passbolt/compose.yml

services:
  passbolt:
    image: passbolt/passbolt:latest-ce
    container_name: passbolt
    environment:
      APP_FULL_BASE_URL: https://${TRAEFIK_HOST}
      PASSBOLT_SSL_FORCE: "false"
      PASSBOLT_REGISTRATION_PUBLIC: "false"
      PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: FB7EEFB9D6024E95E0F19A1768410AE75DD9F9B9
      DATASOURCES_DEFAULT_HOST: passbolt_db
      DATASOURCES_DEFAULT_PORT: "5432"
      DATASOURCES_DEFAULT_DATABASE: passbolt
      DATASOURCES_DEFAULT_USERNAME: passbolt
      DATASOURCES_DEFAULT_PASSWORD: ${DB_PASSWORD}
      DATASOURCES_DEFAULT_DRIVER: Cake\Database\Driver\Postgres
      DATASOURCES_DEFAULT_ENCODING: utf8
      DATASOURCES_QUOTE_IDENTIFIER: "true"
      EMAIL_TRANSPORT_DEFAULT_HOST: mailpit
      EMAIL_TRANSPORT_DEFAULT_PORT: "1025"
      EMAIL_TRANSPORT_DEFAULT_TLS: "false"
      EMAIL_DEFAULT_FROM: passbolt@pivoine.art
      EMAIL_DEFAULT_FROM_NAME: Passbolt
    volumes:
      - ../.data/passbolt/gpg:/etc/passbolt/gpg
      - ../.data/passbolt/jwt:/etc/passbolt/jwt
    depends_on:
      db:
        condition: service_healthy
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.passbolt-redirect-web-secure.redirectscheme.scheme=https"
      - "traefik.http.routers.passbolt-web.middlewares=passbolt-redirect-web-secure"
      - "traefik.http.routers.passbolt-web.rule=Host(`${TRAEFIK_HOST}`)"
      - "traefik.http.routers.passbolt-web.entrypoints=web"
      - "traefik.http.routers.passbolt-web-secure.rule=Host(`${TRAEFIK_HOST}`)"
      - "traefik.http.routers.passbolt-web-secure.tls.certresolver=resolver"
      - "traefik.http.routers.passbolt-web-secure.entrypoints=web-secure"
      - "traefik.http.routers.passbolt-web-secure.middlewares=security-headers@file,no-index@file"
      - "traefik.http.services.passbolt-web-secure.loadbalancer.server.port=80"
      - "traefik.docker.network=${NETWORK_NAME}"
    networks:
      - compose_network
  db:
    image: postgres:16-alpine
    container_name: passbolt_db
    environment:
      POSTGRES_DB: passbolt
      POSTGRES_USER: passbolt
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_INITDB_ARGS: --data-checksums
    volumes:
      - ../.data/passbolt/db:/var/lib/postgresql/data
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
      interval: 5s
      timeout: 5s
      retries: 5
    networks:
      - compose_network
networks:
  compose_network:
    name: ${NETWORK_NAME}
    external: true
feat(passbolt): add Passbolt CE stack 2026-06-09 20:00:05 +02:00			`services:`
			`passbolt:`
			`image: passbolt/passbolt:latest-ce`
			`container_name: passbolt`
			`environment:`
			`APP_FULL_BASE_URL: https://${TRAEFIK_HOST}`
			`PASSBOLT_SSL_FORCE: "false"`
			`PASSBOLT_REGISTRATION_PUBLIC: "false"`
fix(passbolt): clean setup with correct GPG fingerprint 2026-06-09 20:39:55 +02:00			`PASSBOLT_GPG_SERVER_KEY_FINGERPRINT: FB7EEFB9D6024E95E0F19A1768410AE75DD9F9B9`
fix(passbolt): fix DB hostname, encoding, and GPG fingerprint 2026-06-09 20:14:57 +02:00			`DATASOURCES_DEFAULT_HOST: passbolt_db`
feat(passbolt): add Passbolt CE stack 2026-06-09 20:00:05 +02:00			`DATASOURCES_DEFAULT_PORT: "5432"`
			`DATASOURCES_DEFAULT_DATABASE: passbolt`
			`DATASOURCES_DEFAULT_USERNAME: passbolt`
			`DATASOURCES_DEFAULT_PASSWORD: ${DB_PASSWORD}`
			`DATASOURCES_DEFAULT_DRIVER: Cake\Database\Driver\Postgres`
fix(passbolt): fix DB hostname, encoding, and GPG fingerprint 2026-06-09 20:14:57 +02:00			`DATASOURCES_DEFAULT_ENCODING: utf8`
			`DATASOURCES_QUOTE_IDENTIFIER: "true"`
feat(passbolt): add Passbolt CE stack 2026-06-09 20:00:05 +02:00			`EMAIL_TRANSPORT_DEFAULT_HOST: mailpit`
			`EMAIL_TRANSPORT_DEFAULT_PORT: "1025"`
			`EMAIL_TRANSPORT_DEFAULT_TLS: "false"`
			`EMAIL_DEFAULT_FROM: passbolt@pivoine.art`
			`EMAIL_DEFAULT_FROM_NAME: Passbolt`
			`volumes:`
			`- ../.data/passbolt/gpg:/etc/passbolt/gpg`
			`- ../.data/passbolt/jwt:/etc/passbolt/jwt`
			`depends_on:`
			`db:`
			`condition: service_healthy`
			`restart: unless-stopped`
			`labels:`
			`- "traefik.enable=true"`
			`- "traefik.http.middlewares.passbolt-redirect-web-secure.redirectscheme.scheme=https"`
			`- "traefik.http.routers.passbolt-web.middlewares=passbolt-redirect-web-secure"`
			- "traefik.http.routers.passbolt-web.rule=Host(`${TRAEFIK_HOST}`)"
			`- "traefik.http.routers.passbolt-web.entrypoints=web"`
			- "traefik.http.routers.passbolt-web-secure.rule=Host(`${TRAEFIK_HOST}`)"
			`- "traefik.http.routers.passbolt-web-secure.tls.certresolver=resolver"`
			`- "traefik.http.routers.passbolt-web-secure.entrypoints=web-secure"`
			`- "traefik.http.routers.passbolt-web-secure.middlewares=security-headers@file,no-index@file"`
			`- "traefik.http.services.passbolt-web-secure.loadbalancer.server.port=80"`
			`- "traefik.docker.network=${NETWORK_NAME}"`
			`networks:`
			`- compose_network`
			`db:`
			`image: postgres:16-alpine`
			`container_name: passbolt_db`
			`environment:`
			`POSTGRES_DB: passbolt`
			`POSTGRES_USER: passbolt`
			`POSTGRES_PASSWORD: ${DB_PASSWORD}`
			`POSTGRES_INITDB_ARGS: --data-checksums`
			`volumes:`
			`- ../.data/passbolt/db:/var/lib/postgresql/data`
			`restart: unless-stopped`
			`healthcheck:`
			`test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]`
			`interval: 5s`
			`timeout: 5s`
			`retries: 5`
			`networks:`
			`- compose_network`
			`networks:`
			`compose_network:`
			`name: ${NETWORK_NAME}`
			`external: true`