@@ -4,6 +4,7 @@ node_modules/
 
 package-lock.json
 *.log
+*.tar
 
 # Ignore built public files
 public/.islands/

@@ -22,9 +23,11 @@ public/islands-runtime.js.map
 *.db
 *.sqlite
 
-# Folders made by docker-compose
+# docker-compose
+docker-compose.yml
+docker-compose*.yml
+
+# docker-compose artefacts
 data/gitfoss_repos/
 data/postgres_data/
 data/traefik/
-docker-compose.prod.yml
-gitfoss_web.tar

@@ -25,5 +25,4 @@ public/islands-runtime.js.map
 # Folders made by docker-compose
 data/gitfoss_repos/
 data/postgres_data/
-docker-compose.prod.yml
 gitfoss_web.tar

@@ -0,0 +1,68 @@
+version: "3.3"
+services:
+  traefik:
+    restart: always
+    image: "traefik:v2.8.5"
+    container_name: gitfoss_traefik
+    command:
+      - "--configFile=/var/lib/traefik/traefik.yml"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.api.rule=Host(`traefik.${DOMAIN:-gitfoss.io}`)"
+      - "traefik.http.routers.api.service=api@internal"
+      - "traefik.http.routers.api.middlewares=traefik_auth"
+    networks:
+      - reverse-proxy-public
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./data/traefik:/var/lib/traefik
+      - ./data/traefik/acme:/var/lib/traefik/acme
+  db:
+    restart: always
+    container_name: gitfoss_db
+    image: "postgres:14"
+    environment:
+      - POSTGRES_PASSWORD=change_me_password
+      - POSTGRES_DB=gitfoss
+    networks:
+      - internal
+    volumes:
+      - ./data/postgres_data:/var/lib/postgresql/data
+  web:
+    restart: always
+    image: "gitfoss_web:latest"
+    container_name: gitfoss_web
+    depends_on:
+      - db
+    environment:
+      - COOKIE_NAME=gitfoss_ssid
+      - COOKIE_SECRET=change_me_cookie_secret
+      - DATABASE_URL=postgresql://postgres:change_me_password@gitfoss_db/gitfoss?sslmode=disable&connection_limit=3
+      - DEPLOYMENT_DOMAIN=${DOMAIN:-gitfoss.io}
+      - DEPLOYMENT_SCHEME=https
+      - GIT_REPOSITORIES_ROOT=/var/lib/gitfoss/repos
+      - PORT=1337
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.middlewares.gitfoss_https.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.gitfoss_redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.gitfoss_web.entrypoints=web"
+      - "traefik.http.routers.gitfoss_web.rule=Host(`${DOMAIN:-gitfoss.io}`)"
+      - "traefik.http.routers.gitfoss_web.middlewares=gitfoss_redirect@docker"
+      - "traefik.http.routers.gitfoss_secure.entrypoints=websecure"
+      - "traefik.http.routers.gitfoss_secure.rule=Host(`${DOMAIN:-gitfoss.io}`)"
+      - "traefik.http.routers.gitfoss_secure.middlewares=gitfoss_https@docker"
+      - "traefik.http.routers.gitfoss_secure.tls=true"
+      - "traefik.http.routers.gitfoss_secure.tls.certresolver=letsencrypt"
+    networks:
+      - internal
+      - reverse-proxy-public
+    volumes:
+      - ./data/gitfoss_repos:/var/lib/gitfoss/repos
+
+networks:
+  internal:
+  reverse-proxy-public: