mgdelacroix/penpot-with-traefik-docker-compose.yml

## penpot-with-traefik-docker-compose.yml
---
version: "3.5"

networks:
  penpot:

volumes:
  penpot_postgres_data:
  penpot_assets_data:
  penpot_traefik_letsencrypt:

services:
  traefik:
    image: traefik:v2.9
    networks:
      - penpot
    command:
      - "--api.insecure=true"
      - "--entryPoints.web.address=:80"
      - "--entryPoints.websecure.address=:443"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.email=<EMAIL_ADDRESS>"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
    volumes:
      - "penpot_traefik_letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock"
    ports:
      - "80:80"
      - "443:443"

  penpot-frontend:
    image: "penpotapp/frontend:latest"
    labels:
      - "traefik.enable=true"

      # redirect
      - "traefik.http.middlewares.http-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.http-redirect.redirectscheme.permanent=true"

      # http
      - "traefik.http.routers.penpot-http.entrypoints=web"
      - "traefik.http.routers.penpot-http.rule=Host(`<DOMAIN_NAME>`)"
      - "traefik.http.routers.penpot-http.middlewares=http-redirect"

      # https
      - "traefik.http.routers.penpot-https.entrypoints=websecure"
      - "traefik.http.routers.penpot-https.rule=Host(`<DOMAIN_NAME>`)"
      - "traefik.http.services.penpot-https.loadbalancer.server.port=80"
      - "traefik.http.routers.penpot-https.tls=true"
      - "traefik.http.routers.penpot-https.tls.certresolver=letsencrypt"

    # This could be commented as it's not used anymore
    # ports:
    #   - 9001:80

    volumes:
      - penpot_assets_data:/opt/data

    env_file:
      - config.env

    depends_on:
      - penpot-backend
      - penpot-exporter

    networks:
      - penpot

  penpot-backend:
    image: "penpotapp/backend:latest"
    volumes:
      - penpot_assets_data:/opt/data

    depends_on:
      - penpot-postgres
      - penpot-redis

    env_file:
      - config.env

    networks:
      - penpot

  penpot-exporter:
    image: "penpotapp/exporter:latest"
    env_file:
      - config.env
    environment:
      # Don't touch it; this uses internal docker network to
      # communicate with the frontend.
      - PENPOT_PUBLIC_URI=http://penpot-frontend
    networks:
      - penpot

  penpot-postgres:
    image: "postgres:14"
    restart: always
    stop_signal: SIGINT

    environment:
      - POSTGRES_INITDB_ARGS=--data-checksums
      - POSTGRES_DB=penpot
      - POSTGRES_USER=penpot
      - POSTGRES_PASSWORD=penpot

    volumes:
      - penpot_postgres_data:/var/lib/postgresql/data

    networks:
      - penpot

  penpot-redis:
    image: redis:7
    restart: always
    networks:
      - penpot
	---
	version: "3.5"

	networks:
	penpot:

	volumes:
	penpot_postgres_data:
	penpot_assets_data:
	penpot_traefik_letsencrypt:

	services:
	traefik:
	image: traefik:v2.9
	networks:
	- penpot
	command:
	- "--api.insecure=true"
	- "--entryPoints.web.address=:80"
	- "--entryPoints.websecure.address=:443"
	- "--providers.docker=true"
	- "--providers.docker.exposedbydefault=false"
	- "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
	- "--certificatesresolvers.letsencrypt.acme.email=<EMAIL_ADDRESS>"
	- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
	volumes:
	- "penpot_traefik_letsencrypt:/letsencrypt"
	- "/var/run/docker.sock:/var/run/docker.sock"
	ports:
	- "80:80"
	- "443:443"

	penpot-frontend:
	image: "penpotapp/frontend:latest"
	labels:
	- "traefik.enable=true"

	# redirect
	- "traefik.http.middlewares.http-redirect.redirectscheme.scheme=https"
	- "traefik.http.middlewares.http-redirect.redirectscheme.permanent=true"

	# http
	- "traefik.http.routers.penpot-http.entrypoints=web"
	- "traefik.http.routers.penpot-http.rule=Host(`<DOMAIN_NAME>`)"
	- "traefik.http.routers.penpot-http.middlewares=http-redirect"

	# https
	- "traefik.http.routers.penpot-https.entrypoints=websecure"
	- "traefik.http.routers.penpot-https.rule=Host(`<DOMAIN_NAME>`)"
	- "traefik.http.services.penpot-https.loadbalancer.server.port=80"
	- "traefik.http.routers.penpot-https.tls=true"
	- "traefik.http.routers.penpot-https.tls.certresolver=letsencrypt"

	# This could be commented as it's not used anymore
	# ports:
	# - 9001:80

	volumes:
	- penpot_assets_data:/opt/data

	env_file:
	- config.env

	depends_on:
	- penpot-backend
	- penpot-exporter

	networks:
	- penpot

	penpot-backend:
	image: "penpotapp/backend:latest"
	volumes:
	- penpot_assets_data:/opt/data

	depends_on:
	- penpot-postgres
	- penpot-redis

	env_file:
	- config.env

	networks:
	- penpot

	penpot-exporter:
	image: "penpotapp/exporter:latest"
	env_file:
	- config.env
	environment:
	# Don't touch it; this uses internal docker network to
	# communicate with the frontend.
	- PENPOT_PUBLIC_URI=http://penpot-frontend
	networks:
	- penpot

	penpot-postgres:
	image: "postgres:14"
	restart: always
	stop_signal: SIGINT

	environment:
	- POSTGRES_INITDB_ARGS=--data-checksums
	- POSTGRES_DB=penpot
	- POSTGRES_USER=penpot
	- POSTGRES_PASSWORD=penpot

	volumes:
	- penpot_postgres_data:/var/lib/postgresql/data

	networks:
	- penpot

	penpot-redis:
	image: redis:7
	restart: always
	networks:
	- penpot