taiga/compose.yml

services:
  taiga-db:
    image: postgres:12.3
    secrets:
      - postgres_password
    environment:
      - POSTGRES_DB=taiga
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=/run/secrets/postgres_password
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
      interval: 2s
      timeout: 15s
      retries: 5
      start_period: 3s
    volumes:
      - taiga-db-data:/var/lib/postgresql/data
    networks:
      - taiga

  taiga-back:
    image: taigaio/taiga-back:latest
    secrets:
      - taiga_secret
      - postgres_password
      - rabbitmq_password
    environment:
      # These environment variables will be used by taiga-back and taiga-async.
      # Database settings
      - POSTGRES_DB=taiga
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=/run/secrets/postgres_password
      - POSTGRES_HOST=taiga-db
      # Taiga settings
      - TAIGA_SECRET_KEY=/run/secrets/taiga_secret
      - TAIGA_SITES_SCHEME=${TAIGA_SCHEME}
      - TAIGA_SITES_DOMAIN=${TAIGA_DOMAIN}
      - TAIGA_SUBPATH=${SUBPATH}
      # Email settings.
      - EMAIL_BACKEND=django.core.mail.backends.${EMAIL_BACKEND}.EmailBackend
      - DEFAULT_FROM_EMAIL=${EMAIL_DEFAULT_FROM}
      - EMAIL_USE_TLS=${EMAIL_USE_TLS}
      - EMAIL_USE_SSL=${EMAIL_USE_SSL}
      - EMAIL_HOST=${EMAIL_HOST}
      - EMAIL_PORT=${EMAIL_PORT}
      - EMAIL_HOST_USER=${EMAIL_HOST_USER}
      - EMAIL_HOST_PASSWORD=${EMAIL_HOST_PASSWORD}
      # Rabbitmq settings
      - RABBITMQ_USER=${RABBITMQ_USER}
      - RABBITMQ_PASS=/run/secrets/rabbitmq_password
      # Telemetry settings
      - ENABLE_TELEMETRY=${ENABLE_TELEMETRY}
      # ...your customizations go here
    configs:
      - source: taiga_entrypoint
        target: /custom-entrypoint.sh
        mode: 0555
    entrypoint: /custom-entrypoint.sh
    volumes:
      - taiga-static-data:/taiga-back/static
      - taiga-media-data:/taiga-back/media
    networks:
      - taiga

  taiga-back-async:
    image: taigaio/taiga-back:latest
    entrypoint: ["/taiga-back/docker/async_entrypoint.sh"]
    secrets:
      - taiga_secret
      - postgres_password
      - rabbitmq_password
    environment:
          # These environment variables will be used by taiga-back and taiga-async.
      # Database settings
      - POSTGRES_DB=taiga
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=/run/secrets/postgres_password
      - POSTGRES_HOST=taiga-db
      # Taiga settings
      - TAIGA_SECRET_KEY=/run/secrets/taiga_secret
      - TAIGA_SITES_SCHEME=${TAIGA_SCHEME}
      - TAIGA_SITES_DOMAIN=${TAIGA_DOMAIN}
      - TAIGA_SUBPATH=${SUBPATH}
      # Email settings.
      - EMAIL_BACKEND=django.core.mail.backends.${EMAIL_BACKEND}.EmailBackend
      - DEFAULT_FROM_EMAIL=${EMAIL_DEFAULT_FROM}
      - EMAIL_USE_TLS=${EMAIL_USE_TLS}
      - EMAIL_USE_SSL=${EMAIL_USE_SSL}
      - EMAIL_HOST=${EMAIL_HOST}
      - EMAIL_PORT=${EMAIL_PORT}
      - EMAIL_HOST_USER=${EMAIL_HOST_USER}
      - EMAIL_HOST_PASSWORD=${EMAIL_HOST_PASSWORD}
      # Rabbitmq settings
      - RABBITMQ_USER=${RABBITMQ_USER}
      - RABBITMQ_PASS=/run/secrets/rabbitmq_password
      # Telemetry settings
      - ENABLE_TELEMETRY=${ENABLE_TELEMETRY}
      # ...your customizations go here
    volumes:
      - taiga-static-data:/taiga-back/static
      - taiga-media-data:/taiga-back/media
    networks:
      - taiga
     
  taiga-async-rabbitmq:
    image: rabbitmq:3.8-management-alpine
    secrets:
      - rabbitmq_password
    environment:
      - RABBITMQ_ERLANG_COOKIE=${RABBITMQ_ERLANG_COOKIE}
      - RABBITMQ_DEFAULT_USER=${RABBITMQ_USER}
      - RABBITMQ_DEFAULT_PASS=/run/secrets/rabbitmq_password
      - RABBITMQ_DEFAULT_VHOST=${RABBITMQ_VHOST}
    hostname: "taiga-async-rabbitmq"
    volumes:
      - taiga-async-rabbitmq-data:/var/lib/rabbitmq
    networks:
      - taiga

  taiga-front:
    image: taigaio/taiga-front:latest
    environment:
      - TAIGA_URL=${TAIGA_SCHEME}://${TAIGA_DOMAIN}
      - TAIGA_WEBSOCKETS_URL=${WEBSOCKETS_SCHEME}://${TAIGA_DOMAIN}
      - TAIGA_SUBPATH=${SUBPATH}
      # ...your customizations go here
    networks:
      - taiga
    # volumes:
    #   - ./conf.json:/usr/share/nginx/html/conf.json

  taiga-events:
    image: taigaio/taiga-events:latest
    secrets:
      - taiga_secret
      - rabbitmq_password
    environment:
      - RABBITMQ_USER=${RABBITMQ_USER}
      - RABBITMQ_PASS=/run/secrets/rabbitmq_password
      - TAIGA_SECRET_KEY=/run/secrets/taiga_secret
    networks:
      - taiga 

  taiga-events-rabbitmq:
    image: rabbitmq:3.8-management-alpine
    secrets:
      - rabbitmq_password
    environment:
      - RABBITMQ_ERLANG_COOKIE=${RABBITMQ_ERLANG_COOKIE}
      - RABBITMQ_DEFAULT_USER=${RABBITMQ_USER}
      - RABBITMQ_DEFAULT_PASS=/run/secrets/rabbitmq_password
      - RABBITMQ_DEFAULT_VHOST=${RABBITMQ_VHOST}
    hostname: "taiga-events-rabbitmq"
    volumes:
      - taiga-events-rabbitmq-data:/var/lib/rabbitmq
    networks:
      - taiga

  taiga-protected:
    image: taigaio/taiga-protected:latest
    secrets:
      - taiga_secret
    environment:
      - MAX_AGE=${ATTACHMENTS_MAX_AGE}
      - SECRET_KEY=/run/secrets/taiga_secret
    networks:
      - taiga

  taiga-gateway:
    image: nginx:1.19-alpine
    ports:
      - "9000:80"
    configs:
      - source: nginx_conf
        target: /etc/nginx/conf.d/default.conf
    volumes:
      - taiga-static-data:/taiga/static
      - taiga-media-data:/taiga/media
    networks:
      - proxy
      - taiga 
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.scheme=https"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectscheme.permanent=true" 

secrets:
  taiga_secret:
    external: true
    name: ${STACK_NAME}_taiga_secret_${SECRET_TAIGA_SECRET_VERSION}
  postgres_password:
    external: true
    name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION}
  rabbitmq_password:
    external: true
    name: ${STACK_NAME}_rabbitmq_password_${SECRET_RABBITMQ_PASSWORD_VERSION}

configs:
  nginx_conf:
    name: ${STACK_NAME}_nginx_${NGINX_CONF_VERSION}
    file: ./taiga-gateway/nginx.conf
    template_driver: golang
  taiga_entrypoint:
    name: ${STACK_NAME}_taiga_entrypoint_${TAIGA_ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang

volumes:
  taiga-static-data:
  taiga-media-data:
  taiga-db-data:
  taiga-async-rabbitmq-data:
  taiga-events-rabbitmq-data:

networks:
  taiga:
  proxy:
    external: true