helen/docker-compose-production.yml at main · CodeMonkeyCybersecurity/helen · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
version: '3.8'

services:
  ghost:
    image: ghost:5-alpine
    restart: unless-stopped
    container_name: ghost-cms
    depends_on:
      - db
    environment:
      # Production configuration
      NODE_ENV: production

      # Database - PostgreSQL for production
      database__client: postgres
      database__connection__host: db
      database__connection__port: 5432
      database__connection__database: ${DB_NAME:-ghost}
      database__connection__user: ${DB_USER:-ghost}
      database__connection__password: ${DB_PASSWORD}

      # URLs
      url: ${GHOST_URL:-https://cybermonkey.net.au}
      admin__url: ${GHOST_ADMIN_URL:-https://cybermonkey.net.au/ghost}

      # Mail configuration
      mail__transport: SMTP
      mail__options__service: ${MAIL_SERVICE:-Mailgun}
      mail__options__host: ${MAIL_HOST}
      mail__options__port: ${MAIL_PORT:-587}
      mail__options__secure: ${MAIL_SECURE:-true}
      mail__options__auth__user: ${MAIL_USER}
      mail__options__auth__pass: ${MAIL_PASSWORD}
      mail__from: ${MAIL_FROM:-noreply@cybermonkey.net.au}

      # Logging
      logging__level: ${LOG_LEVEL:-info}
      logging__transports: '["stdout"]'

    volumes:
      - ghost-content:/var/lib/ghost/content
    networks:
      - ghost-network
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.ghost.rule=Host(`${GHOST_DOMAIN:-cybermonkey.net.au}`)"
      - "traefik.http.routers.ghost.tls=true"
      - "traefik.http.routers.ghost.tls.certresolver=letsencrypt"

  db:
    image: postgres:15-alpine
    restart: unless-stopped
    container_name: ghost-db
    environment:
      POSTGRES_DB: ${DB_NAME:-ghost}
      POSTGRES_USER: ${DB_USER:-ghost}
      POSTGRES_PASSWORD: ${DB_PASSWORD}
    volumes:
      - postgres-data:/var/lib/postgresql/data
    networks:
      - ghost-network
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${DB_USER:-ghost}"]
      interval: 30s
      timeout: 10s
      retries: 5

  nginx:
    image: nginx:alpine
    restart: unless-stopped
    container_name: nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
      - ./nginx/ssl:/etc/nginx/ssl:ro
      - hugo-public:/var/www/hugo:ro
      - ./nginx-routing.conf:/etc/nginx/conf.d/default.conf:ro
    depends_on:
      - ghost
    networks:
      - ghost-network
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nginx.rule=Host(`${DOMAIN:-cybermonkey.net.au}`)"
      - "traefik.http.routers.nginx.tls=true"
      - "traefik.http.routers.nginx.tls.certresolver=letsencrypt"

  # Optional: Traefik for automatic SSL
  traefik:
    image: traefik:v2.10
    container_name: traefik
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-data:/data
      - ./traefik.yml:/traefik.yml:ro
    networks:
      - ghost-network

volumes:
  ghost-content:
    driver: local
  postgres-data:
    driver: local
  hugo-public:
    driver: local
  traefik-data:
    driver: local

networks:
  ghost-network:
    driver: bridge