invoiceninja/compose.yml

version: "3.8"
services:
  web:
    image: "nginx:1.21.1"
    environment:
      - DOMAIN=${DOMAIN}
    configs:
      - source: nginx_conf
        target: /etc/nginx/nginx.conf
    volumes:
      - "public:/var/www/app/public"
    networks:
      - proxy
      - internal
    depends_on:
      - invoiceninja
    deploy:
      update_config:
        failure_action: rollback
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
        - coop-cloud.${STACK_NAME}.web.version=1.20.0-c1e6c074
  app:
    image: "invoiceninja/invoiceninja:5"
    volumes:
      - "public:/var/www/app/public"
      - "storage:/var/www/app/storage"
    secrets:
      - api_secret
      - app_key
      - db_passwd
    environment:
      - API_SECRET_FILE=/run/secrets/api_secret
      - APP_CIPHER=AES-256-CBC
      - APP_DEBUG=true
      - APP_ENV=production
      - APP_KEY_FILE=/run/secrets/app_key
      - APP_LOCALE=en
      - APP_URL=${DOMAIN}
      - DB_DATABASE=ninja
      - DB_HOST=mariadb
      - DB_PASSWORD_FILE=/run/secrets/db_passwd
      - DB_STRICT=false
      - DB_TYPE=mysql
      - DB_USERNAME=ninja
      - LOG=single
      - REQUIRE_HTTPS=false
      - SESSION_ENCRYPT=true
      - SESSION_SECURE=true
      - TRUSTED_PROXIES="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
    depends_on:
      - mariadb
    networks:
      - internal
  db:
    image: "mariadb:10.6"
    environment:
      - MYSQL_DATABASE=ninja
      - MYSQL_USER=ninja
      - MYSQL_PASSWORD_FILE=/run/secrets/db_passwd
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_passwd
    secrets:
      - db_root_passwd
      - db_passwd
    volumes:
      - "mariadb:/var/lib/mysql"
    networks:
      - internal
    deploy:
      labels: ['coop-cloud.${STACK_NAME}.db.version=10.6-718cb856']
volumes:
  mariadb:
  public:
  storage:
networks:
  proxy:
    external: true
  internal:
secrets:
  db_root_passwd:
    name: ${STACK_NAME}_db_root_passwd_${SECRET_DB_ROOT_PASSWD_VERSION}
    external: true
  db_passwd:
    name: ${STACK_NAME}_db_passwd_${SECRET_DB_PASSWD_VERSION}
    external: true
  app_key:
    name: ${STACK_NAME}_app_key_${SECRET_APP_KEY_VERSION}
    external: true
  api_secret:
    name: ${STACK_NAME}_api_secret_${SECRET_API_SECRET_VERSION}
    external: true
configs:
  nginx_conf:
    name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION}
    file: nginx.conf.tmpl
    template_driver: golang