mirror of
https://github.com/d0zingcat/ghost-docker.git
synced 2026-05-13 15:09:34 +00:00
260 lines
9.6 KiB
YAML
260 lines
9.6 KiB
YAML
---
|
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/compose-spec/compose-spec/main/schema/compose-spec.json
|
|
# Docker Compose file for Dokploy deployments using Traefik
|
|
# This file removes Caddy and uses Traefik labels for reverse proxy configuration
|
|
services:
|
|
ghost:
|
|
# Do not alter this without updating the Tinybird Sync container as well
|
|
image: ghost:${GHOST_VERSION:-6-alpine}
|
|
restart: always
|
|
# Optional: Import config from .env file if it exists (for local development or migration)
|
|
env_file:
|
|
- path: .env
|
|
required: false
|
|
environment:
|
|
NODE_ENV: production
|
|
url: https://${DOMAIN:?DOMAIN environment variable is required}
|
|
admin__url: ${ADMIN_DOMAIN:+https://${ADMIN_DOMAIN}}
|
|
database__client: mysql
|
|
database__connection__host: ${DATABASE_HOST:-db}
|
|
database__connection__user: ${DATABASE_USER:-ghost}
|
|
database__connection__password: ${DATABASE_PASSWORD:?DATABASE_PASSWORD environment variable is required}
|
|
database__connection__database: ghost
|
|
tinybird__tracker__endpoint: https://${DOMAIN:?DOMAIN environment variable is required}/.ghost/analytics/api/v1/page_hit
|
|
tinybird__adminToken: ${TINYBIRD_ADMIN_TOKEN:-}
|
|
tinybird__workspaceId: ${TINYBIRD_WORKSPACE_ID:-}
|
|
tinybird__tracker__datasource: analytics_events
|
|
tinybird__stats__endpoint: ${TINYBIRD_API_URL:-https://api.tinybird.co}
|
|
mail__transport: ${MAIL_TRANSPORT}
|
|
mail__options__service: ${MAIL_SERVICE}
|
|
mail__options__host: ${MAIL_HOST}
|
|
mail__options__port: ${MAIL_PORT}
|
|
mail__options__secure: ${MAIL_SECURE}
|
|
mail__options__auth__user: ${MAIL_USER}
|
|
mail__options__auth__pass: ${MAIL_PASSWORD}
|
|
mail__from: ${MAIL_FROM}
|
|
ACTIVITYPUB_TARGET: ${ACTIVITYPUB_TARGET}
|
|
COMPOSE_PROFILES: ${COMPOSE_PROFILES}
|
|
volumes:
|
|
- ${UPLOAD_LOCATION:-./data/ghost}:/var/lib/ghost/content
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
required: false
|
|
tinybird-sync:
|
|
condition: service_completed_successfully
|
|
required: false
|
|
tinybird-deploy:
|
|
condition: service_completed_successfully
|
|
required: false
|
|
activitypub:
|
|
condition: service_started
|
|
required: false
|
|
networks:
|
|
- dokploy-network
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.ghost.rule=Host(`${DOMAIN}`)"
|
|
- "traefik.http.routers.ghost.entrypoints=websecure"
|
|
- "traefik.http.routers.ghost.tls.certresolver=letsencrypt"
|
|
- "traefik.http.services.ghost.loadbalancer.server.port=2368"
|
|
|
|
# Security Headers
|
|
- "traefik.http.middlewares.security-headers.headers.customresponseheaders.Strict-Transport-Security=max-age=31536000"
|
|
- "traefik.http.middlewares.security-headers.headers.customresponseheaders.X-XSS-Protection=1; mode=block"
|
|
- "traefik.http.middlewares.security-headers.headers.customresponseheaders.X-Content-Type-Options=nosniff"
|
|
- "traefik.http.middlewares.security-headers.headers.customresponseheaders.Referrer-Policy=strict-origin-when-cross-origin"
|
|
|
|
# Compression
|
|
- "traefik.http.middlewares.gzip.compress=true"
|
|
|
|
# Apply middlewares
|
|
- "traefik.http.routers.ghost.middlewares=security-headers,gzip"
|
|
|
|
db:
|
|
image: mysql:8.0.44@sha256:f37951fc3753a6a22d6c7bf6978c5e5fefcf6f31814d98c582524f98eae52b21
|
|
restart: always
|
|
expose:
|
|
- "3306"
|
|
environment:
|
|
MYSQL_ROOT_PASSWORD: ${DATABASE_ROOT_PASSWORD}
|
|
MYSQL_USER: ${DATABASE_USER:-ghost}
|
|
MYSQL_PASSWORD: ${DATABASE_PASSWORD}
|
|
MYSQL_DATABASE: ghost
|
|
MYSQL_MULTIPLE_DATABASES: activitypub
|
|
volumes:
|
|
- ${MYSQL_DATA_LOCATION:-./data/mysql}:/var/lib/mysql
|
|
- ./mysql-init:/docker-entrypoint-initdb.d
|
|
healthcheck:
|
|
test: mysqladmin ping -p$$MYSQL_ROOT_PASSWORD -h 127.0.0.1
|
|
interval: 1s
|
|
start_period: 30s
|
|
start_interval: 10s
|
|
retries: 120
|
|
profiles: [mysql]
|
|
networks:
|
|
- dokploy-network
|
|
|
|
traffic-analytics:
|
|
image: ghost/traffic-analytics:1.0.20@sha256:a72573d89457e778b00e9061422516d2d266d79a72a0fc02005ba6466e391859
|
|
restart: always
|
|
expose:
|
|
- "3000"
|
|
volumes:
|
|
- traffic_analytics_data:/data
|
|
environment:
|
|
NODE_ENV: production
|
|
PROXY_TARGET: ${TINYBIRD_API_URL:-https://api.tinybird.co}/v0/events
|
|
SALT_STORE_TYPE: ${SALT_STORE_TYPE:-file}
|
|
SALT_STORE_FILE_PATH: /data/salts.json
|
|
TINYBIRD_TRACKER_TOKEN: ${TINYBIRD_TRACKER_TOKEN:-}
|
|
LOG_LEVEL: debug
|
|
profiles: [analytics]
|
|
networks:
|
|
- dokploy-network
|
|
labels:
|
|
- "traefik.enable=true"
|
|
# Analytics endpoint - route /.ghost/analytics/* to traffic-analytics service
|
|
- "traefik.http.routers.traffic-analytics.rule=Host(`${DOMAIN}`) && PathPrefix(`/.ghost/analytics`)"
|
|
- "traefik.http.routers.traffic-analytics.entrypoints=websecure"
|
|
- "traefik.http.routers.traffic-analytics.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.traffic-analytics.priority=100"
|
|
- "traefik.http.services.traffic-analytics.loadbalancer.server.port=3000"
|
|
# Strip the /.ghost/analytics prefix before forwarding
|
|
- "traefik.http.middlewares.strip-analytics.stripprefix.prefixes=/.ghost/analytics"
|
|
- "traefik.http.routers.traffic-analytics.middlewares=strip-analytics,security-headers"
|
|
|
|
activitypub:
|
|
image: ghcr.io/tryghost/activitypub:1.1.0@sha256:39c212fe23603b182d68e67d555c6b9b04b1e57459dfc0bef26d6e4980eb04d1
|
|
restart: always
|
|
expose:
|
|
- "8080"
|
|
volumes:
|
|
- ${UPLOAD_LOCATION:-./data/ghost}:/opt/activitypub/content
|
|
environment:
|
|
# See https://github.com/TryGhost/ActivityPub/blob/main/docs/env-vars.md
|
|
NODE_ENV: production
|
|
MYSQL_HOST: ${DATABASE_HOST:-db}
|
|
MYSQL_USER: ${DATABASE_USER:-ghost}
|
|
MYSQL_PASSWORD: ${DATABASE_PASSWORD:?DATABASE_PASSWORD environment variable is required}
|
|
MYSQL_DATABASE: activitypub
|
|
LOCAL_STORAGE_PATH: /opt/activitypub/content/images/activitypub
|
|
LOCAL_STORAGE_HOSTING_URL: https://${DOMAIN}/content/images/activitypub
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
required: false
|
|
activitypub-migrate:
|
|
condition: service_completed_successfully
|
|
profiles: [activitypub]
|
|
networks:
|
|
- dokploy-network
|
|
labels:
|
|
- "traefik.enable=true"
|
|
|
|
# ActivityPub endpoints
|
|
- "traefik.http.routers.activitypub.rule=Host(`${DOMAIN}`) && PathPrefix(`/.ghost/activitypub`)"
|
|
- "traefik.http.routers.activitypub.entrypoints=websecure"
|
|
- "traefik.http.routers.activitypub.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.activitypub.priority=100"
|
|
|
|
# WebFinger endpoint
|
|
- "traefik.http.routers.webfinger.rule=Host(`${DOMAIN}`) && Path(`/.well-known/webfinger`)"
|
|
- "traefik.http.routers.webfinger.entrypoints=websecure"
|
|
- "traefik.http.routers.webfinger.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.webfinger.priority=100"
|
|
|
|
# NodeInfo endpoint
|
|
- "traefik.http.routers.nodeinfo.rule=Host(`${DOMAIN}`) && Path(`/.well-known/nodeinfo`)"
|
|
- "traefik.http.routers.nodeinfo.entrypoints=websecure"
|
|
- "traefik.http.routers.nodeinfo.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.nodeinfo.priority=100"
|
|
|
|
- "traefik.http.services.activitypub.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.activitypub.middlewares=security-headers"
|
|
- "traefik.http.routers.webfinger.middlewares=security-headers"
|
|
- "traefik.http.routers.nodeinfo.middlewares=security-headers"
|
|
|
|
# Supporting Services
|
|
|
|
tinybird-login:
|
|
build:
|
|
context: ./tinybird
|
|
dockerfile: Dockerfile
|
|
working_dir: /home/tinybird
|
|
command: /usr/local/bin/tinybird-login
|
|
volumes:
|
|
- tinybird_home:/home/tinybird
|
|
- tinybird_files:/data/tinybird
|
|
profiles: [analytics]
|
|
networks:
|
|
- dokploy-network
|
|
tty: false
|
|
restart: no
|
|
|
|
tinybird-sync:
|
|
# Do not alter this without updating the Ghost container as well
|
|
image: ghost:${GHOST_VERSION:-6-alpine}
|
|
command: >
|
|
sh -c "
|
|
if [ -d /var/lib/ghost/current/core/server/data/tinybird ]; then
|
|
rm -rf /data/tinybird/*;
|
|
cp -rf /var/lib/ghost/current/core/server/data/tinybird/* /data/tinybird/;
|
|
echo 'Tinybird files synced into shared volume.';
|
|
else
|
|
echo 'Tinybird source directory not found.';
|
|
fi
|
|
"
|
|
volumes:
|
|
- tinybird_files:/data/tinybird
|
|
depends_on:
|
|
tinybird-login:
|
|
condition: service_completed_successfully
|
|
networks:
|
|
- dokploy-network
|
|
profiles: [analytics]
|
|
restart: no
|
|
|
|
tinybird-deploy:
|
|
build:
|
|
context: ./tinybird
|
|
dockerfile: Dockerfile
|
|
working_dir: /data/tinybird
|
|
command: >
|
|
sh -c "
|
|
tb-wrapper --cloud deploy
|
|
"
|
|
volumes:
|
|
- tinybird_home:/home/tinybird
|
|
- tinybird_files:/data/tinybird
|
|
depends_on:
|
|
tinybird-sync:
|
|
condition: service_completed_successfully
|
|
profiles: [analytics]
|
|
networks:
|
|
- dokploy-network
|
|
tty: true
|
|
|
|
activitypub-migrate:
|
|
image: ghcr.io/tryghost/activitypub-migrations:1.1.0@sha256:b3ab20f55d66eb79090130ff91b57fe93f8a4254b446c2c7fa4507535f503662
|
|
environment:
|
|
MYSQL_DB: mysql://${DATABASE_USER:-ghost}:${DATABASE_PASSWORD:?DATABASE_PASSWORD environment variable is required}@tcp(${DATABASE_HOST:-db}:3306)/activitypub
|
|
networks:
|
|
- dokploy-network
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
required: false
|
|
profiles: [activitypub]
|
|
restart: no
|
|
|
|
volumes:
|
|
ghost:
|
|
tinybird_files:
|
|
tinybird_home:
|
|
traffic_analytics_data:
|
|
|
|
networks:
|
|
dokploy-network:
|
|
external: true
|