services: facefusion: image: ${FACEFUSION_IMAGE:-facefusion/facefusion:3.5.0-cpu} container_name: ${FACEFUSION_COMPOSE_PROJECT_NAME}_app restart: unless-stopped environment: TZ: ${TIMEZONE:-Europe/Berlin} # Force CPU execution on VPS (no GPU available) FACEFUSION_EXECUTION_PROVIDERS: ${FACEFUSION_EXECUTION_PROVIDERS:-cpu} volumes: - facefusion_data:/workspace networks: - compose_network labels: - 'traefik.enable=${FACEFUSION_TRAEFIK_ENABLED}' # HTTP Basic Auth middleware - 'traefik.http.middlewares.${FACEFUSION_COMPOSE_PROJECT_NAME}-auth.basicauth.users=${AUTH_USERS}' # HTTP to HTTPS redirect - 'traefik.http.middlewares.${FACEFUSION_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https' - 'traefik.http.routers.${FACEFUSION_COMPOSE_PROJECT_NAME}-web.middlewares=${FACEFUSION_COMPOSE_PROJECT_NAME}-redirect-web-secure' - 'traefik.http.routers.${FACEFUSION_COMPOSE_PROJECT_NAME}-web.rule=Host(`${FACEFUSION_TRAEFIK_HOST}`)' - 'traefik.http.routers.${FACEFUSION_COMPOSE_PROJECT_NAME}-web.entrypoints=web' # HTTPS router with auth - 'traefik.http.routers.${FACEFUSION_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${FACEFUSION_TRAEFIK_HOST}`)' - 'traefik.http.routers.${FACEFUSION_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver' - 'traefik.http.routers.${FACEFUSION_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure' - 'traefik.http.middlewares.${FACEFUSION_COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true' - 'traefik.http.routers.${FACEFUSION_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${FACEFUSION_COMPOSE_PROJECT_NAME}-auth,${FACEFUSION_COMPOSE_PROJECT_NAME}-web-secure-compress,security-headers@file' # Service - 'traefik.http.services.${FACEFUSION_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=7860' - 'traefik.docker.network=${NETWORK_NAME}' # Watchtower - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}' volumes: facefusion_data: name: ${FACEFUSION_COMPOSE_PROJECT_NAME}_data