services: vert: image: ${KIT_VERT_IMAGE:-ghcr.io/vert-sh/vert:latest} container_name: ${KIT_COMPOSE_PROJECT_NAME}_vert restart: unless-stopped environment: PUB_HOSTNAME: ${KIT_TRAEFIK_HOST} PUB_ENV: production PUB_DISABLE_ALL_EXTERNAL_REQUESTS: true networks: - compose_network labels: - 'traefik.enable=${KIT_TRAEFIK_ENABLED}' # HTTP to HTTPS redirect for /vert path - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-vert-redirect-web-secure.redirectscheme.scheme=https' - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web.middlewares=${KIT_COMPOSE_PROJECT_NAME}-vert-redirect-web-secure' - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web.rule=Host(`${KIT_TRAEFIK_HOST}`) && PathPrefix(`/vert`)' - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web.entrypoints=web' # HTTPS router for /vert path with auth - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web-secure.rule=Host(`${KIT_TRAEFIK_HOST}`) && PathPrefix(`/vert`)' - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web-secure.tls.certresolver=resolver' - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web-secure.entrypoints=web-secure' # Strip /vert prefix before forwarding to container - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-vert-stripprefix.stripprefix.prefixes=/vert' - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-vert-auth.basicauth.users=${AUTH_USERS}' - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-vert-compress.compress=true' - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-vert-web-secure.middlewares=${KIT_COMPOSE_PROJECT_NAME}-vert-stripprefix,${KIT_COMPOSE_PROJECT_NAME}-vert-auth,${KIT_COMPOSE_PROJECT_NAME}-vert-compress,security-headers@file' # Service - 'traefik.http.services.${KIT_COMPOSE_PROJECT_NAME}-vert.loadbalancer.server.port=80' - 'traefik.docker.network=${NETWORK_NAME}' # Watchtower - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}' paint: build: context: . dockerfile: Dockerfile image: minipaint:latest container_name: ${KIT_COMPOSE_PROJECT_NAME}_paint restart: unless-stopped networks: - compose_network labels: - 'traefik.enable=${KIT_TRAEFIK_ENABLED}' # HTTP to HTTPS redirect for /paint path - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-paint-redirect-web-secure.redirectscheme.scheme=https' - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web.middlewares=${KIT_COMPOSE_PROJECT_NAME}-paint-redirect-web-secure' - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web.rule=Host(`${KIT_TRAEFIK_HOST}`) && PathPrefix(`/paint`)' - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web.entrypoints=web' # HTTPS router for /paint path with auth - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web-secure.rule=Host(`${KIT_TRAEFIK_HOST}`) && PathPrefix(`/paint`)' - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web-secure.tls.certresolver=resolver' - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web-secure.entrypoints=web-secure' # Strip /paint prefix before forwarding to container - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-paint-stripprefix.stripprefix.prefixes=/paint' - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-paint-auth.basicauth.users=${AUTH_USERS}' - 'traefik.http.middlewares.${KIT_COMPOSE_PROJECT_NAME}-paint-compress.compress=true' - 'traefik.http.routers.${KIT_COMPOSE_PROJECT_NAME}-paint-web-secure.middlewares=${KIT_COMPOSE_PROJECT_NAME}-paint-stripprefix,${KIT_COMPOSE_PROJECT_NAME}-paint-auth,${KIT_COMPOSE_PROJECT_NAME}-paint-compress,security-headers@file' # Service - 'traefik.http.services.${KIT_COMPOSE_PROJECT_NAME}-paint.loadbalancer.server.port=80' - 'traefik.docker.network=${NETWORK_NAME}' # Watchtower - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}' networks: compose_network: name: ${NETWORK_NAME} external: true