🎉 Add new version of docker-compose.yaml

That not depends on config.env file and has better examples
2025-01-06 14:50:20 -05:00 · 2022-12-22 16:28:43 +01:00 · 2022-12-22 16:28:43 +01:00 · 201e6b06b2
commit 201e6b06b2
parent 144336598d
2 changed files with 243 additions and 117 deletions
--- a/docker/images/config.env
+++ b/docker/images/config.env
@ -1,96 +0,0 @@
-## Should be set to the public domain where penpot is going to be served.
-##
-## NOTE: If you are going to serve it under different domain than
-## 'localhost' without HTTPS, consider setting the
-## `disable-secure-session-cookies' flag on the 'PENPOT_FLAGS'
-## setting.
-
-PENPOT_PUBLIC_URI=http://localhost:9001
-
-## Feature flags.
-PENPOT_FLAGS=enable-registration enable-login disable-email-verification
-
-## Temporal workaround because of bad builtin default
-
-PENPOT_HTTP_SERVER_HOST=0.0.0.0
-
-## Standard database connection parameters (only postgresql is supported):
-
-PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
-PENPOT_DATABASE_USERNAME=penpot
-PENPOT_DATABASE_PASSWORD=penpot
-
-## Redis is used for the websockets notifications.
-
-PENPOT_REDIS_URI=redis://penpot-redis/0
-
-## By default, files uploaded by users are stored in local
-## filesystem. But it can be configured to store in AWS S3.
-
-PENPOT_ASSETS_STORAGE_BACKEND=assets-fs
-PENPOT_STORAGE_ASSETS_FS_DIRECTORY=/opt/data/assets
-
-## Telemetry. When enabled, a periodical process will send anonymous
-## data about this instance. Telemetry data will enable us to learn on
-## how the application is used, based on real scenarios. If you want
-## to help us, please leave it enabled.
-
-PENPOT_TELEMETRY_ENABLED=true
-
-## Email sending configuration. By default, emails are printed in the
-## console, but for production usage is recommended to setup a real
-## SMTP provider. Emails are used to confirm user registrations.
-
-PENPOT_SMTP_DEFAULT_FROM=no-reply@example.com
-PENPOT_SMTP_DEFAULT_REPLY_TO=no-reply@example.com
-# PENPOT_SMTP_HOST=
-# PENPOT_SMTP_PORT=
-# PENPOT_SMTP_USERNAME=
-# PENPOT_SMTP_PASSWORD=
-# PENPOT_SMTP_TLS=true
-# PENPOT_SMTP_SSL=false
-
-## Comma separated list of allowed domains to register. Empty to allow
-## all.
-
-# PENPOT_REGISTRATION_DOMAIN_WHITELIST=""
-
-## Authentication providers
-
-## Google
-
-# PENPOT_GOOGLE_CLIENT_ID=
-# PENPOT_GOOGLE_CLIENT_SECRET=
-
-## GitHub
-
-# PENPOT_GITHUB_CLIENT_ID=
-# PENPOT_GITHUB_CLIENT_SECRET=
-
-## GitLab
-
-# PENPOT_GITLAB_BASE_URI=https://gitlab.com
-# PENPOT_GITLAB_CLIENT_ID=
-# PENPOT_GITLAB_CLIENT_SECRET=
-
-## OpenID Connect (since 1.5.0)
-
-# PENPOT_OIDC_BASE_URI=
-# PENPOT_OIDC_CLIENT_ID=
-# PENPOT_OIDC_CLIENT_SECRET=
-
-## LDAP
-##
-## NOTE: to enable ldap, you will need to put 'enable-login-with-ldap'
-## on the 'PENPOT_FLAGS' environment variable.
-
-# PENPOT_LDAP_HOST=ldap
-# PENPOT_LDAP_PORT=10389
-# PENPOT_LDAP_SSL=false
-# PENPOT_LDAP_STARTTLS=false
-# PENPOT_LDAP_BASE_DN=ou=people,dc=planetexpress,dc=com
-# PENPOT_LDAP_BIND_DN=cn=admin,dc=planetexpress,dc=com
-# PENPOT_LDAP_BIND_PASSWORD=GoodNewsEveryone
-# PENPOT_LDAP_ATTRS_USERNAME=uid
-# PENPOT_LDAP_ATTRS_EMAIL=mail
-# PENPOT_LDAP_ATTRS_FULLNAME=cn
--- a/docker/images/docker-compose.yaml
+++ b/docker/images/docker-compose.yaml
@ -5,20 +5,43 @@ networks:
  penpot:

 volumes:
-  penpot_postgres_data:
-  penpot_assets_data:
+  penpot_postgres_v15:
+  penpot_assets:
+  # penpot_traefik:
+  # penpot_minio:

 services:
+  ## Traefik service declaration example. Consider using it if you are
+  ## going to expose penpot to the internet or different host than
+  ## `localhost`.
+
+  # traefik:
+  #   image: traefik:v2.9
+  #   networks:
+  #     - penpot
+  #   command:
+  #     - "--api.insecure=true"
+  #     - "--entryPoints.web.address=:80"
+  #     - "--providers.docker=true"
+  #     - "--providers.docker.exposedbydefault=false"
+  #     - "--entryPoints.websecure.address=:443"
+  #     - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
+  #     - "--certificatesresolvers.letsencrypt.acme.email=<EMAIL_ADDRESS>"
+  #     - "--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json"
+  #   volumes:
+  #     - "penpot_traefik:/traefik"
+  #     - "/var/run/docker.sock:/var/run/docker.sock"
+  #   ports:
+  #     - "80:80"
+  #     - "443:443"
+
  penpot-frontend:
    image: "penpotapp/frontend:latest"
    ports:
      - 9001:80

    volumes:
-      - penpot_assets_data:/opt/data
-
-    env_file:
-      - config.env
+      - penpot_assets:/opt/data

    depends_on:
      - penpot-backend
@ -27,51 +50,250 @@ services:
    networks:
      - penpot

+    labels:
+      - "traefik.enable=true"
+
+      ## HTTP: example of labels for the case if you are going to
+      ## expose penpot to the internet using only HTTP (without HTTPS)
+      ## with traefik
+
+      # - "traefik.http.routers.penpot-http.entrypoints=web"
+      # - "traefik.http.routers.penpot-http.rule=Host(`<DOMAIN_NAME>`)"
+      # - "traefik.http.services.penpot-http.loadbalancer.server.port=80"
+
+      ## HTTPS: example of labels for the case if you are going to
+      ## expose penpot to the internet using with HTTPS using traefik
+
+      # - "traefik.http.middlewares.http-redirect.redirectscheme.scheme=https"
+      # - "traefik.http.middlewares.http-redirect.redirectscheme.permanent=true"
+      # - "traefik.http.routers.penpot-http.entrypoints=web"
+      # - "traefik.http.routers.penpot-http.rule=Host(`<DOMAIN_NAME>`)"
+      # - "traefik.http.routers.penpot-http.middlewares=http-redirect"
+      # - "traefik.http.routers.penpot-https.entrypoints=websecure"
+      # - "traefik.http.routers.penpot-https.rule=Host(`<DOMAIN_NAME>`)"
+      # - "traefik.http.services.penpot-https.loadbalancer.server.port=80"
+      # - "traefik.http.routers.penpot-https.tls=true"
+      # - "traefik.http.routers.penpot-https.tls.certresolver=letsencrypt"
+
+    ## Configuration envronment variables for frontend the
+    ## container. In this case this container only needs the
+    ## `PENPOT_FLAGS`. This environment variable is shared with other
+    ## services but not all flags are relevant to all services.
+    ##
+    ## Relevant flags for frontend:
+    ## - demo-users
+    ## - login-with-github
+    ## - login-with-gitlab
+    ## - login-with-google
+    ## - login-with-ldap
+    ## - login-with-oidc
+    ## - login-with-password
+    ## - registration
+    ## - webhooks
+    ##
+    ## You can read more about all available flags on:
+    ## https://help.penpot.app/technical-guide/configuration/#advanced-configuration
+
+    environment:
+      - PENPOT_FLAGS=enable-registration enable-login-with-password
+
  penpot-backend:
    image: "penpotapp/backend:latest"
    volumes:
-      - penpot_assets_data:/opt/data
+      - penpot_assets:/opt/data

    depends_on:
      - penpot-postgres
      - penpot-redis

-    env_file:
-      - config.env
-
    networks:
      - penpot

+    ## Configuration envronment variables for backend the
+    ## container.
+    ##
+    ## Relevant flags for backend:
+    ## - demo-users
+    ## - email-verification
+    ## - log-emails
+    ## - log-invitation-tokens
+    ## - login-with-github
+    ## - login-with-gitlab
+    ## - login-with-google
+    ## - login-with-ldap
+    ## - login-with-oidc
+    ## - login-with-password
+    ## - registration
+    ## - secure-session-cookies
+    ## - smtp
+    ## - smtp-debug
+    ## - telemetry
+    ## - webhooks
+    ##
+    ## You can read more about all available flags and other
+    ## environment variables for the backend here:
+    ## https://help.penpot.app/technical-guide/configuration/#advanced-configuration
+
+    environment:
+      - PENPOT_FLAGS=enable-registration enable-login disable-email-verification enable-smtp
+
+      ## Setup initial administration user, uncommit only if you are
+      ## going to use the penpot-admin; Once uncommented, the special
+      ## user will be created on application start. This user can only
+      ## be used for access admin, you will not be able to login with
+      ## it on penpot application.
+
+      # - PENPOT_SETUP_ADMIN_EMAIL=admin@example.com
+      # - PENPOT_SETUP_ADMIN_PASSWORD=password
+
+      ## Public URI. If you are going to expose this instance to the
+      ## internet, or use it under different domain than 'localhost'
+      ## consider using traefik and set the
+      ## `disable-secure-session-cookies` if you are not going to
+      ## serve penpot under HTTPS.
+
+      - PENPOT_PUBLIC_URI=http://localhost:9001
+
+      ## Database connection parameters. Don't touch them unless you
+      ## are using custom postgresql connection parameters
+
+      - PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
+      - PENPOT_DATABASE_USERNAME=penpot
+      - PENPOT_DATABASE_PASSWORD=penpot
+
+      ## Redis is used for the websockets notifications. Don't touch
+      ## unless the redis container has different parameters or
+      ## different name.
+
+      - PENPOT_REDIS_URI=redis://penpot-redis/0
+
+      ## Default configuration for assets storage: using filesystem
+      ## based with all files stored in a docker volume.
+
+      - PENPOT_ASSETS_STORAGE_BACKEND=assets-fs
+      - PENPOT_STORAGE_ASSETS_FS_DIRECTORY=/opt/data/assets
+
+      ## Also can be configured to to use a S3 compatible storage
+      ## service like MiniIO. Look below for minio service setup.
+
+      # - AWS_ACCESS_KEY_ID=<KEY_ID>
+      # - AWS_SECRET_ACCESS_KEY=<ACCESS_KEY>
+      # - PENPOT_ASSETS_STORAGE_BACKEND=assets-s3
+      # - PENPOT_STORAGE_ASSETS_S3_ENDPOINT=http://penpot-minio:9000
+      # - PENPOT_STORAGE_ASSETS_S3_BUCKET=<BUKET_NAME>
+
+      ## Telemetry. When enabled, a periodical process will send
+      ## anonymous data about this instance. Telemetry data will
+      ## enable us to learn on how the application is used, based on
+      ## real scenarios. If you want to help us, please leave it
+      ## enabled. You can audit what data we send with the code
+      ## available on github
+      - PENPOT_TELEMETRY_ENABLED=true
+
+      ## Example SMTP/Email configuration. By default, emails are sent
+      ## to the mailcatch service, but for production usage is
+      ## recommended to setup a real SMTP provider. Emails are used to
+      ## confirm user registrations & invitations. Look below how
+      ## mailcatch service is configured.
+      - PENPOT_SMTP_DEFAULT_FROM=no-reply@example.com
+      - PENPOT_SMTP_DEFAULT_REPLY_TO=no-reply@example.com
+      - PENPOT_SMTP_HOST=penpot-mailcatch
+      - PENPOT_SMTP_PORT=1025
+      - PENPOT_SMTP_USERNAME=
+      - PENPOT_SMTP_PASSWORD=
+      - PENPOT_SMTP_TLS=false
+      - PENPOT_SMTP_SSL=false
+
  penpot-exporter:
    image: "penpotapp/exporter:latest"
-    env_file:
-      - config.env
+    networks:
+      - penpot
+
    environment:
      # Don't touch it; this uses internal docker network to
      # communicate with the frontend.
      - PENPOT_PUBLIC_URI=http://penpot-frontend
-    networks:
-      - penpot
+
+      ## Redis is used for the websockets notifications.
+      - PENPOT_REDIS_URI=redis://penpot-redis/0

  penpot-postgres:
-    image: "postgres:14"
+    image: "postgres:15"
    restart: always
    stop_signal: SIGINT

+    volumes:
+      - penpot_postgres_v15:/var/lib/postgresql/data
+
+    networks:
+      - penpot
+
    environment:
      - POSTGRES_INITDB_ARGS=--data-checksums
      - POSTGRES_DB=penpot
      - POSTGRES_USER=penpot
      - POSTGRES_PASSWORD=penpot

-    volumes:
-      - penpot_postgres_data:/var/lib/postgresql/data
-
-    networks:
-      - penpot
-
  penpot-redis:
    image: redis:7
    restart: always
    networks:
      - penpot
+
+  ## An optional admin application for pentpot. It allows manage
+  ## users, teams and inspect some parts of the database. You can read
+  ## more about it on: https://github.com/penpot/penpot-admin
+
+  # penpot-admin:
+  #   image: "penpotapp/admin:alpha"
+  #   networks:
+  #     - penpot
+
+  #   depends_on:
+  #     - penpot-postgres
+  #     - penpot-backend
+
+  #   environment:
+  #     - PENPOT_PUBLIC_URI=http://localhost:9001
+  #     - PENPOT_API_URI=http://penpot-frontend/
+
+  #     - PENPOT_DATABASE_HOST=penpot-postgres
+  #     - PENPOT_DATABASE_NAME=penpot
+  #     - PENPOT_DATABASE_USERNAME=penpot
+  #     - PENPOT_DATABASE_PASSWORD=penpot
+  #     - PENPOT_REDIS_URI=redis://penpot-redis/0
+  #     - PENPOT_DEBUG="false"
+
+  ## A mailcatch service, used as temporal SMTP server. You can access
+  ## via HTTP to the port 1080 for read all emails the penpot platform
+  ## has sent. Should be only used as a temporal solution meanwhile
+  ## you don't have a real SMTP provider configured.
+
+  penpot-mailcatch:
+    image: sj26/mailcatcher:latest
+    restart: always
+    expose:
+      - '1025'
+    ports:
+      - "1080:1080"
+
+  ## Example configuration of MiniIO (S3 compatible object storage
+  ## service); If you don't have preference, then just use filesystem,
+  ## this is here just for the completeness.
+
+  # minio:
+  #   image: "minio/minio:latest"
+  #   command: minio server /mnt/data --console-address ":9001"
+  #
+  #   volumes:
+  #     - "penpot_minio:/mnt/data"
+  #
+  #   environment:
+  #     - MINIO_ROOT_USER=minioadmin
+  #     - MINIO_ROOT_PASSWORD=minioadmin
+  #
+  #   ports:
+  #     - 9000:9000
+  #     - 9001:9001
+
+