
- POSTGRES_USER=firefly
|
||||
- POSTRES_DB=firefly
|
||||
volumes:
|
||||
- firefly_iii_db:/var/lib/mysql
|
||||
secrets:
|
||||
- db_password
|
||||
networks:
|
||||
- internal
|
||||
networks:
|
||||
internal:
|
||||
proxy:
|
||||
external: true
|
||||
volumes:
|
||||
firefly_iii_upload:
|
||||
firefly_iii_db:
|
||||
secrets:
|
||||
cron_token:
|
||||
name: ${STACK_NAME}_static_cron_token_${SECRET_STATIC_CRON_TOKEN_VERSION}
|
||||
external: true
|
||||
app_key:
|
||||
name: ${STACK_NAME}_app_key_${SECRET_APP_KEY_VERSION}
|
||||
external: true
|
||||
db_password:
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
external: true
|
||||
# cron:
|
||||
# image: alpine
|
||||
# command: command: sh -c "echo \"0 3 * * * wget -qO- https://<Firefly III URL>/api/v1/cron/<TOKEN>\" | crontab - && crond -f -L /dev/stdout"
|
||||
# secrets:
|
||||
# - cron_token
|
Loading…
Reference in New Issue