Docker Compose file to start OpenProject with HTTPS support

docker-compose.yml

version: "3.7"
# this file is taken from https://github.com/opf/openproject-deploy/blob/stable/11/compose/docker-compose.yml, replaced
# the apache proxy with jwilder/nginx-proxy and the companion enabling ssl support

networks:
  frontend:
  backend:

volumes:
  pgdata:
  opdata:
  vhosts:
    external: false
  html:
    external: false

x-op-restart-policy: &restart_policy
  restart: unless-stopped
x-op-image: &image
  image: openproject/community:${TAG:-11}
x-op-app: &app
  <<: *image
  <<: *restart_policy
  environment:
    RAILS_CACHE_STORE: "memcache"
    OPENPROJECT_CACHE__MEMCACHE__SERVER: "cache:11211"
    OPENPROJECT_RAILS__RELATIVE__URL__ROOT: "${OPENPROJECT_RAILS__RELATIVE__URL__ROOT:-}"
    DATABASE_URL: "postgres://postgres:p4ssw0rd@db/openproject?pool=20&encoding=unicode&reconnect=true"
    RAILS_MIN_THREADS: 4
    RAILS_MAX_THREADS: 16
    USE_PUMA: "true"
    # set to true to enable the email receiving feature. See ./docker/cron for more options
    IMAP_ENABLED: "${IMAP_ENABLED:-false}"
  volumes:
    - "opdata:/var/openproject/assets"

services:
  db:
    image: postgres:10
    <<: *restart_policy
    stop_grace_period: "3s"
    volumes:
      - "pgdata:/var/lib/postgresql/data"
    environment:
      POSTGRES_PASSWORD: p4ssw0rd
      POSTGRES_DB: openproject
    networks:
      - backend

  cache:
    image: memcached
    <<: *restart_policy
    networks:
      - backend

# disabled the proxy openproject is shipping and replacing it with the nginx proxy below
#  proxy:
#    <<: *image
#    <<: *restart_policy
#    command: "./docker/prod/proxy"
#    ports:
#      - "${PORT:-8080}:80"
#    environment:
#      APP_HOST: web
#      OPENPROJECT_RAILS__RELATIVE__URL__ROOT: "${OPENPROJECT_RAILS__RELATIVE__URL__ROOT:-}"
#    depends_on:
#      - web
#    networks:
#      - frontend

  web:
    <<: *app
    command: "./docker/prod/web"
    networks:
      - frontend
      - backend
    depends_on:
      - db
      - cache
      - seeder
    ports:
      - "8080:8080"
    environment:
      RAILS_CACHE_STORE: "memcache"
      OPENPROJECT_CACHE__MEMCACHE__SERVER: "cache:11211"
      OPENPROJECT_RAILS__RELATIVE__URL__ROOT: "${OPENPROJECT_RAILS__RELATIVE__URL__ROOT:-}"
      DATABASE_URL: "postgres://postgres:p4ssw0rd@db/openproject?pool=20&encoding=unicode&reconnect=true"
      RAILS_MIN_THREADS: 4
      RAILS_MAX_THREADS: 16
      USE_PUMA: "true"
      # set to true to enable the email receiving feature. See ./docker/cron for more options
      IMAP_ENABLED: "${IMAP_ENABLED:-false}"
      VIRTUAL_HOST: yourhost.example.com
      VIRTUAL_PORT: 8080
      LETSENCRYPT_HOST: yourhost.example.com
      LETSENCRYPT_EMAIL: yourmail@example.com

  worker:
    <<: *app
    command: "./docker/prod/worker"
    networks:
      - backend
    depends_on:
      - db
      - cache
      - seeder

  cron:
    <<: *app
    command: "./docker/prod/cron"
    networks:
      - backend
    depends_on:
      - db
      - cache
      - seeder

  seeder:
    <<: *app
    command: "./docker/prod/seeder"
    restart: on-failure
    networks:
      - backend

  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    restart: unless-stopped
    ports:
      - "443:443"
      - "80:80"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./certs:/etc/nginx/certs:ro
      - vhosts:/etc/nginx/vhost.d:rw
      - html:/usr/share/nginx/html
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    depends_on:
      - web
    networks:
      - frontend

  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: letsencrypt
    restart: unless-stopped
    environment:
      - NGINX_PROXY_CONTAINER=nginx-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./certs:/etc/nginx/certs:rw
      - vhosts:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html:rw
    networks:
      - frontend