GoDoxy/compose.example.yml

---
services:
  socket-proxy:
    container_name: socket-proxy
    image: lscr.io/linuxserver/socket-proxy:latest
    environment:
      - ALLOW_START=1
      - ALLOW_STOP=1
      - ALLOW_RESTARTS=1
      - CONTAINERS=1
      - EVENTS=1
      - INFO=1
      - PING=1
      - POST=1
      - VERSION=1
    volumes:
      - ${DOCKER_SOCKET:-/var/run/docker.sock}:/var/run/docker.sock
    restart: unless-stopped
    tmpfs:
      - /run
    ports:
      - ${SOCKET_PROXY_LISTEN_ADDR:-127.0.0.1:2375}:2375
    labels:
      proxy.exclude: true
  frontend:
    image: ghcr.io/yusing/godoxy-frontend:${TAG:-latest}
    container_name: godoxy-frontend
    restart: unless-stopped
    network_mode: host # do not change this
    env_file: .env
    user: ${GODOXY_UID:-1000}:${GODOXY_GID:-1000}
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - all
    depends_on:
      - app
    environment:
      HOSTNAME: 127.0.0.1
      PORT: ${GODOXY_FRONTEND_PORT:-3000}
    labels:
      proxy.aliases: ${GODOXY_FRONTEND_ALIASES:-godoxy}
      proxy.godoxy.port: ${GODOXY_FRONTEND_PORT:-3000}
      # proxy.godoxy.middlewares.cidr_whitelist: |
      #   status: 403
      #   message: IP not allowed
      #   allow:
      #     - 127.0.0.1
      #     - 10.0.0.0/8
      #     - 192.168.0.0/16
      #     - 172.16.0.0/12
  app:
    image: ghcr.io/yusing/godoxy:${TAG:-latest}
    container_name: godoxy
    restart: always
    network_mode: host # do not change this
    env_file: .env
    user: ${GODOXY_UID:-1000}:${GODOXY_GID:-1000}
    depends_on:
      socket-proxy:
        condition: service_started
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - all
    cap_add:
      - NET_BIND_SERVICE
    environment:
      - DOCKER_HOST=tcp://${SOCKET_PROXY_LISTEN_ADDR:-127.0.0.1:2375}
    volumes:
      - ./config:/app/config
      - ./logs:/app/logs
      - ./error_pages:/app/error_pages:ro
      - ./data:/app/data

      # To use autocert, certs will be stored in "./certs".
      # You can also use a docker volume to store it
      - ./certs:/app/certs

      # remove "./certs:/app/certs" and uncomment below to use existing certificate
      # - /path/to/certs/cert.crt:/app/certs/cert.crt
      # - /path/to/certs/priv.key:/app/certs/priv.key