mirror/TimeTracker
1
0
Fork 0
mirror of https://github.com/DRYTRIX/TimeTracker.git synced 2026-05-17 18:38:46 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
f296ef054e9e9213122bca666aa18b4192455379
TimeTracker/docker/docker-compose.remote.yml
T
Dries Peeters 55ae923636 chore: move Docker config to docker/ 
- Move docker-compose.* (analytics, https, local-test, remote) to docker/
- Move logrotate.conf.example to docker/
2026-03-15 10:16:09 +01:00

102 lines
3.4 KiB
YAML
Raw Blame History

services:
# Certificate generator - runs once to create self-signed certs with SANs
certgen:
build:
context: .
dockerfile: docker/Dockerfile.certgen
container_name: timetracker-certgen-remote
volumes:
- ./nginx/ssl:/certs
environment:
- HOST_IP=${HOST_IP:-192.168.1.100}
command: /generate-certs.sh
restart: "no"
# HTTPS reverse proxy (TLS terminates here)
nginx:
image: nginx:alpine
container_name: timetracker-nginx-remote
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d:ro
- ./nginx/ssl:/etc/nginx/ssl:ro
depends_on:
certgen:
condition: service_completed_successfully
app:
condition: service_started
restart: unless-stopped
app:
image: ghcr.io/drytrix/timetracker:latest
container_name: timetracker-app-remote
environment:
- TZ=${TZ:-Europe/Brussels}
- CURRENCY=${CURRENCY:-EUR}
- ROUNDING_MINUTES=${ROUNDING_MINUTES:-1}
- SINGLE_ACTIVE_TIMER=${SINGLE_ACTIVE_TIMER:-true}
- ALLOW_SELF_REGISTER=${ALLOW_SELF_REGISTER:-true}
- IDLE_TIMEOUT_MINUTES=${IDLE_TIMEOUT_MINUTES:-30}
- ADMIN_USERNAMES=${ADMIN_USERNAMES:-admin}
# IMPORTANT: Change SECRET_KEY in production! Used for sessions and CSRF tokens.
# Generate a secure key: python -c "import secrets; print(secrets.token_hex(32))"
# The app will refuse to start with the default key in production mode.
- SECRET_KEY=${SECRET_KEY:-your-secret-key-change-this}
- DATABASE_URL=postgresql+psycopg2://timetracker:timetracker@db:5432/timetracker
- LOG_FILE=/app/logs/timetracker.log
# CSRF and cookies for HTTPS deployments
- WTF_CSRF_ENABLED=${WTF_CSRF_ENABLED:-true}
- WTF_CSRF_TIME_LIMIT=${WTF_CSRF_TIME_LIMIT:-3600}
- WTF_CSRF_SSL_STRICT=${WTF_CSRF_SSL_STRICT:-true}
- SESSION_COOKIE_SECURE=${SESSION_COOKIE_SECURE:-true}
- REMEMBER_COOKIE_SECURE=${REMEMBER_COOKIE_SECURE:-true}
- CSRF_COOKIE_SECURE=${CSRF_COOKIE_SECURE:-true}
- CSRF_COOKIE_HTTPONLY=${CSRF_COOKIE_HTTPONLY:-false}
- CSRF_COOKIE_SAMESITE=${CSRF_COOKIE_SAMESITE:-Lax}
- CSRF_COOKIE_NAME=${CSRF_COOKIE_NAME:-XSRF-TOKEN}
- PREFERRED_URL_SCHEME=${PREFERRED_URL_SCHEME:-https}
# Expose only internally; nginx publishes ports
ports: []
volumes:
- app_data_remote:/data
- app_uploads_remote:/app/app/static/uploads
- ./logs:/app/logs
depends_on:
db:
condition: service_healthy
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "-s", "-o", "/dev/null", "http://localhost:8080/_health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
db:
image: postgres:16-alpine
container_name: timetracker-db-remote
environment:
- POSTGRES_DB=${POSTGRES_DB:-timetracker}
- POSTGRES_USER=${POSTGRES_USER:-timetracker}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-timetracker}
- TZ=${TZ:-Europe/Brussels}
volumes:
- db_data_remote:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
restart: unless-stopped
volumes:
app_data_remote:
driver: local
app_uploads_remote:
driver: local
db_data_remote:
driver: local
Reference in New Issue View Git Blame Copy Permalink