runtipi/docker-compose.prod.yml

services:
  runtipi-reverse-proxy:
    container_name: runtipi-reverse-proxy
    depends_on:
      runtipi:
        condition: service_healthy
    image: traefik:v3.0
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    command: --providers.docker
    volumes:
      - ./traefik:/etc/traefik
      - ./traefik/shared:/shared
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - tipi_main_network

  runtipi-db:
    container_name: runtipi-db
    image: postgres:14
    restart: unless-stopped
    stop_grace_period: 1m
    volumes:
      - pgdata:/var/lib/postgresql/data
    ports:
      - 5432:5432
    environment:
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_USER: tipi
      POSTGRES_DB: tipi
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -d tipi -U tipi']
      interval: 5s
      timeout: 10s
      retries: 120
    networks:
      - tipi_main_network

  runtipi-redis:
    container_name: runtipi-redis
    image: redis:7.2.0
    restart: unless-stopped
    command: redis-server --requirepass ${REDIS_PASSWORD} --stop-writes-on-bgsave-error no
    ports:
      - 6379:6379
    volumes:
      - redisdata:/data
    healthcheck:
      test: ['CMD', 'redis-cli', 'ping']
      interval: 5s
      timeout: 10s
      retries: 120
    networks:
      - tipi_main_network

  runtipi:
    build:
      context: .
      dockerfile: Dockerfile
      args:
        TIPI_VERSION: development
        LOCAL: true
    container_name: runtipi
    healthcheck:
      test: ['CMD', 'curl', '-f', 'http://localhost:5000/worker-api/healthcheck']
      interval: 5s
      timeout: 3s
      retries: 20
    restart: unless-stopped
    depends_on:
      runtipi-db:
        condition: service_healthy
      runtipi-redis:
        condition: service_healthy
    env_file:
      - .env
    volumes:
      # Data
      - ${RUNTIPI_MEDIA_PATH:-.}/media:/data/media
      - ${RUNTIPI_STATE_PATH:-.}/state:/data/state
      - ${RUNTIPI_REPOS_PATH:-.}/repos:/data/repos
      - ${RUNTIPI_APPS_PATH:-.}/apps:/data/apps
      - ${RUNTIPI_LOGS_PATH:-.}/logs:/data/logs
      - ${RUNTIPI_TRAEFIK_PATH:-.}/traefik:/data/traefik
      - ${RUNTIPI_USER_CONFIG_PATH:-.}/user-config:/data/user-config
      - ${RUNTIPI_APP_DATA_PATH:-.}/app-data:/app-data
      # Static
      - ./.env:/data/.env
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /proc:/host/proc
    environment:
      NODE_ENV: production
      TIPI_VERSION: development
      NEXT_PUBLIC_TIPI_VERSION: development
      LOCAL: true
    networks:
      - tipi_main_network
    ports:
      - 3000:3000
    labels:
      # ---- General ----- #
      traefik.enable: true
      traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: https

      # ---- Dashboard ----- #
      traefik.http.services.dashboard.loadbalancer.server.port: 3000
      # Local ip
      traefik.http.routers.dashboard.rule: PathPrefix("/")
      traefik.http.routers.dashboard.service: dashboard
      traefik.http.routers.dashboard.entrypoints: web
      # Websecure
      traefik.http.routers.dashboard-insecure.rule: Host(`${DOMAIN}`) && PathPrefix(`/`)
      traefik.http.routers.dashboard-insecure.service: dashboard
      traefik.http.routers.dashboard-insecure.entrypoints: web
      traefik.http.routers.dashboard-insecure.middlewares: redirect-to-https
      traefik.http.routers.dashboard-secure.rule: Host(`${DOMAIN}`) && PathPrefix(`/`)
      traefik.http.routers.dashboard-secure.service: dashboard
      traefik.http.routers.dashboard-secure.entrypoints: websecure
      traefik.http.routers.dashboard-secure.tls.certresolver: myresolver
      # Local domain
      traefik.http.routers.dashboard-local-insecure.rule: Host(`${LOCAL_DOMAIN}`)
      traefik.http.routers.dashboard-local-insecure.entrypoints: web
      traefik.http.routers.dashboard-local-insecure.service: dashboard
      traefik.http.routers.dashboard-local-insecure.middlewares: redirect-to-https
      # Secure
      traefik.http.routers.dashboard-local.rule: Host(`${LOCAL_DOMAIN}`)
      traefik.http.routers.dashboard-local.entrypoints: websecure
      traefik.http.routers.dashboard-local.tls: true
      traefik.http.routers.dashboard-local.service: dashboard

      # ---- Worker ----- #
      traefik.http.services.worker.loadbalancer.server.port: 5001
      traefik.http.services.worker-api.loadbalancer.server.port: 5000
      # Local ip
      traefik.http.routers.worker.rule: PathPrefix("/worker")
      traefik.http.routers.worker.service: worker
      traefik.http.routers.worker.entrypoints: web
      traefik.http.routers.worker-api.rule: PathPrefix("/worker-api")
      traefik.http.routers.worker-api.service: worker-api
      traefik.http.routers.worker-api.entrypoints: web
      # Websecure
      traefik.http.routers.worker-insecure.rule: Host(`${DOMAIN}`) && PathPrefix(`/worker`)
      traefik.http.routers.worker-insecure.service: worker
      traefik.http.routers.worker-insecure.entrypoints: web
      traefik.http.routers.worker-insecure.middlewares: redirect-to-https
      traefik.http.routers.worker-secure.rule: Host(`${DOMAIN}`) && PathPrefix(`/worker`)
      traefik.http.routers.worker-secure.service: worker
      traefik.http.routers.worker-secure.entrypoints: websecure
      traefik.http.routers.worker-secure.tls.certresolver: myresolver
      traefik.http.routers.worker-api-insecure.rule: Host(`${DOMAIN}`) && PathPrefix(`/worker-api`)
      traefik.http.routers.worker-api-insecure.service: worker-api
      traefik.http.routers.worker-api-insecure.entrypoints: web
      traefik.http.routers.worker-api-insecure.middlewares: redirect-to-https
      traefik.http.routers.worker-api-secure.rule: Host(`${DOMAIN}`) && PathPrefix(`/worker-api`)
      traefik.http.routers.worker-api-secure.service: worker-api
      traefik.http.routers.worker-api-secure.entrypoints: websecure
      traefik.http.routers.worker-api-secure.tls.certresolver: myresolver
      # Local domain
      traefik.http.routers.worker-local-insecure.rule: Host(`${LOCAL_DOMAIN}`) && PathPrefix("/worker")
      traefik.http.routers.worker-local-insecure.entrypoints: web
      traefik.http.routers.worker-local-insecure.service: worker
      traefik.http.routers.worker-local-insecure.middlewares: redirect-to-https
      traefik.http.routers.worker-api-local-insecure.rule: Host(`${LOCAL_DOMAIN}`) && PathPrefix("/worker-api")
      traefik.http.routers.worker-api-local-insecure.entrypoints: web
      traefik.http.routers.worker-api-local-insecure.service: worker-api
      traefik.http.routers.worker-api-local-insecure.middlewares: redirect-to-https
      # Secure
      traefik.http.routers.worker-local.rule: Host(`${LOCAL_DOMAIN}`) && PathPrefix("/worker")
      traefik.http.routers.worker-local.entrypoints: websecure
      traefik.http.routers.worker-local.tls: true
      traefik.http.routers.worker-local.service: worker
      traefik.http.routers.worker-api-local.rule: Host(`${LOCAL_DOMAIN}`) && PathPrefix("/worker-api")
      traefik.http.routers.worker-api-local.entrypoints: websecure
      traefik.http.routers.worker-api-local.tls: true
      traefik.http.routers.worker-api-local.service: worker-api

networks:
  tipi_main_network:
    driver: bridge
    name: runtipi_tipi_main_network

volumes:
  pgdata:
  redisdata: