zulip/compose.yml

---
version: "3.8"

services:

  app:
    image: "zulip/docker-zulip:9.4-0"
    ports:
      - "80:80"
    environment:
      DB_HOST: "database"
      DB_HOST_PORT: "5432"
      DB_USER: "zulip"
      SSL_CERTIFICATE_GENERATION: "self-signed"
      SETTING_MEMCACHED_LOCATION: "memcached:11211"
      SETTING_RABBITMQ_HOST: "rabbitmq"
      SETTING_REDIS_HOST: "redis"
      SECRETS_email_password: "123456789"
      SECRETS_rabbitmq_password: "REPLACE_WITH_SECURE_RABBITMQ_PASSWORD"
      SECRETS_postgres_password: "REPLACE_WITH_SECURE_POSTGRES_PASSWORD"
      SECRETS_memcached_password: "REPLACE_WITH_SECURE_MEMCACHED_PASSWORD"
      SECRETS_redis_password: "REPLACE_WITH_SECURE_REDIS_PASSWORD"
      SECRETS_secret_key: "REPLACE_WITH_SECURE_SECRET_KEY"
      SETTING_EXTERNAL_HOST: "localhost.localdomain"
      SETTING_ZULIP_ADMINISTRATOR: "admin@example.com"
      SETTING_EMAIL_HOST: ""
      SETTING_EMAIL_HOST_USER: "noreply@example.com"
      SETTING_EMAIL_PORT: "587"
      SETTING_EMAIL_USE_SSL: "False"
      SETTING_EMAIL_USE_TLS: "True"
      ZULIP_AUTH_BACKENDS: "EmailAuthBackend"
    volumes:
      - "zulip:/data:rw"
    ulimits:
      nofile:
        soft: 1000000
        hard: 1048576

  database:
    image: "zulip/zulip-postgresql:17.2"
    deploy:
      labels:
        backupbot.backup.pre-hook: "/pg_backup.sh backup"
        backupbot.backup.path: "/var/lib/postgresql/data/backup.sql"
        backupbot.restore.post-hook: "/pg_backup.sh restore"
    environment:
      POSTGRES_DB: "zulip"
      POSTGRES_USER: "zulip"
      POSTGRES_PASSWORD_FILE: "/run/secrets/db_password"
    secrets:
      - db_password
    volumes:
      - "db:/var/lib/postgresql/data:rw"
    networks:
      - internal
    configs:
      - source: pg_backup
        target: /pg_backup.sh
        mode: 0555
    healthcheck:
      test: [ "CMD-SHELL", "pg_isready" ]
      interval: 10s
      timeout: 5s
      retries: 5
      
  memcached:
    image: "memcached:alpine"
    command:
      - "sh"
      - "-euc"
      - |
        echo 'mech_list: plain' > "$$SASL_CONF_PATH"
        echo "zulip@$$HOSTNAME:$$MEMCACHED_PASSWORD" > "$$MEMCACHED_SASL_PWDB"
        echo "zulip@localhost:$$MEMCACHED_PASSWORD" >> "$$MEMCACHED_SASL_PWDB"
        exec memcached -S
    environment:
      SASL_CONF_PATH: "/home/memcache/memcached.conf"
      MEMCACHED_SASL_PWDB: "/home/memcache/memcached-sasl-db"
      MEMCACHED_PASSWORD: "REPLACE_WITH_SECURE_MEMCACHED_PASSWORD"

  rabbitmq:
    image: "rabbitmq:3.12.14"
    environment:
      RABBITMQ_DEFAULT_USER: "zulip"
      RABBITMQ_DEFAULT_PASS_FILE: "/run/secrets/rabbitmq_password"
    secrets:
      - rabbitmq_password
    volumes:
      - "rabbitmq:/var/lib/rabbitmq:rw"

  redis:
    image: "redis:alpine"
    command:
      - "sh"
      - "-euc"
      - |
        echo "requirepass '$$REDIS_PASSWORD'" > /etc/redis.conf
        exec redis-server /etc/redis.conf
    environment:
      REDIS_PASSWORD: "REPLACE_WITH_SECURE_REDIS_PASSWORD"
    volumes:
      - "redis:/data:rw"


secrets:
  db_password:
    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
    external: true
  rabbitmq_password:
    name: ${STACK_NAME}_rabbitmq_password_${SECRET_RABBITMQ_PASSWORD_VERSION}
    external: true

configs:
  pg_backup:
    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
    file: pg_backup.sh

volumes:
  zulip:
  db:
  rabbitmq:
  redis:

networks:
  internal:
  proxy:
    external: true