decentral1se/docker-compose.yml

## docker-compose.yml
---
version: "3.8"

services:
  nginx:
    image: "nginx:stable"
    configs:
      - source: nginx-conf-v1
        target: /etc/nginx/nginx.conf
    volumes:
      - "public:/var/www/app/public"
    networks:
      - proxy
      - backchannelnet
    depends_on:
      - invoiceninja
    deploy:
      mode: replicated
      replicas: 1
      update_config:
        failure_action: rollback
      placement:
        constraints:
          - node.role == manager
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.invoiceninja.loadbalancer.server.port=80"
        - "traefik.http.routers.invoiceninja.rule=Host(`example.com`)"
        - "traefik.http.routers.invoiceninja.entrypoints=web-secure"
        - "traefik.http.routers.invoiceninja.tls.certresolver=production"

  invoiceninja:
    image: "invoiceninja/invoiceninja:4.6.0"
    volumes:
      - "public:/var/www/app/public"
      - "storage:/var/www/app/storage"
    environment:
      - API_SECRET=foo
      - APP_CIPHER=AES-256-CBC
      - APP_DEBUG=false
      - APP_ENV=production
      - APP_KEY=bar
      - APP_LOCALE=en
      - APP_URL=https://example.com
      - DB_DATABASE=ninja
      - DB_HOST=mariadb
      - DB_PASSWORD=bing
      - DB_STRICT=false
      - DB_TYPE=mysql
      - DB_USERNAME=ninja
      - LOG=single
      - REQUIRE_HTTPS=false
      - SESSION_ENCRYPT=true
      - SESSION_SECURE=true
      - TRUSTED_PROXIES="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
    secrets:
      - app-key-v1
      - api-secret-v1
      - mariadb-user-passwd-v1
    depends_on:
      - mariadb
    networks:
      - backchannelnet
    # configs:  # see https://github.com/invoiceninja/invoiceninja/issues/3739
    #   - source: env-v1
    #     target: /var/www/app/.env
    #     mode: 0666

  mariadb:
    image: "mariadb:10.5"
    environment:
      - MYSQL_DATABASE=ninja
      - MYSQL_USER=ninja
      - MYSQL_PASSWORD_FILE=/run/secrets/mariadb-user-passwd-v1
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mariadb-root-passwd-v1
    secrets:
      - mariadb-root-passwd-v1
      - mariadb-user-passwd-v1
    volumes:
      - "mariadb:/var/lib/mariadb"
    networks:
      - backchannelnet

volumes:
  mariadb:
  public:
  storage:

networks:
  proxy:
    external: true
  backchannelnet:

secrets:
  mariadb-root-passwd-v1:
    external: true
  mariadb-user-passwd-v1:
    external: true
  app-key-v1:
    external: true
  api-secret-v1:
    external: true

configs:
  # env-v1:  # see https://github.com/invoiceninja/invoiceninja/issues/3739
  #   file: env.tmpl
  #   template_driver: golang
  nginx-conf-v1:
    file: nginx.conf

## env.tmpl
API_SECRET={{ secret "api-secret-v1" }}
APP_CIPHER=AES-256-CBC
APP_DEBUG=false
APP_ENV=production
APP_KEY={{ secret "app-key-v1" }}
APP_LOCALE=en
APP_URL=https://example.com
DB_DATABASE=ninja
DB_HOST=mariadb
DB_PASSWORD={{ secret "mariadb-user-passwd-v1" }}
DB_STRICT=false
DB_TYPE=mysql
DB_USERNAME=ninja
LOG=single
REQUIRE_HTTPS=false
SESSION_ENCRYPT=true
SESSION_SECURE=true
TRUSTED_PROXIES="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"

## nginx.conf
user www-data;

events {
  worker_connections 768;
}

http {
    upstream backend {
        server invoiceninja:9000;
    }

    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    gzip on;
    gzip_disable "msie6";

    server {
        listen      80 default;
        server_name invoices.zzp.decentral1.se;

        root /var/www/app/public;

        index index.php;

        charset utf-8;

        location / {
            try_files $uri $uri/ /index.php?$query_string;
        }

        location = /favicon.ico { access_log off; log_not_found off; }
        location = /robots.txt  { access_log off; log_not_found off; }

        sendfile off;

        location ~ \.php$ {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass backend;
            fastcgi_index index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_intercept_errors off;
            fastcgi_buffer_size 16k;
            fastcgi_param  HTTPS 1;
            fastcgi_buffers 4 16k;
        }

        location ~ /\.ht {
            deny all;
        }
    }
}
	---
	version: "3.8"

	services:
	nginx:
	image: "nginx:stable"
	configs:
	- source: nginx-conf-v1
	target: /etc/nginx/nginx.conf
	volumes:
	- "public:/var/www/app/public"
	networks:
	- proxy
	- backchannelnet
	depends_on:
	- invoiceninja
	deploy:
	mode: replicated
	replicas: 1
	update_config:
	failure_action: rollback
	placement:
	constraints:
	- node.role == manager
	labels:
	- "traefik.enable=true"
	- "traefik.http.services.invoiceninja.loadbalancer.server.port=80"
	- "traefik.http.routers.invoiceninja.rule=Host(`example.com`)"
	- "traefik.http.routers.invoiceninja.entrypoints=web-secure"
	- "traefik.http.routers.invoiceninja.tls.certresolver=production"

	invoiceninja:
	image: "invoiceninja/invoiceninja:4.6.0"
	volumes:
	- "public:/var/www/app/public"
	- "storage:/var/www/app/storage"
	environment:
	- API_SECRET=foo
	- APP_CIPHER=AES-256-CBC
	- APP_DEBUG=false
	- APP_ENV=production
	- APP_KEY=bar
	- APP_LOCALE=en
	- APP_URL=https://example.com
	- DB_DATABASE=ninja
	- DB_HOST=mariadb
	- DB_PASSWORD=bing
	- DB_STRICT=false
	- DB_TYPE=mysql
	- DB_USERNAME=ninja
	- LOG=single
	- REQUIRE_HTTPS=false
	- SESSION_ENCRYPT=true
	- SESSION_SECURE=true
	- TRUSTED_PROXIES="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
	secrets:
	- app-key-v1
	- api-secret-v1
	- mariadb-user-passwd-v1
	depends_on:
	- mariadb
	networks:
	- backchannelnet
	# configs: # see https://github.com/invoiceninja/invoiceninja/issues/3739
	# - source: env-v1
	# target: /var/www/app/.env
	# mode: 0666

	mariadb:
	image: "mariadb:10.5"
	environment:
	- MYSQL_DATABASE=ninja
	- MYSQL_USER=ninja
	- MYSQL_PASSWORD_FILE=/run/secrets/mariadb-user-passwd-v1
	- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mariadb-root-passwd-v1
	secrets:
	- mariadb-root-passwd-v1
	- mariadb-user-passwd-v1
	volumes:
	- "mariadb:/var/lib/mariadb"
	networks:
	- backchannelnet

	volumes:
	mariadb:
	public:
	storage:

	networks:
	proxy:
	external: true
	backchannelnet:

	secrets:
	mariadb-root-passwd-v1:
	external: true
	mariadb-user-passwd-v1:
	external: true
	app-key-v1:
	external: true
	api-secret-v1:
	external: true

	configs:
	# env-v1: # see https://github.com/invoiceninja/invoiceninja/issues/3739
	# file: env.tmpl
	# template_driver: golang
	nginx-conf-v1:
	file: nginx.conf
	API_SECRET={{ secret "api-secret-v1" }}
	APP_CIPHER=AES-256-CBC
	APP_DEBUG=false
	APP_ENV=production
	APP_KEY={{ secret "app-key-v1" }}
	APP_LOCALE=en
	APP_URL=https://example.com
	DB_DATABASE=ninja
	DB_HOST=mariadb
	DB_PASSWORD={{ secret "mariadb-user-passwd-v1" }}
	DB_STRICT=false
	DB_TYPE=mysql
	DB_USERNAME=ninja
	LOG=single
	REQUIRE_HTTPS=false
	SESSION_ENCRYPT=true
	SESSION_SECURE=true
	TRUSTED_PROXIES="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
	user www-data;

	events {
	worker_connections 768;
	}

	http {
	upstream backend {
	server invoiceninja:9000;
	}

	include /etc/nginx/mime.types;
	default_type application/octet-stream;
	gzip on;
	gzip_disable "msie6";

	server {
	listen 80 default;
	server_name invoices.zzp.decentral1.se;

	root /var/www/app/public;

	index index.php;

	charset utf-8;

	location / {
	try_files $uri $uri/ /index.php?$query_string;
	}

	location = /favicon.ico { access_log off; log_not_found off; }
	location = /robots.txt { access_log off; log_not_found off; }

	sendfile off;

	location ~ \.php$ {
	fastcgi_split_path_info ^(.+\.php)(/.+)$;
	fastcgi_pass backend;
	fastcgi_index index.php;
	include fastcgi_params;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	fastcgi_intercept_errors off;
	fastcgi_buffer_size 16k;
	fastcgi_param HTTPS 1;
	fastcgi_buffers 4 16k;
	}

	location ~ /\.ht {
	deny all;
	}
	}
	}