--- version: "3.8" services: app: image: "thecoopcloud/nginx:1.21.4-bedrock" working_dir: /app volumes: - wordpress:/app:cached networks: - proxy - backend environment: - STACK_NAME deploy: restart_policy: condition: on-failure labels: - "traefik.enable=true" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "backupbot.backup=true" - "backupbot.backup.path=/var/www/html" # note(3wc): no explicit EXTRA_DOMAINS redirect needed, wordpress does # it for us # healthcheck: # test: ["CMD", "curl", "-f", "http://localhost"] # interval: 30s # timeout: 10s # retries: 10 # start_period: 1m php: image: "thecoopcloud/wordpress:5.8.2-php7.4-fpm-bedrock" working_dir: /app secrets: - db_password environment: - DB_NAME=wordpress - DB_USER=wordpress - DB_PASSWORD_FILE=/run/secrets/db_password - DB_HOST=db - WP_ENV=production - WP_HOME=https://${DOMAIN} - WP_SITEURL=https://${DOMAIN}/wp/ - DB_PREFIX networks: - backend volumes: - wordpress:/app:cached db: image: mariadb:10.4 networks: - backend volumes: - "mariadb:/var/lib/mysql" environment: - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password - MYSQL_DATABASE=wordpress - MYSQL_USER=wordpress - MYSQL_PASSWORD_FILE=/run/secrets/db_password networks: - backend secrets: - db_password - db_root_password deploy: labels: - "backupbot.backup=true" - "backupbot.backup.path=/tmp/dump.sql.gz" - "backupbot.backup.post-hook=rm -f /tmp/dump.sql.gz" - "backupbot.backup.pre-hook=mysqldump -u root -p`cat /run/secrets/db_root_password` wordpress | gzip > /tmp/dump.sql.gz" networks: proxy: external: true backend: volumes: wordpress: mariadb: secrets: db_root_password: external: true name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION} db_password: external: true name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}