services: app: image: gristlabs/grist:1.1.7 networks: - proxy - internal environment: - TYPEORM_DATABASE=grist - TYPEORM_TYPE=postgres - TYPEORM_USERNAME=grist - TYPEORM_PASSWORD_FILE=/run/secrets/db_password - REDIS_URL=redis://${STACK_NAME}_redis:6379 - GRIST_DATA_DIR=/var/grist-data - GRIST_SUPPORT_ANON - SESSION_SECRET_FILE=/run/secrets/session_secret - GRIST_SANDBOX_FLAVOR=unsandboxed - APP_HOME_URL=https://${DOMAIN} - APP_DOC_URL=https://${DOMAIN} - GRIST_SINGLE_ORG - GRIST_ORG_IN_PATH - COOKIE_MAX_AGE - GRIST_FORCE_LOGIN - GRIST_HIDE_UI_ELEMENTS - GRIST_DEFAULT_EMAIL secrets: - session_secret - db_password configs: - source: entrypoint_conf target: /docker-entrypoint.sh mode: 0555 entrypoint: /docker-entrypoint.sh volumes: - grist_data:/persist depends_on: - db - redis deploy: labels: - "traefik.enable=true" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8484" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "caddy=${DOMAIN}" - "caddy.reverse_proxy={{upstreams 8484}}" - "caddy.tls.on_demand=" db: image: postgres:13 networks: - internal secrets: - db_password volumes: - 'postgresql_data:/var/lib/postgresql/data' environment: - POSTGRES_USER=grist - POSTGRES_DB=grist - POSTGRES_PASSWORD_FILE=/run/secrets/db_password redis: image: redis:7.2-alpine networks: - internal volumes: - 'redis_data:/data' secrets: db_password: external: true name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} session_secret: external: true name: ${STACK_NAME}_session_secret_${SECRET_SESSION_SECRET_VERSION} volumes: postgresql_data: redis_data: grist_data: networks: proxy: external: true internal: configs: entrypoint_conf: name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION} file: entrypoint.sh.tmpl template_driver: golang