Skip to content

Add Home Docker Compose, Adjust Home Production Traefik Entrypoint, and Update Static Traefik Config #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Morfusee merged 5 commits into from
Aug 1, 2025
Merged

Add Home Docker Compose, Adjust Home Production Traefik Entrypoint, and Update Static Traefik Config #77

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
80a1506
UPDATE: Added entrypoint for server port
Morfusee Jul 30, 2025
29f53b5
UPDATE: Added labels to apply newly added entrypoints
Morfusee Jul 30, 2025
b598b84
Revert: Revert changes to compose.prod.yml
Morfusee Jul 31, 2025
416495a
UPDATE: Add new compose file for hosting on home server
Morfusee Jul 31, 2025
f56369d
UPDATE: Comment redirection of HTTP to HTTPS in static.yml
Morfusee Jul 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
114 changes: 114 additions & 0 deletions server/compose.home.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
services:

# To prevent mounting docker.sock, which is a security risk
socket-proxy:
image: tecnativa/docker-socket-proxy
environment:
CONTAINERS: 1
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- socket-proxy-network

reverse-proxy:
image: traefik:latest
command:
- "--configFile=/etc/traefik/config/static.yml"
security_opt:
- no-new-privileges:true
ports:
- "80:80"
- "443:443"
- "3000:3000"
volumes:
- ./letsencrypt:/letsencrypt:rw # letsencrypt folder
- ./traefik/config:/etc/traefik/config:ro # traefik folder
- ./traefik/logs:/logs # traefik folder
environment:
BASE_URL_FQDN: ${BASE_URL_FQDN}
CLIENT_URL: ${CLIENT_URL}
restart: always
networks:
- server-network
- socket-proxy-network
depends_on:
- socket-proxy

mongo:
image: mongo:latest
environment:
MONGO_INITDB_ROOT_USERNAME: ${MONGO_USERNAME}
MONGO_INITDB_ROOT_PASSWORD: ${MONGO_PASSWORD}
MONGO_INITDB_DATABASE: FERD
INIT_MONGO_USERNAME: ${MONGO_USERNAME}
INIT_MONGO_PASSWORD: ${MONGO_PASSWORD}
INIT_MONGO_DATABASE: FERD
volumes:
- ./mongodb-data:/data/db
- ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
restart: always
networks:
- server-network

server:
image: ghcr.io/morfusee/ferd-server:latest
environment:
SESSION_KEY: ${SESSION_KEY}
SERVICE_ACCOUNT: ${SERVICE_ACCOUNT}
GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID}
GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET}
CLIENT_URL: ${CLIENT_URL}
BASE_URL: ${BASE_URL}
MONGO_DOCKER_URI: ${MONGO_DOCKER_URI}
IS_DOCKERIZED: true
labels:
# Since you have two replicas, you can't put all of these inside dynamic.yml :(
# Enable Traefik for this service
- "traefik.enable=true"

# Router Configuration
- "traefik.http.routers.server.rule=Host(`api.ferd.mcube.uk`)"
- "traefik.http.routers.server.entrypoints=web"

# Auto update image
- "com.centurylinklabs.watchtower.enable=true"
restart: always
networks:
- server-network
deploy:
mode: replicated
replicas: 2
depends_on:
- mongo

watchtower:
image: containrrr/watchtower
command:
- "--label-enable"
- "--interval"
- "30"
- "--rolling-restart"
environment:
WATCHTOWER_CLEANUP: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: always

# cloudflared:
# image: cloudflare/cloudflared:latest
# restart: unless-stopped
# command: tunnel --no-autoupdate run
# environment:
# TUNNEL_TOKEN: ${TUNNEL_TOKEN}
# networks: # This should be set to enable http://server:3000 as a URL
# - server-network

networks:
server-network:
driver: bridge
socket-proxy-network:
driver: bridge

# When reusing this compose file, please create the following folders:
# - letsencrypt
# - traefik
2 changes: 1 addition & 1 deletion server/compose.prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ services:

# Router Configuration
- "traefik.http.routers.server.rule=Host(`${BASE_URL_FQDN}`)"
- "traefik.http.routers.server.entrypoints=websecure"
- "traefik.http.routers.server.entrypoints=server"
- "traefik.http.routers.server.middlewares=cors,security,block-sensitive"
- "traefik.http.routers.server.tls.certresolver=tlsresolver"

Expand Down
10 changes: 5 additions & 5 deletions server/traefik/config/static.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,11 @@ accessLog:
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
# http:
# redirections:
# entryPoint:
# to: websecure
# scheme: https
websecure:
address: ":443"

Expand Down