dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'next-save' into add-litequeen-service

Browse Source
This commit is contained in:
🏔️ Peak
2024-10-11 11:15:13 +02:00
committed by GitHub
parent ed9410e3c2 06114f06ca
commit 5016f8fdc0
61 changed files with 3089 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
templates/compose/affine.yaml Normal file
View File

@@ -0,0 +1,75 @@
# documentation: https://docs.affine.pro/docs/self-host-affine
# slogan: Affine is an open-source, all-in-one workspace and OS for knowledge management, a Notion/Miro alternative.
# tags: knowledge-management,notion,miro,workspace
# logo: svgs/affine.svg
# port: 3010
services:
affine:
image: ghcr.io/toeverything/affine-graphql:stable
command:
- sh
- '-c'
- 'node ./scripts/self-host-predeploy && node ./dist/index.js'
depends_on:
redis:
condition: service_healthy
postgres:
condition: service_healthy
volumes:
- affine-config:/root/.affine/config
- affine-storage:/root/.affine/storage
logging:
driver: json-file
options:
max-size: 1000m
environment:
- SERVICE_FQDN_AFFINE_3010
- NODE_OPTIONS=--import=./scripts/register.js
- AFFINE_CONFIG_PATH=/root/.affine/config
- REDIS_SERVER_HOST=redis
- DATABASE_URL=postgres://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@postgres:5432/${POSTGRES_DB:-affine}
- NODE_ENV=production
- AFFINE_SERVER_HOST=$SERVICE_FQDN_AFFINE
- AFFINE_SERVER_EXTERNAL_URL=$SERVICE_FQDN_AFFINE
- MAILER_HOST=${MAILER_HOST}
- MAILER_PORT=${MAILER_PORT}
- MAILER_USER=${MAILER_USER}
- MAILER_PASSWORD=${MAILER_PASSWORD}
- MAILER_SENDER=${MAILER_SENDER}
healthcheck:
test: ["CMD-SHELL", "bash -c ':> /dev/tcp/127.0.0.1/3010' || exit 1"]
interval: 5s
timeout: 20s
retries: 3
redis:
image: redis
volumes:
- affine-redis-data:/data
healthcheck:
test:
- CMD
- redis-cli
- '--raw'
- incr
- ping
interval: 10s
timeout: 5s
retries: 5
postgres:
image: postgres:16
volumes:
- affine-postgres-data:/var/lib/postgresql/data
healthcheck:
test:
- CMD-SHELL
- 'pg_isready -U affine'
interval: 10s
timeout: 5s
retries: 5
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-affine}
- PGDATA=/var/lib/postgresql/data/pgdata

18
templates/compose/cloudbeaver.yaml Normal file
View File

@@ -0,0 +1,18 @@
# documentation: https://dbeaver.com/docs/cloudbeaver/
# slogan: CloudBeaver is a lightweight web application designed for comprehensive data management.
# tags: dbeaver, data management, data, database, mysql, postgres, sqlite, sql, mongodb
# logo: svgs/cloudbeaver.svg
# port: 8978
services:
cloudbeaver:
image: dbeaver/cloudbeaver:24
volumes:
- cloudbeaver-data:/opt/cloudbeaver/workspace
environment:
- SERVICE_FQDN_CLOUDBEAVER_8978
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:8978/"]
interval: 5s
timeout: 20s
retries: 10

41
templates/compose/cryptgeon.yaml Normal file
View File

@@ -0,0 +1,41 @@
# documentation: https://github.com/cupcakearmy/cryptgeon
# slogan: Secure note / file sharing service inspired by PrivNote.
# tags: cryptgeon, secure, note, sharing, privnote, file, sharing
# logo: svgs/cryptgeon.png
# port: 8000
services:
app:
image: cupcakearmy/cryptgeon:latest
environment:
- SERVICE_FQDN_CRYPTGEON_8000
- SIZE_LIMIT=${SIZE_LIMIT:-4 MiB}
- MAX_VIEWS=${MAX_VIEWS:-100}
- MAX_EXPIRATION=${MAX_EXPIRATION:-360}
- ALLOW_ADVANCED=${ALLOW_ADVANCED:-true}
- ALLOW_FILES=${ALLOW_FILES:-true}
depends_on:
redis:
condition: service_healthy
healthcheck:
test:
- CMD
- curl
- "--fail"
- "http://127.0.0.1:8000/api/live/"
interval: 1m
timeout: 3s
retries: 2
start_period: 5s
redis:
image: redis:7-alpine
command: "redis-server --maxmemory 200mb --maxmemory-policy allkeys-lru"
healthcheck:
test:
- CMD
- redis-cli
- PING
interval: 5s
timeout: 10s
retries: 2

639
templates/compose/dify.yaml Normal file
View File

@@ -0,0 +1,639 @@
# documentation: https://docs.dify.ai
# slogan: Dify is an open-source LLM app development platform. Dify's intuitive interface combines AI workflow, RAG pipeline, agent capabilities, model management, observability features and more, letting you quickly go from prototype to production.
# tags: ai, weaviate, openai, gpt, llm, lmops, dify, redis, postgres, qdrant, RAG, agent
# logo: svgs/dify.png
# port: 3000
x-shared-env: &shared-api-worker-env
LOG_LEVEL: ${LOG_LEVEL:-INFO}
DEBUG: ${DEBUG:-false}
FLASK_DEBUG: ${FLASK_DEBUG:-false}
CONSOLE_WEB_URL: ${CONSOLE_WEB_URL:-}
CONSOLE_API_URL: ${CONSOLE_API_URL:-}
SERVICE_API_URL:
APP_WEB_URL: ${APP_WEB_URL:-}
CHECK_UPDATE_URL: ${CHECK_UPDATE_URL:-https://updates.dify.ai}
OPENAI_API_BASE: ${OPENAI_API_BASE:-https://api.openai.com/v1}
FILES_URL: ${FILES_URL:-}
FILES_ACCESS_TIMEOUT: ${FILES_ACCESS_TIMEOUT:-300}
APP_MAX_ACTIVE_REQUESTS: ${APP_MAX_ACTIVE_REQUESTS:-0}
MIGRATION_ENABLED: ${MIGRATION_ENABLED:-true}
DEPLOY_ENV: ${DEPLOY_ENV:-PRODUCTION}
DIFY_BIND_ADDRESS: ${DIFY_BIND_ADDRESS:-0.0.0.0}
DIFY_PORT: ${DIFY_PORT:-5001}
SERVER_WORKER_AMOUNT: ${SERVER_WORKER_AMOUNT:-}
SERVER_WORKER_CLASS: ${SERVER_WORKER_CLASS:-}
CELERY_WORKER_CLASS: ${CELERY_WORKER_CLASS:-}
GUNICORN_TIMEOUT: ${GUNICORN_TIMEOUT:-360}
CELERY_WORKER_AMOUNT: ${CELERY_WORKER_AMOUNT:-}
CELERY_AUTO_SCALE: ${CELERY_AUTO_SCALE:-false}
CELERY_MAX_WORKERS: ${CELERY_MAX_WORKERS:-}
CELERY_MIN_WORKERS: ${CELERY_MIN_WORKERS:-}
API_TOOL_DEFAULT_CONNECT_TIMEOUT: ${API_TOOL_DEFAULT_CONNECT_TIMEOUT:-10}
API_TOOL_DEFAULT_READ_TIMEOUT: ${API_TOOL_DEFAULT_READ_TIMEOUT:-60}
DB_USERNAME: $SERVICE_USER_POSTGRES
DB_PASSWORD: $SERVICE_PASSWORD_POSTGRES
DB_HOST: ${DB_HOST:-db}
DB_PORT: ${DB_PORT:-5432}
DB_DATABASE: dify
SQLALCHEMY_POOL_SIZE: ${SQLALCHEMY_POOL_SIZE:-30}
SQLALCHEMY_POOL_RECYCLE: ${SQLALCHEMY_POOL_RECYCLE:-3600}
SQLALCHEMY_ECHO: ${SQLALCHEMY_ECHO:-false}
POSTGRES_MAX_CONNECTIONS: ${POSTGRES_MAX_CONNECTIONS:-100}
POSTGRES_SHARED_BUFFERS: ${POSTGRES_SHARED_BUFFERS:-128MB}
POSTGRES_WORK_MEM: ${POSTGRES_WORK_MEM:-4MB}
POSTGRES_MAINTENANCE_WORK_MEM: ${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}
POSTGRES_EFFECTIVE_CACHE_SIZE: ${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}
REDIS_HOST: ${REDIS_HOST:-redis}
REDIS_PORT: ${REDIS_PORT:-6379}
REDIS_USERNAME: ${REDIS_USERNAME:-}
REDIS_PASSWORD: $SERVICE_PASSWORD_REDIS
REDIS_USE_SSL: ${REDIS_USE_SSL:-false}
REDIS_DB: 0
CELERY_BROKER_URL: redis://:$SERVICE_PASSWORD_REDIS@redis:6379/1
BROKER_USE_SSL: ${BROKER_USE_SSL:-false}
WEB_API_CORS_ALLOW_ORIGINS: ${WEB_API_CORS_ALLOW_ORIGINS:-*}
CONSOLE_CORS_ALLOW_ORIGINS: ${CONSOLE_CORS_ALLOW_ORIGINS:-*}
STORAGE_TYPE: ${STORAGE_TYPE:-local}
STORAGE_LOCAL_PATH: storage
S3_USE_AWS_MANAGED_IAM: ${S3_USE_AWS_MANAGED_IAM:-false}
S3_ENDPOINT: ${S3_ENDPOINT:-}
S3_BUCKET_NAME: ${S3_BUCKET_NAME:-}
S3_ACCESS_KEY: ${S3_ACCESS_KEY:-}
S3_SECRET_KEY: ${S3_SECRET_KEY:-}
S3_REGION: ${S3_REGION:-us-east-1}
AZURE_BLOB_ACCOUNT_NAME: ${AZURE_BLOB_ACCOUNT_NAME:-}
AZURE_BLOB_ACCOUNT_KEY: ${AZURE_BLOB_ACCOUNT_KEY:-}
AZURE_BLOB_CONTAINER_NAME: ${AZURE_BLOB_CONTAINER_NAME:-}
AZURE_BLOB_ACCOUNT_URL: ${AZURE_BLOB_ACCOUNT_URL:-}
GOOGLE_STORAGE_BUCKET_NAME: ${GOOGLE_STORAGE_BUCKET_NAME:-}
GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64: ${GOOGLE_STORAGE_SERVICE_ACCOUNT_JSON_BASE64:-}
ALIYUN_OSS_BUCKET_NAME: ${ALIYUN_OSS_BUCKET_NAME:-}
ALIYUN_OSS_ACCESS_KEY: ${ALIYUN_OSS_ACCESS_KEY:-}
ALIYUN_OSS_SECRET_KEY: ${ALIYUN_OSS_SECRET_KEY:-}
ALIYUN_OSS_ENDPOINT: ${ALIYUN_OSS_ENDPOINT:-}
ALIYUN_OSS_REGION: ${ALIYUN_OSS_REGION:-}
ALIYUN_OSS_AUTH_VERSION: ${ALIYUN_OSS_AUTH_VERSION:-v4}
TENCENT_COS_BUCKET_NAME: ${TENCENT_COS_BUCKET_NAME:-}
TENCENT_COS_SECRET_KEY: ${TENCENT_COS_SECRET_KEY:-}
TENCENT_COS_SECRET_ID: ${TENCENT_COS_SECRET_ID:-}
TENCENT_COS_REGION: ${TENCENT_COS_REGION:-}
TENCENT_COS_SCHEME: ${TENCENT_COS_SCHEME:-}
OCI_ENDPOINT: ${OCI_ENDPOINT:-}
OCI_BUCKET_NAME: ${OCI_BUCKET_NAME:-}
OCI_ACCESS_KEY: ${OCI_ACCESS_KEY:-}
OCI_SECRET_KEY: ${OCI_SECRET_KEY:-}
OCI_REGION: ${OCI_REGION:-}
VECTOR_STORE: ${VECTOR_STORE:-weaviate}
WEAVIATE_ENDPOINT: ${WEAVIATE_ENDPOINT:-http://weaviate:8080}
WEAVIATE_API_KEY: $SERVICE_PASSWORD_WEAVIATE
RELYT_HOST: ${RELYT_HOST:-db}
RELYT_PORT: ${RELYT_PORT:-5432}
RELYT_USER: $SERVICE_USER_RELYT
RELYT_PASSWORD: $SERVICE_PASSWORD_RELYT
RELYT_DATABASE: ${RELYT_DATABASE:-postgres}
TIDB_VECTOR_HOST: ${TIDB_VECTOR_HOST:-tidb}
TIDB_VECTOR_PORT: ${TIDB_VECTOR_PORT:-4000}
TIDB_VECTOR_USER: $SERVICE_USER_TIDB
TIDB_VECTOR_PASSWORD: $SERVICE_PASSWORD_TIDB
TIDB_VECTOR_DATABASE: ${TIDB_VECTOR_DATABASE:-dify}
# AnalyticDB configuration
ANALYTICDB_KEY_ID: ${ANALYTICDB_KEY_ID:-}
ANALYTICDB_KEY_SECRET: ${ANALYTICDB_KEY_SECRET:-}
ANALYTICDB_REGION_ID: ${ANALYTICDB_REGION_ID:-}
ANALYTICDB_INSTANCE_ID: ${ANALYTICDB_INSTANCE_ID:-}
ANALYTICDB_ACCOUNT: ${ANALYTICDB_ACCOUNT:-}
ANALYTICDB_PASSWORD: ${ANALYTICDB_PASSWORD:-}
ANALYTICDB_NAMESPACE: ${ANALYTICDB_NAMESPACE:-dify}
ANALYTICDB_NAMESPACE_PASSWORD: ${ANALYTICDB_NAMESPACE_PASSWORD:-}
TENCENT_VECTOR_DB_URL: ${TENCENT_VECTOR_DB_URL:-http://127.0.0.1}
TENCENT_VECTOR_DB_API_KEY: ${TENCENT_VECTOR_DB_API_KEY:-dify}
TENCENT_VECTOR_DB_TIMEOUT: ${TENCENT_VECTOR_DB_TIMEOUT:-30}
TENCENT_VECTOR_DB_USERNAME: ${TENCENT_VECTOR_DB_USERNAME:-dify}
TENCENT_VECTOR_DB_DATABASE: ${TENCENT_VECTOR_DB_DATABASE:-dify}
TENCENT_VECTOR_DB_SHARD: ${TENCENT_VECTOR_DB_SHARD:-1}
TENCENT_VECTOR_DB_REPLICAS: ${TENCENT_VECTOR_DB_REPLICAS:-2}
UPLOAD_FILE_SIZE_LIMIT: ${UPLOAD_FILE_SIZE_LIMIT:-15}
UPLOAD_FILE_BATCH_LIMIT: ${UPLOAD_FILE_BATCH_LIMIT:-5}
ETL_TYPE: ${ETL_TYPE:-dify}
MULTIMODAL_SEND_IMAGE_FORMAT: ${MULTIMODAL_SEND_IMAGE_FORMAT:-base64}
UPLOAD_IMAGE_FILE_SIZE_LIMIT: ${UPLOAD_IMAGE_FILE_SIZE_LIMIT:-10}
SENTRY_DSN: ${API_SENTRY_DSN:-}
SENTRY_TRACES_SAMPLE_RATE: ${API_SENTRY_TRACES_SAMPLE_RATE:-1.0}
SENTRY_PROFILES_SAMPLE_RATE: ${API_SENTRY_PROFILES_SAMPLE_RATE:-1.0}
NOTION_INTEGRATION_TYPE: ${NOTION_INTEGRATION_TYPE:-public}
NOTION_CLIENT_SECRET: ${NOTION_CLIENT_SECRET:-}
NOTION_CLIENT_ID: ${NOTION_CLIENT_ID:-}
NOTION_INTERNAL_SECRET: ${NOTION_INTERNAL_SECRET:-}
MAIL_TYPE: ${MAIL_TYPE:-resend}
MAIL_DEFAULT_SEND_FROM: ${MAIL_DEFAULT_SEND_FROM:-}
SMTP_SERVER: ${SMTP_SERVER:-}
SMTP_PORT: ${SMTP_PORT:-465}
SMTP_USERNAME: ${SMTP_USERNAME:-}
SMTP_PASSWORD: ${SMTP_PASSWORD:-}
SMTP_USE_TLS: ${SMTP_USE_TLS:-true}
SMTP_OPPORTUNISTIC_TLS: ${SMTP_OPPORTUNISTIC_TLS:-false}
RESEND_API_KEY: ${RESEND_API_KEY:-your-resend-api-key}
RESEND_API_URL: https://api.resend.com
INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH: ${INDEXING_MAX_SEGMENTATION_TOKENS_LENGTH:-1000}
INVITE_EXPIRY_HOURS: ${INVITE_EXPIRY_HOURS:-72}
RESET_PASSWORD_TOKEN_EXPIRY_HOURS: ${RESET_PASSWORD_TOKEN_EXPIRY_HOURS:-24}
CODE_EXECUTION_ENDPOINT: ${CODE_EXECUTION_ENDPOINT:-http://sandbox:8194}
CODE_EXECUTION_API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
CODE_MAX_NUMBER: ${CODE_MAX_NUMBER:-9223372036854775807}
CODE_MIN_NUMBER: ${CODE_MIN_NUMBER:--9223372036854775808}
CODE_MAX_STRING_LENGTH: ${CODE_MAX_STRING_LENGTH:-80000}
TEMPLATE_TRANSFORM_MAX_LENGTH: ${TEMPLATE_TRANSFORM_MAX_LENGTH:-80000}
CODE_MAX_STRING_ARRAY_LENGTH: ${CODE_MAX_STRING_ARRAY_LENGTH:-30}
CODE_MAX_OBJECT_ARRAY_LENGTH: ${CODE_MAX_OBJECT_ARRAY_LENGTH:-30}
CODE_MAX_NUMBER_ARRAY_LENGTH: ${CODE_MAX_NUMBER_ARRAY_LENGTH:-1000}
SSRF_PROXY_HTTP_URL: ${SSRF_PROXY_HTTP_URL:-http://ssrf_proxy:3128}
SSRF_PROXY_HTTPS_URL: ${SSRF_PROXY_HTTPS_URL:-http://ssrf_proxy:3128}
services:
api:
image: langgenius/dify-api:latest
environment:
SECRET_KEY: $SERVICE_PASSWORD_64_SECRETKEY
INIT_PASSWORD: $SERVICE_USER_INITPASSWORD
# Use the shared environment variables.
<<: *shared-api-worker-env
# Startup mode, 'api' starts the API server.
MODE: api
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
volumes:
# Mount the storage directory to the container, for storing user files.
- dify-storage:/app/api/storage
networks:
- ssrf_proxy_network
- default
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:5001/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
# worker service
# The Celery worker for processing the queue.
worker:
image: langgenius/dify-api:latest
environment:
# Use the shared environment variables.
<<: *shared-api-worker-env
# Startup mode, 'worker' starts the Celery worker for processing the queue.
MODE: worker
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
volumes:
# Mount the storage directory to the container, for storing user files.
- dify-storage:/app/api/storage
networks:
- ssrf_proxy_network
- default
healthcheck:
test: ["CMD-SHELL", "celery inspect ping"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
# Frontend web application.
web:
image: langgenius/dify-web:latest
environment:
- SERVICE_FQDN_WEB_3000
- CONSOLE_API_URL=${SERVICE_FQDN_WEB}
- APP_API_URL=${SERVICE_FQDN_API}
- SENTRY_DSN=${WEB_SENTRY_DSN:-}
- NEXT_TELEMETRY_DISABLED=${NEXT_TELEMETRY_DISABLED:-0}
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://web:3000"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
# The postgres database.
db:
image: postgres:15-alpine
environment:
POSTGRES_USER: $SERVICE_USER_POSTGRES
POSTGRES_PASSWORD: $SERVICE_PASSWORD_POSTGRES
POSTGRES_DB: dify
PGDATA: /var/lib/postgresql/data/pgdata
command: >
postgres -c 'max_connections=${POSTGRES_MAX_CONNECTIONS:-100}'
-c 'shared_buffers=${POSTGRES_SHARED_BUFFERS:-128MB}'
-c 'work_mem=${POSTGRES_WORK_MEM:-4MB}'
-c 'maintenance_work_mem=${POSTGRES_MAINTENANCE_WORK_MEM:-64MB}'
-c 'effective_cache_size=${POSTGRES_EFFECTIVE_CACHE_SIZE:-4096MB}'
volumes:
- dify-db-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD", "pg_isready", "-U", "$SERVICE_USER_POSTGRES", "-d", "dify"]
interval: 10s
timeout: 5s
retries: 5
# The redis cache.
redis:
image: redis:6-alpine
environment:
REDIS_PASSWORD: $SERVICE_PASSWORD_REDIS
volumes:
- dify-redis-data:/data
# Set the redis password when startup redis server.
command: redis-server --requirepass "$SERVICE_PASSWORD_REDIS"
healthcheck:
test: [ "CMD", "redis-cli", "-a", "$SERVICE_PASSWORD_REDIS", "ping" ]
# The DifySandbox
sandbox:
image: langgenius/dify-sandbox:latest
restart: always
environment:
# The DifySandbox configurations
# Make sure you are changing this key for your deployment with a strong key.
# You can generate a strong key using `openssl rand -base64 42`.
API_KEY: ${SANDBOX_API_KEY:-dify-sandbox}
GIN_MODE: ${SANDBOX_GIN_MODE:-release}
WORKER_TIMEOUT: ${SANDBOX_WORKER_TIMEOUT:-15}
ENABLE_NETWORK: ${SANDBOX_ENABLE_NETWORK:-true}
HTTP_PROXY: ${SANDBOX_HTTP_PROXY:-http://ssrf_proxy:3128}
HTTPS_PROXY: ${SANDBOX_HTTPS_PROXY:-http://ssrf_proxy:3128}
SANDBOX_PORT: ${SANDBOX_PORT:-8194}
volumes:
- './volumes/sandbox/dependencies:/dependencies'
networks:
- ssrf_proxy_network
- default
healthcheck:
test: ["CMD-SHELL", "bash -c ':> /dev/tcp/127.0.0.1/8194' || exit 1"]
interval: 5s
timeout: 20s
retries: 3
# ssrf_proxy server
# for more information, please refer to
# https://docs.dify.ai/learn-more/faq/self-host-faq#id-18.-why-is-ssrf_proxy-needed
ssrf_proxy:
image: ubuntu/squid:latest
volumes:
- type: bind
source: ./ssrf_proxy/squid.conf.template
target: /etc/squid/squid.conf.template
read_only: true
content: |
acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
include /etc/squid/conf.d/*.conf
http_access deny all
################################## Proxy Server ################################
http_port 3128
coredump_dir ${COREDUMP_DIR}
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
refresh_pattern . 0 20% 4320
# cache_dir ufs /var/spool/squid 100 16 256
# upstream proxy, set to your own upstream proxy IP to avoid SSRF attacks
# cache_peer 172.1.1.1 parent 3128 0 no-query no-digest no-netdb-exchange default
################################## Reverse Proxy To Sandbox ################################
http_port 3129 accel vhost
cache_peer ${SANDBOX_HOST} parent ${SANDBOX_PORT} 0 no-query originserver
acl src_all src all
http_access allow src_all
- type: bind
source: ./ssrf_proxy/docker-entrypoint.sh
target: /docker-entrypoint.sh
read_only: true
content: |
#!/bin/bash
# Modified based on Squid OCI image entrypoint
# This entrypoint aims to forward the squid logs to stdout to assist users of
# common container related tooling (e.g., kubernetes, docker-compose, etc) to
# access the service logs.
# Moreover, it invokes the squid binary, leaving all the desired parameters to
# be provided by the "command" passed to the spawned container. If no command
# is provided by the user, the default behavior (as per the CMD statement in
# the Dockerfile) will be to use Ubuntu's default configuration [1] and run
# squid with the "-NYC" options to mimic the behavior of the Ubuntu provided
# systemd unit.
# [1] The default configuration is changed in the Dockerfile to allow local
# network connections. See the Dockerfile for further information.
echo "[ENTRYPOINT] re-create snakeoil self-signed certificate removed in the build process"
if [ ! -f /etc/ssl/private/ssl-cert-snakeoil.key ]; then
/usr/sbin/make-ssl-cert generate-default-snakeoil --force-overwrite > /dev/null 2>&1
fi
tail -F /var/log/squid/access.log 2>/dev/null &
tail -F /var/log/squid/error.log 2>/dev/null &
tail -F /var/log/squid/store.log 2>/dev/null &
tail -F /var/log/squid/cache.log 2>/dev/null &
# Replace environment variables in the template and output to the squid.conf
echo "[ENTRYPOINT] replacing environment variables in the template"
awk '{
while(match($0, /\${[A-Za-z_][A-Za-z_0-9]*}/)) {
var = substr($0, RSTART+2, RLENGTH-3)
val = ENVIRON[var]
$0 = substr($0, 1, RSTART-1) val substr($0, RSTART+RLENGTH)
}
print
}' /etc/squid/squid.conf.template > /etc/squid/squid.conf
/usr/sbin/squid -Nz
echo "[ENTRYPOINT] starting squid"
/usr/sbin/squid -f /etc/squid/squid.conf -NYC 1
- ssrf_proxy_var_log_squid:/var/log/squid
- ssrf_proxy_var_spool_squid:/var/spool/squid
entrypoint: ["/bin/sh", "/docker-entrypoint.sh"]
environment:
# pls clearly modify the squid env vars to fit your network environment.
HTTP_PORT: ${SSRF_HTTP_PORT:-3128}
COREDUMP_DIR: ${SSRF_COREDUMP_DIR:-/var/spool/squid}
REVERSE_PROXY_PORT: ${SSRF_REVERSE_PROXY_PORT:-8194}
SANDBOX_HOST: ${SSRF_SANDBOX_HOST:-sandbox}
SANDBOX_PORT: ${SANDBOX_PORT:-8194}
networks:
- ssrf_proxy_network
- default
healthcheck:
test: ["CMD", "squid", "-k", "check"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
# The nginx reverse proxy.
# used for reverse proxying the API service and Web service.
nginx:
image: nginx:latest
volumes:
- type: bind
source: ./nginx/nginx.conf.template
target: /etc/nginx/nginx.conf.template
read_only: true
content: |
# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration.
user nginx;
worker_processes ${NGINX_WORKER_PROCESSES};
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout ${NGINX_KEEPALIVE_TIMEOUT};
#gzip on;
client_max_body_size ${NGINX_CLIENT_MAX_BODY_SIZE};
include /etc/nginx/conf.d/*.conf;
}
- type: bind
source: ./nginx/proxy.conf.template
target: /etc/nginx/proxy.conf.template
read_only: true
content: |
# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration.
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_read_timeout ${NGINX_PROXY_READ_TIMEOUT};
proxy_send_timeout ${NGINX_PROXY_SEND_TIMEOUT};
- type: bind
source: ./nginx/https.conf.template
target: /etc/nginx/https.conf.template
read_only: true
content: |
# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration.
listen ${NGINX_SSL_PORT} ssl;
ssl_certificate ${SSL_CERTIFICATE_PATH};
ssl_certificate_key ${SSL_CERTIFICATE_KEY_PATH};
ssl_protocols ${NGINX_SSL_PROTOCOLS};
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
- type: bind
source: ./nginx/docker-entrypoint.sh
target: /docker-entrypoint-mount.sh
read_only: true
content: |
#!/bin/bash
if [ "${NGINX_HTTPS_ENABLED}" = "true" ]; then
# Check if the certificate and key files for the specified domain exist
if [ -n "${CERTBOT_DOMAIN}" ] && \
[ -f "/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_FILENAME}" ] && \
[ -f "/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_KEY_FILENAME}" ]; then
SSL_CERTIFICATE_PATH="/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_FILENAME}"
SSL_CERTIFICATE_KEY_PATH="/etc/letsencrypt/live/${CERTBOT_DOMAIN}/${NGINX_SSL_CERT_KEY_FILENAME}"
else
SSL_CERTIFICATE_PATH="/etc/ssl/${NGINX_SSL_CERT_FILENAME}"
SSL_CERTIFICATE_KEY_PATH="/etc/ssl/${NGINX_SSL_CERT_KEY_FILENAME}"
fi
export SSL_CERTIFICATE_PATH
export SSL_CERTIFICATE_KEY_PATH
# set the HTTPS_CONFIG environment variable to the content of the https.conf.template
HTTPS_CONFIG=$(envsubst < /etc/nginx/https.conf.template)
export HTTPS_CONFIG
# Substitute the HTTPS_CONFIG in the default.conf.template with content from https.conf.template
envsubst '${HTTPS_CONFIG}' < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf
fi
if [ "${NGINX_ENABLE_CERTBOT_CHALLENGE}" = "true" ]; then
ACME_CHALLENGE_LOCATION='location /.well-known/acme-challenge/ { root /var/www/html; }'
else
ACME_CHALLENGE_LOCATION=''
fi
export ACME_CHALLENGE_LOCATION
env_vars=$(printenv | cut -d= -f1 | sed 's/^/$/g' | paste -sd, -)
envsubst "$env_vars" < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf
envsubst "$env_vars" < /etc/nginx/proxy.conf.template > /etc/nginx/proxy.conf
envsubst < /etc/nginx/conf.d/default.conf.template > /etc/nginx/conf.d/default.conf
# Start Nginx using the default entrypoint
exec nginx -g 'daemon off;'
- type: bind
source: ./nginx/default.conf.template
target: /etc/nginx/conf.d/default.conf.template
read_only: true
content: |
# Please do not directly edit this file. Instead, modify the .env variables related to NGINX configuration.
server {
listen ${NGINX_PORT};
server_name ${NGINX_SERVER_NAME};
location /console/api {
proxy_pass http://api:5001;
include proxy.conf;
}
location /api {
proxy_pass http://api:5001;
include proxy.conf;
}
location /v1 {
proxy_pass http://api:5001;
include proxy.conf;
}
location /files {
proxy_pass http://api:5001;
include proxy.conf;
}
location / {
proxy_pass http://web:3000;
include proxy.conf;
}
# placeholder for acme challenge location
${ACME_CHALLENGE_LOCATION}
# placeholder for https config defined in https.conf.template
${HTTPS_CONFIG}
}
- './nginx/ssl:/etc/ssl'
- './volumes/certbot/conf/live:/etc/letsencrypt/live'
- './volumes/certbot/conf:/etc/letsencrypt'
- './volumes/certbot/www:/var/www/html'
entrypoint: [ "sh", "-c", "cp /docker-entrypoint-mount.sh /docker-entrypoint.sh && sed -i 's/\r$$//' /docker-entrypoint.sh && chmod +x /docker-entrypoint.sh && /docker-entrypoint.sh" ]
environment:
NGINX_SERVER_NAME: $SERVICE_FQDN_NGINX
NGINX_HTTPS_ENABLED: ${NGINX_HTTPS_ENABLED:-false}
NGINX_SSL_PORT: ${NGINX_SSL_PORT:-443}
NGINX_PORT: ${NGINX_PORT:-80}
# You're required to add your own SSL certificates/keys to the `./nginx/ssl` directory
# and modify the env vars below in .env if HTTPS_ENABLED is true.
NGINX_SSL_CERT_FILENAME: ${NGINX_SSL_CERT_FILENAME:-dify.crt}
NGINX_SSL_CERT_KEY_FILENAME: ${NGINX_SSL_CERT_KEY_FILENAME:-dify.key}
NGINX_SSL_PROTOCOLS: ${NGINX_SSL_PROTOCOLS:-TLSv1.1 TLSv1.2 TLSv1.3}
NGINX_WORKER_PROCESSES: ${NGINX_WORKER_PROCESSES:-auto}
NGINX_CLIENT_MAX_BODY_SIZE: ${NGINX_CLIENT_MAX_BODY_SIZE:-15M}
NGINX_KEEPALIVE_TIMEOUT: ${NGINX_KEEPALIVE_TIMEOUT:-65}
NGINX_PROXY_READ_TIMEOUT: ${NGINX_PROXY_READ_TIMEOUT:-3600s}
NGINX_PROXY_SEND_TIMEOUT: ${NGINX_PROXY_SEND_TIMEOUT:-3600s}
NGINX_ENABLE_CERTBOT_CHALLENGE: ${NGINX_ENABLE_CERTBOT_CHALLENGE:-false}
CERTBOT_DOMAIN: ${CERTBOT_DOMAIN:-}
depends_on:
- api
- web
healthcheck:
test: ["CMD", "nginx", "-t"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
# The Weaviate vector store.
weaviate:
image: semitechnologies/weaviate:1.19.0
profiles:
- ''
- weaviate
volumes:
- dify-weaviate-data:/var/lib/weaviate
environment:
# The Weaviate configurations
# You can refer to the [Weaviate](https://weaviate.io/developers/weaviate/config-refs/env-vars) documentation for more information.
PERSISTENCE_DATA_PATH: ${WEAVIATE_PERSISTENCE_DATA_PATH:-/var/lib/weaviate}
QUERY_DEFAULTS_LIMIT: ${WEAVIATE_QUERY_DEFAULTS_LIMIT:-25}
AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED: ${WEAVIATE_AUTHENTICATION_ANONYMOUS_ACCESS_ENABLED:-false}
DEFAULT_VECTORIZER_MODULE: ${WEAVIATE_DEFAULT_VECTORIZER_MODULE:-none}
CLUSTER_HOSTNAME: ${WEAVIATE_CLUSTER_HOSTNAME:-node1}
AUTHENTICATION_APIKEY_ENABLED: ${WEAVIATE_AUTHENTICATION_APIKEY_ENABLED:-true}
AUTHENTICATION_APIKEY_ALLOWED_KEYS: $SERVICE_PASSWORD_WEAVIATE
AUTHENTICATION_APIKEY_USERS: $SERVICE_USER_WEAVIATE
AUTHORIZATION_ADMINLIST_ENABLED: ${WEAVIATE_AUTHORIZATION_ADMINLIST_ENABLED:-true}
AUTHORIZATION_ADMINLIST_USERS: $SERVICE_USER_WEAVIATE
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://localhost:8080/v1/.well-known/live"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
networks:
# create a network between sandbox, api and ssrf_proxy, and can not access outside.
ssrf_proxy_network:
driver: bridge
internal: true
volumes:
ssrf_proxy_var_log_squid:
ssrf_proxy_var_spool_squid:

79
templates/compose/flowise-with-databases.yaml Normal file
View File

@@ -0,0 +1,79 @@
# documentation: https://docs.flowiseai.com/
# slogan: Flowise is an open source low-code tool for developers to build customized LLM orchestration flows & AI agents. Also deploys Redis, Postgres and other services.
# tags: lowcode, nocode, ai, llm, openai, anthropic, machine-learning, rag, agents, chatbot, api, team, bot, flows
# logo: svgs/flowise.png
# port: 3001
services:
flowise:
image: flowiseai/flowise:latest
depends_on:
pg-record-manager:
condition: service_healthy
redis-cache:
condition: service_healthy
qdrant:
condition: service_healthy
environment:
- SERVICE_FQDN_FLOWISE_3001
- DEBUG=${DEBUG:-false}
- DISABLE_FLOWISE_TELEMETRY=${DISABLE_FLOWISE_TELEMETRY:-true}
- PORT=${PORT:-3001}
- DATABASE_PATH=/root/.flowise
- APIKEY_PATH=/root/.flowise
- SECRETKEY_PATH=/root/.flowise
- LOG_PATH=/root/.flowise/logs
- BLOB_STORAGE_PATH=/root/.flowise/storage
- FLOWISE_USERNAME=${SERVICE_USER_FLOWISE}
- FLOWISE_PASSWORD=${SERVICE_PASSWORD_FLOWISE}
volumes:
- flowise-data:/root/.flowise
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:3001 || exit 1"]
interval: 5s
timeout: 5s
retries: 3
pg-record-manager:
image: postgres:16
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-pg-record-manager}
volumes:
- pg-record-manager-data:/var/lib/postgresql/data
healthcheck:
test:
- CMD-SHELL
- "pg_isready -h localhost -U $${POSTGRES_USER} -d $${POSTGRES_DB}"
interval: 5s
timeout: 5s
retries: 10
start_period: 20s
redis-cache:
image: redis:7
volumes:
- flowise-redis-cache-data:/data
healthcheck:
test:
- CMD-SHELL
- "redis-cli -h localhost -p 6379 ping"
interval: 5s
timeout: 5s
retries: 3
qdrant:
image: qdrant/qdrant:latest
environment:
- SERVICE_FQDN_QDRANT_6333
- QDRANT__SERVICE__API_KEY=${SERVICE_PASSWORD_QDRANTAPIKEY}
volumes:
- flowise-qdrant-data:/qdrant/storage
healthcheck:
test:
- CMD-SHELL
- bash -c ':> /dev/tcp/127.0.0.1/6333' || exit 1
interval: 5s
timeout: 5s
retries: 3

28
templates/compose/flowise.yaml Normal file
View File

@@ -0,0 +1,28 @@
# documentation: https://docs.flowiseai.com/
# slogan: Flowise is an open source low-code tool for developers to build customized LLM orchestration flows & AI agents.
# tags: lowcode, nocode, ai, llm, openai, anthropic, machine-learning, rag, agents, chatbot, api, team, bot, flows
# logo: svgs/flowise.png
# port: 3001
services:
flowise:
image: flowiseai/flowise:latest
environment:
- SERVICE_FQDN_FLOWISE_3001
- DEBUG=${DEBUG:-false}
- DISABLE_FLOWISE_TELEMETRY=${DISABLE_FLOWISE_TELEMETRY:-true}
- PORT=${PORT:-3001}
- DATABASE_PATH=/root/.flowise
- APIKEY_PATH=/root/.flowise
- SECRETKEY_PATH=/root/.flowise
- LOG_PATH=/root/.flowise/logs
- BLOB_STORAGE_PATH=/root/.flowise/storage
- FLOWISE_USERNAME=${SERVICE_USER_FLOWISE}
- FLOWISE_PASSWORD=${SERVICE_PASSWORD_FLOWISE}
volumes:
- flowise-data:/root/.flowise
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:3001 || exit 1"]
interval: 5s
timeout: 5s
retries: 3

41
templates/compose/freshrss-with-mariadb.yaml Normal file
View File

@@ -0,0 +1,41 @@
# documentation: https://freshrss.org/index.html
# slogan: A free, self-hostable feed aggregator.
# tags: rss, feed
# logo: svgs/freshrss.png
# port: 80
services:
freshrss:
image: freshrss/freshrss:latest
environment:
- SERVICE_FQDN_FRESHRSS_80
- CRON_MIN=${CRON_MIN:-1,31}
- MARIADB_DB=${MARIADB_DATABASE:-freshrss}
- MARIADB_USER=${SERVICE_USER_MARIADB}
- MARIADB_PASSWORD=${SERVICE_PASSWORD_MARIADB}
volumes:
- freshrss-data:/var/www/FreshRSS/data
- freshrss-extensions:/var/www/FreshRSS/extensions
depends_on:
freshrss-db:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "bash -c ':> /dev/tcp/127.0.0.1/80' || exit 1"]
interval: 5s
timeout: 20s
retries: 3
freshrss-db:
image: mariadb:11
volumes:
- mariadb-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=$SERVICE_PASSWORD_ROOT
- MYSQL_DATABASE=${MARIADB_DATABASE:-freshrss}
- MYSQL_USER=${SERVICE_USER_MARIADB}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MARIADB}
healthcheck:
test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
interval: 5s
timeout: 20s
retries: 10

41
templates/compose/freshrss-with-mysql.yaml Normal file
View File

@@ -0,0 +1,41 @@
# documentation: https://freshrss.org/index.html
# slogan: A free, self-hostable feed aggregator.
# tags: rss, feed
# logo: svgs/freshrss.png
# port: 80
services:
freshrss:
image: freshrss/freshrss:latest
environment:
- SERVICE_FQDN_FRESHRSS_80
- CRON_MIN=${CRON_MIN:-1,31}
- MYSQL_DB=${MYSQL_DATABASE:-freshrss}
- MYSQL_USER=${SERVICE_USER_MYSQL}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MYSQL}
volumes:
- freshrss-data:/var/www/FreshRSS/data
- freshrss-extensions:/var/www/FreshRSS/extensions
depends_on:
freshrss-db:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "bash -c ':> /dev/tcp/127.0.0.1/80' || exit 1"]
interval: 5s
timeout: 20s
retries: 3
freshrss-db:
image: mysql:8
volumes:
- mysql-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=$SERVICE_PASSWORD_ROOT
- MYSQL_DATABASE=${MYSQL_DATABASE:-freshrss}
- MYSQL_USER=$SERVICE_USER_MYSQL
- MYSQL_PASSWORD=$SERVICE_PASSWORD_MYSQL
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1"]
interval: 5s
timeout: 20s
retries: 10

41
templates/compose/freshrss-with-postgresql.yaml Normal file
View File

@@ -0,0 +1,41 @@
# documentation: https://freshrss.org/index.html
# slogan: A free, self-hostable feed aggregator.
# tags: rss, feed
# logo: svgs/freshrss.png
# port: 80
services:
freshrss:
image: freshrss/freshrss:latest
environment:
- SERVICE_FQDN_FRESHRSS_80
- CRON_MIN=${CRON_MIN:-1,31}
- POSTGRES_DB=${POSTGRESQL_DATABASE:-freshrss}
- POSTGRES_USER=${SERVICE_USER_POSTGRESQL}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRESQL}
- POSTGRES_HOST=postgresql
volumes:
- freshrss-data:/var/www/FreshRSS/data
- freshrss-extensions:/var/www/FreshRSS/extensions
depends_on:
freshrss-db:
condition: service_healthy
healthcheck:
test: ["CMD-SHELL", "bash -c ':> /dev/tcp/127.0.0.1/80' || exit 1"]
interval: 5s
timeout: 20s
retries: 3
freshrss-db:
image: postgres:16
volumes:
- freshrss-postgresql-data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRESQL}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRESQL}
- POSTGRES_DB=${POSTGRESQL_DATABASE:-freshrss}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10

20
templates/compose/freshrss.yaml Normal file
View File

@@ -0,0 +1,20 @@
# documentation: https://freshrss.org/index.html
# slogan: A free, self-hostable feed aggregator.
# tags: rss, feed
# logo: svgs/freshrss.png
# port: 80
services:
freshrss:
image: freshrss/freshrss:latest
environment:
- SERVICE_FQDN_FRESHRSS_80
- CRON_MIN=${CRON_MIN:-1,31}
volumes:
- freshrss-data:/var/www/FreshRSS/data
- freshrss-extensions:/var/www/FreshRSS/extensions
healthcheck:
test: ["CMD-SHELL", "bash -c ':> /dev/tcp/127.0.0.1/80' || exit 1"]
interval: 5s
timeout: 20s
retries: 3

25
templates/compose/glitchtip.yaml
View File

@@ -12,12 +12,13 @@ services:
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRESQL}
- POSTGRES_DB=${POSTGRESQL_DATABASE:-glitchtip}
volumes:
- pg-data:/var/lib/postgresql/data
- glitchtip-postgres-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10
redis:
image: redis
healthcheck:
@@ -25,11 +26,14 @@ services:
interval: 5s
timeout: 20s
retries: 10
web:
image: glitchtip/glitchtip
depends_on:
- postgres
- redis
postgres:
condition: service_healthy
redis:
condition: service_healthy
environment:
- SERVICE_FQDN_GLITCHTIP_8080
- DATABASE_URL=postgres://$SERVICE_USER_POSTGRESQL:$SERVICE_PASSWORD_POSTGRESQL@postgres:5432/${POSTGRESQL_DATABASE:-glitchtip}
@@ -46,14 +50,16 @@ services:
interval: 5s
timeout: 20s
retries: 10
worker:
image: glitchtip/glitchtip
command: ./bin/run-celery-with-beat.sh
depends_on:
- postgres
- redis
postgres:
condition: service_healthy
redis:
condition: service_healthy
environment:
- SERVICE_FQDN_GLITCHTIP
- DATABASE_URL=postgres://$SERVICE_USER_POSTGRESQL:$SERVICE_PASSWORD_POSTGRESQL@postgres:5432/${POSTGRESQL_DATABASE:-glitchtip}
- SECRET_KEY=$SERVICE_BASE64_64_ENCRYPTION
- EMAIL_URL=${EMAIL_URL:-consolemail://}
@@ -68,12 +74,15 @@ services:
interval: 5s
timeout: 20s
retries: 10
migrate:
image: glitchtip/glitchtip
restart: "no"
depends_on:
- postgres
- redis
postgres:
condition: service_healthy
redis:
condition: service_healthy
command: "./manage.py migrate"
environment:
- DATABASE_URL=postgres://$SERVICE_USER_POSTGRESQL:$SERVICE_PASSWORD_POSTGRESQL@postgres:5432/${POSTGRESQL_DATABASE:-glitchtip}

54
templates/compose/heyform.yaml Normal file
View File

@@ -0,0 +1,54 @@
# documentation: https://docs.heyform.net/open-source/self-hosting
# slogan: Allows anyone to create engaging conversational forms for surveys, questionnaires, quizzes, and polls. No coding skills required.
# tags: form, builder, forms, survey, quiz, open source, self-hosted, docker
# logo: svgs/heyform.svg
# port: 8000
services:
heyform:
image: heyform/community-edition:latest
volumes:
- heyform-assets:/app/static/upload
depends_on:
mongo:
condition: service_healthy
keydb:
condition: service_healthy
environment:
- SERVICE_FQDN_HEYFORM_8000
- APP_HOMEPAGE_URL=${SERVICE_FQDN_HEYFORM}
- SESSION_KEY=${SERVICE_BASE64_64_SESSION}
- FORM_ENCRYPTION_KEY=${SERVICE_BASE64_64_FORM}
- MONGO_URI=mongodb://mongo:27017/heyform
- REDIS_HOST=keydb
- REDIS_PORT=6379
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:8000 || exit 1"]
interval: 5s
timeout: 5s
retries: 3
mongo:
image: percona/percona-server-mongodb:latest
volumes:
- heyform-mongo-data:/data/db
healthcheck:
test: ["CMD-SHELL", "echo 'ok' > /dev/null 2>&1"]
interval: 5s
timeout: 5s
retries: 10
start_period: 5s
keydb:
image: eqalpha/keydb:latest
command: keydb-server --appendonly yes
environment:
- KEYDB_PASSWORD=${SERVICE_PASSWORD_KEYDB}
volumes:
- heyform-keydb-data:/data
healthcheck:
test: ["CMD-SHELL", "keydb-cli", "--pass", "${SERVICE_PASSWORD_KEYDB}", "ping"]
interval: 5s
timeout: 5s
retries: 10
start_period: 5s

21
templates/compose/homebox.yaml Normal file
View File

@@ -0,0 +1,21 @@
# documentation: https://github.com/hay-kot/homebox
# slogan: Homebox is a self-hosted file management solution.
# tags: homebox,file-management,self-hosted
# logo: svgs/homebox.svg
# port: 7745
services:
homebox:
image: ghcr.io/hay-kot/homebox:latest
environment:
- SERVICE_FQDN_HOMEBOX_7745
- HBOX_LOG_LEVEL=${HBOX_LOG_LEVEL:-info}
- HBOX_LOG_FORMAT=${HBOX_LOG_FORMAT:-text}
- HBOX_WEB_MAX_UPLOAD_SIZE=${HBOX_WEB_MAX_UPLOAD_SIZE:-10}
volumes:
- homebox-data:/data/
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:7745"]
interval: 5s
timeout: 20s
retries: 10

76
templates/compose/immich.yaml Normal file
View File

@@ -0,0 +1,76 @@
# documentation: https://immich.app/docs/overview/introduction
# slogan: Self-hosted photo and video management solution.
# tags: photo,video,management,server,cloud,storage,sharing,metadata,face,recognition
# logo: svgs/immich.svg
# port: 2283
services:
immich:
image: ghcr.io/immich-app/immich-server:release
# extends:
# file: hwaccel.transcoding.yml
# service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
volumes:
- immich-uploads:/usr/src/app/upload
- /etc/localtime:/etc/localtime:ro
environment:
- SERVICE_FQDN_IMMICH_3001
- UPLOAD_LOCATION=./library
- DB_DATA_LOCATION=./postgres
- DB_PASSWORD=$SERVICE_PASSWORD_POSTGRES
- DB_USERNAME=$SERVICE_USER_POSTGRES
- DB_DATABASE_NAME=${DB_DATABASE_NAME:-immich}
- TZ=${TZ:-Etc/UTC}
depends_on:
redis:
condition: service_healthy
database:
condition: service_healthy
healthcheck:
disable: false
immich-machine-learning:
container_name: immich_machine_learning
# For hardware acceleration, add one of -[armnn, cuda, openvino] to the image tag.
# Example tag: ${IMMICH_VERSION:-release}-cuda
image: ghcr.io/immich-app/immich-machine-learning:release
# extends: # uncomment this section for hardware acceleration - see https://immich.app/docs/features/ml-hardware-acceleration
# file: hwaccel.ml.yml
# service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
volumes:
- immich-model-cache:/cache
environment:
- UPLOAD_LOCATION=./library
- DB_DATA_LOCATION=./postgres
- DB_PASSWORD=$SERVICE_PASSWORD_POSTGRES
- DB_USERNAME=$SERVICE_USER_POSTGRES
- DB_DATABASE_NAME=${DB_DATABASE_NAME:-immich}
- TZ=${TZ:-Etc/UTC}
healthcheck:
disable: false
redis:
image: redis:7.4-alpine
healthcheck:
test:
- CMD
- redis-cli
- PING
interval: 5s
timeout: 10s
retries: 20
database:
image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0
environment:
POSTGRES_PASSWORD: ${SERVICE_PASSWORD_POSTGRES}
POSTGRES_USER: ${SERVICE_USER_POSTGRES}
POSTGRES_DB: ${DB_DATABASE_NAME:-immich}
POSTGRES_INITDB_ARGS: '--data-checksums'
volumes:
- immich-postgres-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10

44
templates/compose/kimai.yaml Normal file
View File

@@ -0,0 +1,44 @@
# documentation: https://www.kimai.org/
# slogan: Open source time-tracking app.
# tags: time-tracking, open-source
# logo: svgs/kimai.svg
# port: 8001
services:
mysql:
image: mysql:8
volumes:
- kimai-mysql-data:/var/lib/mysql
environment:
- MYSQL_DATABASE=${MYSQL_DATABASE:-kimai}
- MYSQL_USER=${SERVICE_USER_MYSQL}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MYSQL}
- MYSQL_ROOT_PASSWORD=${SERVICE_PASSWORD_ROOT}
command: --default-storage-engine innodb
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1"]
interval: 5s
timeout: 20s
retries: 10
kimai:
image: kimai/kimai2:apache-latest
container_name: kimai
depends_on:
mysql:
condition: service_healthy
volumes:
- kimai-data:/opt/kimai/var/data
environment:
- SERVICE_FQDN_KIMAI_8001
- APP_SECRET=${SERVICE_PASSWORD_APPSECRET}
- MAILER_FROM=${MAILER_FROM:-kimai@example.com}
- MAILER_URL=${MAILER_URL:-null://null}
- ADMINMAIL=${ADMINMAIL:-admin@kimai.local}
- ADMINPASS=${SERVICE_PASSWORD_ADMINPASS}
- DATABASE_URL=mysql://${SERVICE_USER_MYSQL}:${SERVICE_PASSWORD_MYSQL}@mysql/${MYSQL_DATABASE}?charset=utf8mb4&serverVersion=8.3.0
- TRUSTED_HOSTS=localhost
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:8001"]
interval: 2s
timeout: 10s
retries: 15

19
templates/compose/libretranslate.yaml Normal file
View File

@@ -0,0 +1,19 @@
# documentation: https://libretranslate.com/docs/
# slogan: Free and open-source machine translation API, entirely self-hosted.
# tags: translate, api
# logo: svgs/libretranslate.svg
# port: 5000
services:
libretranslate:
image: "libretranslate/libretranslate:latest"
environment:
- SERVICE_FQDN_LIBRETRANSLATE_5000
- LT_SSL=${LT_SSL:-true}
- LT_UPDATE_MODELS=${LT_UPDATE_MODELS:-true}
- LT_LOAD_ONLY=${LT_LOAD_ONLY:-en,es,fr,de,ja}
volumes:
- libretranslate-api-keys:/app/db
- libretranslate-models:/home/libretranslate/.local
healthcheck:
test: ["CMD-SHELL", "./venv/bin/python scripts/healthcheck.py"]

61
templates/compose/nextcloud-with-mariadb.yaml Normal file
View File

@@ -0,0 +1,61 @@
# documentation: https://docs.nextcloud.com
# slogan: NextCloud is a self-hosted, open-source platform that provides file storage, collaboration, and communication tools for seamless data management.
# tags: cloud, collaboration, communication, filestorage, data
# logo: svgs/nextcloud.svg
# port: 80
services:
nextcloud:
image: lscr.io/linuxserver/nextcloud:latest
environment:
- SERVICE_FQDN_NEXTCLOUD_80
- PUID=1000
- PGID=1000
- TZ=${TZ:-Europe/Paris}
- MYSQL_DATABASE=${MARIADB_DATABASE:-nextcloud}
- MYSQL_USER=${SERVICE_USER_MARIADB}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MARIADB}
- MYSQL_HOST=nextcloud-db
- REDIS_HOST=redis
- REDIS_PORT=6379
volumes:
- nextcloud-config:/config
- nextcloud-data:/data
depends_on:
nextcloud-db:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:80"]
interval: 2s
timeout: 10s
retries: 15
nextcloud-db:
image: mariadb:11
volumes:
- nextcloud-mariadb-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=${SERVICE_PASSWORD_ROOT}
- MYSQL_DATABASE=${MARIADB_DATABASE:-nextcloud}
- MYSQL_USER=${SERVICE_USER_MARIADB}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MARIADB}
healthcheck:
test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
interval: 5s
timeout: 20s
retries: 10
redis:
image: "redis:7.4-alpine"
volumes:
- "nextcloud-redis-data:/data"
healthcheck:
test:
- CMD
- redis-cli
- PING
interval: 5s
timeout: 10s
retries: 20

61
templates/compose/nextcloud-with-mysql.yaml Normal file
View File

@@ -0,0 +1,61 @@
# documentation: https://docs.nextcloud.com
# slogan: NextCloud is a self-hosted, open-source platform that provides file storage, collaboration, and communication tools for seamless data management.
# tags: cloud, collaboration, communication, filestorage, data
# logo: svgs/nextcloud.svg
# port: 80
services:
nextcloud:
image: lscr.io/linuxserver/nextcloud:latest
environment:
- SERVICE_FQDN_NEXTCLOUD_80
- PUID=1000
- PGID=1000
- TZ=${TZ:-Europe/Paris}
- MYSQL_DATABASE=${MYSQL_DATABASE:-nextcloud}
- MYSQL_USER=${SERVICE_USER_MYSQL}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MYSQL}
- MYSQL_HOST=nextcloud-db
- REDIS_HOST=redis
- REDIS_PORT=6379
volumes:
- nextcloud-config:/config
- nextcloud-data:/data
depends_on:
nextcloud-db:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:80"]
interval: 2s
timeout: 10s
retries: 15
nextcloud-db:
image: mysql:8.4.2
volumes:
- nextcloud-mysql-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=${SERVICE_PASSWORD_ROOT}
- MYSQL_DATABASE=${MYSQL_DATABASE:-nextcloud}
- MYSQL_USER=${SERVICE_USER_MYSQL}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MYSQL}
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1"]
interval: 5s
timeout: 20s
retries: 10
redis:
image: "redis:7.4-alpine"
volumes:
- "nextcloud-redis-data:/data"
healthcheck:
test:
- CMD
- redis-cli
- PING
interval: 5s
timeout: 10s
retries: 20

60
templates/compose/nextcloud-with-postgres.yaml Normal file
View File

@@ -0,0 +1,60 @@
# documentation: https://docs.nextcloud.com
# slogan: NextCloud is a self-hosted, open-source platform that provides file storage, collaboration, and communication tools for seamless data management.
# tags: cloud, collaboration, communication, filestorage, data
# logo: svgs/nextcloud.svg
# port: 80
services:
nextcloud:
image: lscr.io/linuxserver/nextcloud:latest
environment:
- SERVICE_FQDN_NEXTCLOUD_80
- PUID=1000
- PGID=1000
- TZ=${TZ:-Europe/Paris}
- POSTGRES_DB=${POSTGRES_DB:-nextcloud}
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_HOST=nextcloud-db
- REDIS_HOST=redis
- REDIS_PORT=6379
volumes:
- nextcloud-config:/config
- nextcloud-data:/data
depends_on:
nextcloud-db:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:80"]
interval: 2s
timeout: 10s
retries: 15
nextcloud-db:
image: postgres:16-alpine
volumes:
- nextcloud-postgresql-data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-nextcloud}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10
redis:
image: "redis:7.4-alpine"
volumes:
- "nextcloud-redis-data:/data"
healthcheck:
test:
- CMD
- redis-cli
- PING
interval: 5s
timeout: 10s
retries: 20

5
templates/compose/nextcloud.yaml
View File

@@ -2,15 +2,16 @@
# slogan: NextCloud is a self-hosted, open-source platform that provides file storage, collaboration, and communication tools for seamless data management.
# tags: cloud, collaboration, communication, filestorage, data
# logo: svgs/nextcloud.svg
# port: 80
services:
nextcloud:
image: lscr.io/linuxserver/nextcloud:latest
environment:
- SERVICE_FQDN_NEXTCLOUD
- SERVICE_FQDN_NEXTCLOUD_80
- PUID=1000
- PGID=1000
- TZ=Europe/Madrid
- TZ=${TZ:-Europe/Madrid}
volumes:
- nextcloud-config:/config
- nextcloud-data:/data

46
templates/compose/ntfy.yaml Normal file
View File

@@ -0,0 +1,46 @@
# documentation: https://docs.ntfy.sh/
# slogan: ntfy is a simple HTTP-based pub-sub notification service. It allows you to send notifications to your phone or desktop via scripts from any computer, and/or using a REST API.
# tags: ntfy, notification, push notification, pub-sub, notify
# logo: svgs/ntfy.svg
# port: 80
services:
ntfy:
image: binwiederhier/ntfy
command:
- serve
environment:
- SERVICE_FQDN_NTFY_80
- NTFY_BASE_URL=${SERVICE_FQDN_NTFY}
- TZ=${TZ:-UTC}
- NTFY_CACHE_FILE=/var/cache/ntfy/cache.db
- NTFY_AUTH_FILE=/var/lib/ntfy/auth.db
- NTFY_UPSTREAM_BASE_URL=${UPSTREAM_BASE_URL:-https://ntfy.sh}
- NTFY_ENABLE_SIGNUP=${NTFY_ENABLE_SIGNUP:-true}
- NTFY_ENABLE_LOGIN=${NTFY_ENABLE_LOGIN:-true}
- NTFY_CACHE_DURATION=${NTFY_CACHE_DURATION:-24h}
- NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT=${NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT:-1G}
- NTFY_ATTACHMENT_FILE_SIZE_LIMIT=${NTFY_ATTACHMENT_FILE_SIZE_LIMIT:-10M}
- NTFY_ATTACHMENT_EXPIRY_DURATION=${NTFY_ATTACHMENT_EXPIRY_DURATION:-24h}
- NTFY_SMTP_SENDER_ADDR=${NTFY_SMTP_SENDER_ADDR:-smtp.your-domain.de}
- NTFY_SMTP_SENDER_USER=${NTFY_SMTP_SENDER_USER:-no-reply@de}
- NTFY_SMTP_SENDER_PASS=${NTFY_SMTP_SENDER_PASS:-password}
- NTFY_SMTP_SENDER_FROM=${NTFY_SMTP_SENDER_FROM:-no-reply@de}
- NTFY_KEEPALIVE_INTERVAL=${NTFY_KEEPALIVE_INTERVAL:-5m}
- NTFY_MANAGER_INTERVAL=${NTFY_MANAGER_INTERVAL:-5m}
- NTFY_VISITOR_MESSAGE_DAILY_LIMIT=${NTFY_VISITOR_MESSAGE_DAILY_LIMIT:-100}
- NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT=${NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT:-1G}
- NTFY_UPSTREAM_ACCESS_TOKEN=${UPSTREAM_ACCESS_TOKEN}
- NTFY_AUTH_DEFAULT_ACCESS=${NTFY_AUTH_DEFAULT_ACCESS:-read-write}
- NTFY_WEB_PUSH_PUBLIC_KEY=${NTFY_WEB_PUSH_PUBLIC_KEY}
- NTFY_WEB_PUSH_PRIVATE_KEY=${NTFY_WEB_PUSH_PRIVATE_KEY}
- NTFY_WEB_PUSH_EMAIL_ADDRESS=${NTFY_WEB_PUSH_EMAIL_ADDRESS}
volumes:
- ntfy-cache:/var/cache/ntfy
- ntfy-db:/var/lib/ntfy/
healthcheck:
test: ["CMD-SHELL", "wget -q --tries=1 http://localhost:80/v1/health -O - | grep -Eo '\"healthy\"\\s*:\\s*true' || exit 1"]
interval: 60s
timeout: 10s
retries: 3
start_period: 40s

72
templates/compose/owncloud.yaml Normal file
View File

@@ -0,0 +1,72 @@
# documentation: https://owncloud.com/docs
# slogan: OwnCloud with Open Web UI integrates file management with a powerful, user-friendly interface.
# tags: owncloud,file-management,open-web-ui,integration,cloud
# logo: svgs/owncloud.svg
# port: 8080
services:
owncloud:
image: owncloud/server:latest
depends_on:
mariadb:
condition: service_healthy
redis:
condition: service_healthy
environment:
- SERVICE_FQDN_OWNCLOUD_8080
- OWNCLOUD_DOMAIN=${SERVICE_FQDN_OWNCLOUD}
- OWNCLOUD_TRUSTED_DOMAINS=${SERVICE_URL_OWNCLOUD}
- OWNCLOUD_DB_TYPE=mysql
- OWNCLOUD_DB_HOST=mariadb
- OWNCLOUD_DB_NAME=${DB_NAME:-owncloud}
- OWNCLOUD_DB_USERNAME=${SERVICE_USER_MARIADB}
- OWNCLOUD_DB_PASSWORD=${SERVICE_PASSWORD_MARIADB}
- OWNCLOUD_ADMIN_USERNAME=${SERVICE_USER_OWNCLOUD}
- OWNCLOUD_ADMIN_PASSWORD=${SERVICE_PASSWORD_OWNCLOUD}
- OWNCLOUD_MYSQL_UTF8MB4=${MYSQL_UTF8MB4:-true}
- OWNCLOUD_REDIS_ENABLED=${REDIS_ENABLED:-true}
- OWNCLOUD_REDIS_HOST=redis
healthcheck:
test:
- CMD
- /usr/bin/healthcheck
interval: 30s
timeout: 10s
retries: 5
volumes:
- owncloud-data:/mnt/data
mariadb:
image: mariadb:latest
environment:
- MYSQL_ROOT_PASSWORD=${SERVICE_PASSWORD_MARIADBROOT}
- MYSQL_USER=${SERVICE_USER_MARIADB}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_MARIADB}
- MYSQL_DATABASE=${DB_NAME:-owncloud}
- TZ=auto
command:
- "--character-set-server=utf8mb4"
- "--collation-server=utf8mb4_bin"
- "--max-allowed-packet=128M"
- "--innodb-log-file-size=64M"
healthcheck:
test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
interval: 5s
timeout: 20s
retries: 10
volumes:
- owncloud-mysql-data:/var/lib/mysql
redis:
image: redis:6
command:
- "--databases"
- "1"
healthcheck:
test:
- CMD
- redis-cli
- ping
interval: 10s
timeout: 5s
retries: 5

41
templates/compose/peppermint.yaml Normal file
View File

@@ -0,0 +1,41 @@
# documentation: https://docs.peppermint.sh/
# slogan: Open source helpdesk solution designed to enhance the user experience for teams currently utilizing costly software alternatives
# tags: helpdesk, open-source, peppermint, postgres
# logo: svgs/peppermint.png
# port: 3000
services:
postgres:
image: postgres:16-alpine
volumes:
- peppermint-postgresql-data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-peppermint-db}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10
peppermint:
image: pepperlabs/peppermint:latest
depends_on:
postgres:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1:3000"]
interval: 2s
timeout: 10s
retries: 15
environment:
- SERVICE_FQDN_PEPPERMINT_3000
- SERVICE_FQDN_PEPPERMINT_5003
- DB_USERNAME=${SERVICE_USER_POSTGRES}
- DB_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- DB_HOST=postgres
- DB_NAME=${POSTGRES_DB:-peppermint-db}
- SECRET=${SERVICE_PASSWORD_PEPPERMINT}
- API_URL=${SERVICE_FQDN_PEPPERMINT_5003}
# The default login is "admin@admin.com" with the password "1234"

42
templates/compose/plane.yaml
View File

@@ -23,6 +23,15 @@ x-app-env: &app-env
- REDIS_HOST=plane-redis
- REDIS_PORT=6379
- REDIS_URL=${REDIS_URL:-redis://plane-redis:6379/}
# RabbitMQ Settings
- RABBITMQ_HOST=plane-mq
- RABBITMQ_PORT=${RABBITMQ_PORT:-5672}
- RABBITMQ_DEFAULT_USER=${SERVICE_USER_RABBITMQ:-plane}
- RABBITMQ_DEFAULT_PASS=${SERVICE_PASSWORD_RABBITMQ:-plane}
- RABBITMQ_DEFAULT_VHOST=${RABBITMQ_VHOST:-plane}
- RABBITMQ_VHOST=${RABBITMQ_VHOST:-plane}
- 'AMQP_URL=amqp://${SERVICE_USER_RABBITMQ}:${SERVICE_PASSWORD_RABBITMQ}@plane-mq:${RABBITMQ_PORT}/plane'
# Application secret
- SECRET_KEY=$SERVICE_PASSWORD_64_SECRETKEY
# DATA STORE SETTINGS
@@ -36,10 +45,8 @@ x-app-env: &app-env
- MINIO_ROOT_PASSWORD=$SERVICE_PASSWORD_MINIO
- BUCKET_NAME=${BUCKET_NAME:-uploads}
- FILE_SIZE_LIMIT=${FILE_SIZE_LIMIT:-5242880}
# Admin and Space URLs
- ADMIN_BASE_URL=${ADMIN_BASE_URL}
- SPACE_BASE_URL=${SPACE_BASE_URL}
- APP_BASE_URL=${SERVICE_FQDN_PLANE}
# Live server env
- API_BASE_URL=${API_BASE_URL:-http://api:8000}
services:
proxy:
@@ -97,6 +104,19 @@ services:
timeout: 10s
retries: 15
live:
<<: *app-env
image: makeplane/plane-live:stable
command: node live/dist/server.js live
depends_on:
- api
- web
healthcheck:
test: ["CMD", "echo", "hey whats up"]
interval: 2s
timeout: 10s
retries: 15
api:
<<: *app-env
image: makeplane/plane-backend:stable
@@ -157,7 +177,7 @@ services:
plane-db:
<<: *app-env
image: postgres:15.5-alpine
image: postgres:15.7-alpine
command: postgres -c 'max_connections=1000'
volumes:
- pgdata:/var/lib/postgresql/data
@@ -178,6 +198,18 @@ services:
timeout: 20s
retries: 10
plane-mq:
<<: *app-env
image: rabbitmq:3.13.6-management-alpine
restart: always
volumes:
- rabbitmq_data:/var/lib/rabbitmq
healthcheck:
test: rabbitmq-diagnostics -q ping
interval: 30s
timeout: 30s
retries: 3
plane-minio:
<<: *app-env
image: minio/minio:latest

4
templates/compose/plausible.yaml
View File

@@ -6,7 +6,7 @@
services:
plausible:
image: "ghcr.io/plausible/community-edition:v2.1"
image: "ghcr.io/plausible/community-edition:v2.1.4"
command: 'sh -c "sleep 10 && /entrypoint.sh db createdb && /entrypoint.sh db migrate && /entrypoint.sh run"'
environment:
- SERVICE_FQDN_PLAUSIBLE
@@ -22,7 +22,7 @@ services:
image: bytemark/smtp
plausible_db:
image: "postgres:14-alpine"
image: "postgres:16-alpine"
volumes:
- "db-data:/var/lib/postgresql/data"
environment:

29
templates/compose/plunk.yaml
View File

@@ -4,10 +4,9 @@
# logo: svgs/plunk.svg
# port: 3000
version: '3'
services:
plunk:
image: driaug/plunk
image: driaug/plunk:latest
depends_on:
postgresql:
condition: service_healthy
@@ -16,8 +15,8 @@ services:
environment:
- SERVICE_FQDN_PLUNK_3000
- REDIS_URL=redis://redis:6379
- DATABASE_URL=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@postgresql/plunk?schema=public
- JWT_SECRET=${SERVICE_PASSWORD_JWT_SECRET}
- DATABASE_URL=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@postgresql/plunk-db?schema=public
- JWT_SECRET=${SERVICE_PASSWORD_JWTSECRET}
- AWS_REGION=${AWS_REGION}
- AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
- AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
@@ -25,30 +24,32 @@ services:
- NEXT_PUBLIC_API_URI=${SERVICE_FQDN_PLUNK}/api
- APP_URI=${SERVICE_FQDN_PLUNK}
- API_URI=${SERVICE_FQDN_PLUNK}/api
- DISABLE_SIGNUPS=False
- DISABLE_SIGNUPS=${DISABLE_SIGNUPS:-False}
entrypoint: [ "/app/entry.sh" ]
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://127.0.0.1:3000"]
interval: 2s
timeout: 10s
retries: 15
postgresql:
image: postgres:16-alpine
environment:
- POSTGRES_USER=$SERVICE_USER_POSTGRES
- POSTGRES_PASSWORD=$SERVICE_PASSWORD_POSTGRES
- POSTGRES_DB=${POSTGRES_DB:-plunk}
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-plunk-db}
volumes:
- postgresql-data:/var/lib/postgresql/data
- plunk-postgresql-data:/var/lib/postgresql/data
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U postgres -d postgres" ]
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 10s
retries: 20
timeout: 20s
retries: 10
redis:
image: "redis:7.4-alpine"
image: redis:7.4-alpine
volumes:
- "redis-data:/data"
- plunk-redis-data:/data
healthcheck:
test:
- CMD

48
templates/compose/qbittorrent.yaml Normal file
View File

@@ -0,0 +1,48 @@
# documentation: https://docs.linuxserver.io/images/docker-qbittorrent/
# slogan: The qBittorrent project aims to provide an open-source software alternative to μTorrent.
# tags: torrent, streaming, webui
# logo: svgs/qbittorrent.svg
# port: 8080
services:
qbit:
image: "lscr.io/linuxserver/qbittorrent:latest"
environment:
- WEBUI_PORT=${WEBUI_PORT:-8080}
- PUID=1000
- PGID=1000
volumes:
- qbittorrent-config:/config
- qbittorrent-downloads:/downloads
- qbittorrent-torrents:/torrents
healthcheck:
test:
- CMD
- wget
- "-q"
- "--spider"
- "http://127.0.0.1:8080/"
interval: 5s
timeout: 20s
retries: 10
vuetorrent-backend:
image: "ghcr.io/vuetorrent/vuetorrent-backend:latest"
environment:
- SERVICE_FQDN_QBITORRENT_8080
- PORT=${WEBUI_PORT:-8080}
- QBIT_BASE=${SERVICE_FQDN_QBITORRENT}
- RELEASE_TYPE=${RELEASE_TYPE:-stable}
- UPDATE_VT_CRON=${UPDATE_VT_CRON:-"0 * * * *"}
volumes:
- vuetorrent-config:/config
healthcheck:
test:
- CMD
- wget
- "-q"
- "--spider"
- "http://127.0.0.1:8080/"
interval: 5s
timeout: 20s
retries: 10

121
templates/compose/supabase.yaml
View File

@@ -14,7 +14,7 @@ services:
supabase-analytics:
condition: service_healthy
environment:
- SERVICE_FQDN_SUPABASEKONG
- SERVICE_FQDN_SUPABASEKONG_8000
- JWT_SECRET=${SERVICE_PASSWORD_JWT}
- KONG_DATABASE=off
- KONG_DECLARATIVE_CONFIG=/home/kong/kong.yml
@@ -278,7 +278,7 @@ services:
config:
hide_credentials: true
supabase-studio:
image: supabase/studio:20240729-ce42139
image: supabase/studio:20240923-2e3e90c
healthcheck:
test:
[
@@ -301,7 +301,7 @@ services:
- DEFAULT_ORGANIZATION_NAME=${STUDIO_DEFAULT_ORGANIZATION:-Default Organization}
- DEFAULT_PROJECT_NAME=${STUDIO_DEFAULT_PROJECT:-Default Project}
- SUPABASE_URL=${SERVICE_FQDN_SUPABASEKONG}
- 'SUPABASE_URL=http://supabase-kong:8000'
- SUPABASE_PUBLIC_URL=${SERVICE_FQDN_SUPABASEKONG}
- SUPABASE_ANON_KEY=${SERVICE_SUPABASEANON_KEY}
- SUPABASE_SERVICE_KEY=${SERVICE_SUPABASESERVICE_KEY}
@@ -309,6 +309,7 @@ services:
- LOGFLARE_API_KEY=${SERVICE_PASSWORD_LOGFLARE}
- LOGFLARE_URL=http://supabase-analytics:4000
- 'SUPABASE_PUBLIC_API=${SERVICE_FQDN_SUPABASEKONG}'
- NEXT_PUBLIC_ENABLE_LOGS=true
# Comment to use Big Query backend for analytics
- NEXT_ANALYTICS_BACKEND_PROVIDER=postgres
@@ -330,7 +331,6 @@ services:
- config_file=/etc/postgresql/postgresql.conf
- -c
- log_min_messages=fatal
restart: unless-stopped
environment:
- POSTGRES_HOST=/var/run/postgresql
- PGPORT=${POSTGRES_PORT:-5432}
@@ -351,6 +351,21 @@ services:
create schema if not exists _realtime;
alter schema _realtime owner to :pguser;
- type: bind
source: ./volumes/db/_supabase.sql
target: /docker-entrypoint-initdb.d/migrations/97-_supabase.sql
content: |
\set pguser `echo "$POSTGRES_USER"`
CREATE DATABASE _supabase WITH OWNER :pguser;
- type: bind
source: ./volumes/db/pooler.sql
target: /docker-entrypoint-initdb.d/migrations/99-pooler.sql
content: |
\set pguser `echo "supabase_admin"`
\c _supabase
create schema if not exists _supavisor;
alter schema _supavisor owner to :pguser;
- type: bind
source: ./volumes/db/webhooks.sql
target: /docker-entrypoint-initdb.d/init-scripts/98-webhooks.sql
@@ -591,7 +606,7 @@ services:
target: /docker-entrypoint-initdb.d/migrations/99-logs.sql
content: |
\set pguser `echo "supabase_admin"`
\c _supabase
create schema if not exists _analytics;
alter schema _analytics owner to :pguser;
# Use named volume to persist pgsodium decryption key between restarts
@@ -604,7 +619,6 @@ services:
timeout: 5s
interval: 5s
retries: 10
restart: unless-stopped
depends_on:
supabase-db:
condition: service_healthy
@@ -616,7 +630,7 @@ services:
environment:
- LOGFLARE_NODE_HOST=127.0.0.1
- DB_USERNAME=supabase_admin
- DB_DATABASE=${POSTGRES_DB:-postgres}
- DB_DATABASE=_supabase
- DB_HOSTNAME=${POSTGRES_HOSTNAME:-supabase-db}
- DB_PORT=${POSTGRES_PORT:-5432}
- DB_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
@@ -628,7 +642,7 @@ services:
- LOGFLARE_MIN_CLUSTER_SIZE=1
# Comment variables to use Big Query backend for analytics
- POSTGRES_BACKEND_URL=postgresql://supabase_admin:${SERVICE_PASSWORD_POSTGRES}@${POSTGRES_HOSTNAME:-supabase-db}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-postgres}
- POSTGRES_BACKEND_URL=postgresql://supabase_admin:${SERVICE_PASSWORD_POSTGRES}@${POSTGRES_HOSTNAME:-supabase-db}:${POSTGRES_PORT:-5432}/_supabase
- POSTGRES_BACKEND_SCHEMA=_analytics
- LOGFLARE_FEATURE_FLAG_OVERRIDE=multibackend=true
@@ -902,10 +916,9 @@ services:
condition: service_healthy
supabase-analytics:
condition: service_healthy
restart: unless-stopped
environment:
- PGRST_DB_URI=postgres://authenticator:${SERVICE_PASSWORD_POSTGRES}@${POSTGRES_HOSTNAME:-supabase-db}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-postgres}
- PGRST_DB_SCHEMAS=${PGRST_DB_SCHEMAS:-public}
- 'PGRST_DB_SCHEMAS=${PGRST_DB_SCHEMAS:-public,storage,graphql_public}'
- PGRST_DB_ANON_ROLE=anon
- PGRST_JWT_SECRET=${SERVICE_PASSWORD_JWT}
- PGRST_DB_USE_LEGACY_GUCS=false
@@ -914,7 +927,7 @@ services:
command: "postgrest"
exclude_from_hc: true
supabase-auth:
image: supabase/gotrue:v2.151.0
image: supabase/gotrue:v2.158.1
depends_on:
supabase-db:
# Disable this if you are using an external Postgres database
@@ -992,7 +1005,7 @@ services:
# GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_ENABLED="true"
# GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_URI="pg-functions://postgres/public/password_verification_attempt"
# Uncomment to enable common OAuth Variables
#- 'GOTRUE_EXTERNAL_GITHUB_CLIENT_ID=${GOTRUE_EXTERNAL_GITHUB_CLIENT_ID}'
#- 'GOTRUE_EXTERNAL_GITHUB_ENABLED=${GOTRUE_EXTERNAL_GITHUB_ENABLED}'
@@ -1005,7 +1018,7 @@ services:
realtime-dev:
# This container name looks inconsistent but is correct because realtime constructs tenant id by parsing the subdomain
image: supabase/realtime:v2.30.23
image: supabase/realtime:v2.30.34
container_name: realtime-dev.supabase-realtime
depends_on:
supabase-db:
@@ -1085,7 +1098,7 @@ services:
exit 0
supabase-storage:
image: supabase/storage-api:v1.0.6
image: supabase/storage-api:v1.10.1
depends_on:
supabase-db:
# Disable this if you are using an external Postgres database
@@ -1185,7 +1198,7 @@ services:
- PG_META_DB_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
supabase-edge-functions:
image: supabase/edge-runtime:v1.53.3
image: supabase/edge-runtime:v1.58.3
depends_on:
supabase-analytics:
condition: service_healthy
@@ -1327,3 +1340,81 @@ services:
- start
- --main-service
- /home/deno/functions/main
supabase-supavisor:
image: 'supabase/supavisor:1.1.56'
healthcheck:
test:
- CMD
- curl
- "-sSfL"
- "-o"
- /dev/null
- "http://127.0.0.1:4000/api/health"
timeout: 5s
interval: 5s
retries: 10
depends_on:
supabase-db:
condition: service_healthy
supabase-analytics:
condition: service_healthy
environment:
- POOLER_TENANT_ID=dev_tenant
- POOLER_POOL_MODE=transaction
- POOLER_DEFAULT_POOL_SIZE=${POOLER_DEFAULT_POOL_SIZE:-20}
- POOLER_MAX_CLIENT_CONN=${POOLER_MAX_CLIENT_CONN:-100}
- PORT=4000
- 'POSTGRES_PORT=${POSTGRES_PORT:-5432}'
- 'POSTGRES_HOSTNAME=${POSTGRES_HOSTNAME:-supabase-db}'
- 'POSTGRES_DB=${POSTGRES_DB:-postgres}'
- 'POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}'
- 'DATABASE_URL=ecto://supabase_admin:${SERVICE_PASSWORD_POSTGRES}@${POSTGRES_HOSTNAME:-supabase-db}:${POSTGRES_PORT:-5432}/_supabase'
- CLUSTER_POSTGRES=true
- 'SECRET_KEY_BASE=${SERVICE_PASSWORD_SUPAVISORSECRET}'
- 'VAULT_ENC_KEY=${SERVICE_PASSWORD_VAULTENC}'
- 'API_JWT_SECRET=${SERVICE_PASSWORD_JWT}'
- 'METRICS_JWT_SECRET=${SERVICE_PASSWORD_JWT}'
- REGION=local
- 'ERL_AFLAGS=-proto_dist inet_tcp'
command:
- /bin/sh
- "-c"
- '/app/bin/migrate && /app/bin/supavisor eval "$$(cat /etc/pooler/pooler.exs)" && /app/bin/server'
volumes:
- type: bind
source: ./volumes/pooler/pooler.exs
target: /etc/pooler/pooler.exs
content: |
{:ok, _} = Application.ensure_all_started(:supavisor)
{:ok, version} =
case Supavisor.Repo.query!("select version()") do
%{rows: [[ver]]} -> Supavisor.Helpers.parse_pg_version(ver)
_ -> nil
end
params = %{
"external_id" => System.get_env("POOLER_TENANT_ID"),
"db_host" => System.get_env("POSTGRES_HOSTNAME"),
"db_port" => System.get_env("POSTGRES_PORT") |> String.to_integer(),
"db_database" => System.get_env("POSTGRES_DB"),
"require_user" => false,
"auth_query" => "SELECT * FROM pgbouncer.get_auth($1)",
"default_max_clients" => System.get_env("POOLER_MAX_CLIENT_CONN"),
"default_pool_size" => System.get_env("POOLER_DEFAULT_POOL_SIZE"),
"default_parameter_status" => %{"server_version" => version},
"users" => [%{
"db_user" => "pgbouncer",
"db_password" => System.get_env("POSTGRES_PASSWORD"),
"mode_type" => System.get_env("POOLER_POOL_MODE"),
"pool_size" => System.get_env("POOLER_DEFAULT_POOL_SIZE"),
"is_manager" => true
}]
}
tenant = Supavisor.Tenants.get_tenant_by_external_id(params["external_id"])
if tenant do
{:ok, _} = Supavisor.Tenants.update_tenant(tenant, params)
else
{:ok, _} = Supavisor.Tenants.create_tenant(params)
end

50
templates/compose/traccar.yaml Normal file
View File

@@ -0,0 +1,50 @@
# documentation: https://www.traccar.org/documentation/
# slogan: Traccar is a free and open source modern GPS tracking system.
# tags: traccar,gps,tracking,open,source
# logo: svgs/traccar.png
# port: 8082
services:
traccar:
image: traccar/traccar:latest
environment:
- SERVICE_FQDN_TRACCAR_8082
- SERVICE_FQDN_TRACCARAPI_5159
- CONFIG_USE_ENVIRONMENT_VARIABLES=${CONFIG_USE_ENVIRONMENT_VARIABLES:-true}
- DATABASE_USER=${SERVICE_USER_POSTGRES}
- DATABASE_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
volumes:
- type: bind
source: ./srv/traccar/conf/traccar.xml
target: /opt/traccar/conf/traccar.xml
content: |
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE properties SYSTEM 'http://java.sun.com/dtd/properties.dtd'>
<properties>
<entry key='config.default'>./conf/default.xml</entry>
<entry key='database.driver'>org.postgresql.Driver</entry>
<entry key='database.url'>jdbc:postgresql://postgres:5432/traccar</entry>
</properties>
depends_on:
postgres:
condition: service_healthy
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:8082/ping"]
interval: 30s
timeout: 10s
retries: 3
start_period: 15s
postgres:
image: postgres:16-alpine
environment:
- POSTGRES_USER=$SERVICE_USER_POSTGRES
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRESQL_DATABASE:-traccar}
volumes:
- traccar-postgresql-data:/var/lib/postgresql/data/
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10

31
templates/compose/transmission.yaml Normal file
View File

@@ -0,0 +1,31 @@
# documentation: https://docs.linuxserver.io/images/docker-transmission/
# slogan: Fast, easy, and free BitTorrent client.
# tags: bittorrent, torrent, peer-to-peer
# logo: svgs/transmission.svg
# port: 9091
services:
transmission:
image: lscr.io/linuxserver/transmission:latest
environment:
- SERVICE_FQDN_TRANSMISSION_9091
- PUID=1000
- PGID=1000
- USER=${SERVICE_USER_ADMIN}
- PASS=${SERVICE_PASSWORD_ADMIN}
volumes:
- transmission-config:/config
- transmission-downloads:/downloads
- transmission-watch:/watch
healthcheck:
test: [
"CMD",
"curl",
"-sSfL",
"-u",
"${SERVICE_USER_ADMIN}:${SERVICE_PASSWORD_ADMIN}",
"http://localhost:9091/"
]
interval: 30s
timeout: 10s
retries: 3

60
templates/compose/unsend.yaml Normal file
View File

@@ -0,0 +1,60 @@
# documentation: https://docs.unsend.dev/get-started/self-hosting
# slogan: Unsend is an open-source alternative to Resend, Sendgrid, Mailgun and Postmark etc.
# tags: resend, mailer, marketing emails, transaction emails, self-hosting, postmark
# logo: svgs/unsend.svg
# port: 3000
services:
postgres:
image: postgres:16
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${SERVICE_DB_POSTGRES:-unsend}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10
volumes:
- unsend-postgres-data:/var/lib/postgresql/data
redis:
image: redis:7
volumes:
- unsend-redis-data:/data
command: ["redis-server", "--maxmemory-policy", "noeviction"]
healthcheck:
test:
- CMD
- redis-cli
- PING
interval: 5s
timeout: 10s
retries: 20
unsend:
image: unsend/unsend:latest
environment:
- SERVICE_FQDN_UNSEND_3000
- DATABASE_URL=postgresql://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@postgres:5432/${SERVICE_DB_POSTGRES:-unsend}
- NEXTAUTH_URL=${SERVICE_FQDN_UNSEND}
- NEXTAUTH_SECRET=${SERVICE_BASE64_64_NEXTAUTHSECRET}
- AWS_ACCESS_KEY=${SERVICE_AWS_ACCESS_KEY}
- AWS_SECRET_KEY=${SERVICE_AWS_SECRET_KEY}
- AWS_DEFAULT_REGION=${SERVICE_AWS_DEFAULT_REGION}
- GITHUB_ID=${SERVICE_GITHUB_ID}
- GITHUB_SECRET=${SERVICE_GITHUB_SECRET}
- REDIS_URL=redis://redis:6379
- NEXT_PUBLIC_IS_CLOUD=${NEXT_PUBLIC_IS_CLOUD:-false}
- API_RATE_LIMIT=${SERVICE_API_RATE_LIMIT:-1}
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
healthcheck:
test: [ "CMD-SHELL", "wget -qO- http://127.0.0.1:3000 || exit 1" ]
interval: 5s
retries: 10
timeout: 2s

41
templates/compose/vvveb-with-mariadb.yaml Normal file
View File

@@ -0,0 +1,41 @@
# documentation: https://docs.vvveb.com
# slogan: Powerful and easy to use cms to build websites, blogs or ecommerce stores.
# tags: cms, blog, content, management, ecommerce, page-builder, nocode, mysql, sqlite, pgsql
# logo: svgs/vvveb.svg
# port: 80
services:
vvveb:
image: vvveb/vvvebcms:latest
volumes:
- vvveb-data:/var/www/html
environment:
- SERVICE_FQDN_VVVEB_80
- DB_ENGINE=mysqli
- DB_HOST=mariadb
- DB_USER=${SERVICE_USER_VVVEB}
- DB_PASSWORD=${SERVICE_PASSWORD_VVVEB}
- DB_NAME=${MARIADB_DATABASE:-vvveb}
depends_on:
mariadb:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1"]
interval: 2s
timeout: 10s
retries: 10
mariadb:
image: mariadb:11
volumes:
- vvveb-mariadb-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=${SERVICE_PASSWORD_ROOT}
- MYSQL_DATABASE=${MARIADB_DATABASE:-vvveb}
- MYSQL_USER=${SERVICE_USER_VVVEB}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_VVVEB}
healthcheck:
test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
interval: 5s
timeout: 20s
retries: 10

41
templates/compose/vvveb-with-mysql.yaml Normal file
View File

@@ -0,0 +1,41 @@
# documentation: https://docs.vvveb.com
# slogan: Powerful and easy to use cms to build websites, blogs or ecommerce stores.
# tags: cms, blog, content, management, ecommerce, page-builder, nocode, mysql, sqlite, pgsql
# logo: svgs/vvveb.svg
# port: 80
services:
vvveb:
image: vvveb/vvvebcms:latest
volumes:
- vvveb-data:/var/www/html
environment:
- SERVICE_FQDN_VVVEB_80
- DB_ENGINE=mysqli
- DB_HOST=mysql
- DB_USER=${SERVICE_USER_VVVEB}
- DB_PASSWORD=${SERVICE_PASSWORD_VVVEB}
- DB_NAME=${MYSQL_DATABASE:-vvveb}
depends_on:
mysql:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1"]
interval: 2s
timeout: 10s
retries: 10
mysql:
image: mysql:8.4.2
volumes:
- vvveb-mysql-data:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=${SERVICE_PASSWORD_ROOT}
- MYSQL_DATABASE=${MYSQL_DATABASE:-vvveb}
- MYSQL_USER=${SERVICE_USER_VVVEB}
- MYSQL_PASSWORD=${SERVICE_PASSWORD_VVVEB}
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "127.0.0.1"]
interval: 5s
timeout: 20s
retries: 10

18
templates/compose/vvveb.yaml Normal file
View File

@@ -0,0 +1,18 @@
# documentation: https://docs.vvveb.com
# slogan: Powerful and easy to use cms to build websites, blogs or ecommerce stores.
# tags: cms, blog, content, management, ecommerce, page-builder, nocode, mysql, sqlite, pgsql
# logo: svgs/vvveb.svg
# port: 80
services:
vvveb:
image: vvveb/vvvebcms:latest
volumes:
- vvveb-data:/var/www/html
environment:
- SERVICE_FQDN_VVVEB_80
healthcheck:
test: ["CMD", "curl", "-f", "http://127.0.0.1"]
interval: 2s
timeout: 10s
retries: 10

187
templates/compose/zep.yaml Normal file
View File

@@ -0,0 +1,187 @@
# documentation: https://help.getzep.com/concepts
# slogan: Zep enhances your AI agent's knowledge through continuous learning from user interactions, enabling personalized experiences and improved accuracy.
# tags: lowcode, nocode, ai, llm, openai, anthropic, machine-learning, rag, agents, chatbot, api, team, bot, flows, memory
# logo: svgs/zep.png
# port: 8000
services:
postgres:
image: ghcr.io/getzep/postgres:postgres-15
shm_size: 128mb
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
volumes:
- pg_data:/var/lib/postgresql/data
healthcheck:
test:
- CMD-SHELL
- "pg_isready -h localhost -U $${POSTGRES_USER} -d postgres"
interval: 5s
timeout: 5s
retries: 5
nlp:
image: ghcr.io/getzep/zep-nlp-server:0.4
environment:
- SERVICE_FQDN_NLP_5557
- ZEP_OPENAI_API_KEY=${OPENAI_API_KEY}
- ZEP_AUTH_SECRET=${SERVICE_PASSWORD_AUTHSECRET}
- ZEP_SERVER_WEB_ENABLED=${ZEP_SERVER_WEB_ENABLED:-false}
healthcheck:
test: "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/5557' || exit 1"
interval: 10s
timeout: 5s
retries: 5
start_period: 45s
zep:
image: ghcr.io/getzep/zep:latest
depends_on:
postgres:
condition: service_healthy
nlp:
condition: service_healthy
environment:
- SERVICE_FQDN_ZEP_8000
- ZEP_STORE_POSTGRES_DSN=postgres://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@postgres:5432/postgres?sslmode=disable
- ZEP_NLP_SERVER_URL=http://nlp:5557
- ZEP_EXTRACTORS_DOCUMENTS_EMBEDDINGS_SERVICE=${EXTRACTORS_DOCUMENTS_EMBEDDINGS_SERVICE:-openai}
- ZEP_EXTRACTORS_DOCUMENTS_EMBEDDINGS_DIMENSIONS=${EXTRACTORS_DOCUMENTS_EMBEDDINGS_DIMENSIONS:-1536}
- ZEP_EXTRACTORS_MESSAGES_EMBEDDINGS_SERVICE=${EXTRACTORS_MESSAGES_EMBEDDINGS_SERVICE:-openai}
- ZEP_EXTRACTORS_MESSAGES_EMBEDDINGS_DIMENSIONS=${EXTRACTORS_MESSAGES_EMBEDDINGS_DIMENSIONS:-1536}
- ZEP_EXTRACTORS_MESSAGES_SUMMARIZER_EMBEDDINGS_SERVICE=${EXTRACTORS_MESSAGES_SUMMARIZER_EMBEDDINGS_SERVICE:-openai}
- ZEP_EXTRACTORS_MESSAGES_SUMMARIZER_EMBEDDINGS_DIMENSIONS=${EXTRACTORS_MESSAGES_SUMMARIZER_EMBEDDINGS_DIMENSIONS:-1536}
- ZEP_OPENAI_API_KEY=${OPENAI_API_KEY}
- ZEP_AUTH_SECRET=${SERVICE_PASSWORD_AUTHSECRET}
- ZEP_SERVER_WEB_ENABLED=${ZEP_SERVER_WEB_ENABLED:-false}
volumes:
- type: bind
source: ./config.yaml
target: /app/config.yaml
content: |
llm:
# openai or anthropic
service: "openai"
# OpenAI: gpt-3.5-turbo, gpt-4, gpt-3.5-turbo-1106, gpt-3.5-turbo-16k, gpt-4-32k, gpt-4o-mini, gpt-4o-mini-2024-07-18; Anthropic: claude-instant-1 or claude-2
model: "gpt-4o-mini"
## OpenAI-specific settings
# Only used for Azure OpenAI API
azure_openai_endpoint:
# for Azure OpenAI API deployment, the model may be deployed with custom deployment names
# set the deployment names if you encounter in logs HTTP 404 errors:
# "The API deployment for this resource does not exist."
azure_openai:
# llm.model name is used as deployment name as reasonable default if not set
# assuming base model is deployed with deployment name matching model name
# llm_deployment: "gpt-4o-mini-customname"
# embeddings deployment is required when Zep is configured to use OpenAI embeddings
# embedding_deployment: "text-embedding-ada-002-customname"
# Use only with an alternate OpenAI-compatible API endpoint
llm_deployment:
embedding_deployment:
openai_endpoint:
openai_org_id:
nlp:
server_url: "http://localhost:5557"
memory:
message_window: 12
extractors:
documents:
embeddings:
enabled: true
chunk_size: 1000
dimensions: 384
service: "local"
# dimensions: 1536
# service: "openai"
messages:
summarizer:
enabled: true
entities:
enabled: true
embeddings:
enabled: true
dimensions: 384
service: "local"
entities:
enabled: true
intent:
enabled: true
embeddings:
enabled: true
dimensions: 384
service: "local"
# dimensions: 1536
# service: "openai"
store:
type: "postgres"
postgres:
dsn: "postgres://postgres:postgres@localhost:5432/?sslmode=disable"
server:
# Specify the host to listen on. Defaults to 0.0.0.0
host: 0.0.0.0
port: 8000
# Is the Web UI enabled?
# Warning: The Web UI is not secured by authentication and should not be enabled if
# Zep is exposed to the public internet.
web_enabled: true
# The maximum size of a request body, in bytes. Defaults to 5MB.
max_request_size: 5242880
auth:
# Set to true to enable authentication
required: true
# Do not use this secret in production. The ZEP_AUTH_SECRET environment variable should be
# set to a cryptographically secure secret. See the Zep docs for details.
secret: "do-not-use-this-secret-in-production"
data:
# PurgeEvery is the period between hard deletes, in minutes.
# If set to 0 or undefined, hard deletes will not be performed.
purge_every: 60
log:
level: "info"
opentelemetry:
enabled: false
# Custom Prompts Configuration
# Allows customization of extractor prompts.
custom_prompts:
summarizer_prompts:
# Anthropic Guidelines:
# - Use XML-style tags like <current_summary> as element identifiers.
# - Include {{.PrevSummary}} and {{.MessagesJoined}} as template variables.
# - Clearly explain model instructions, e.g., "Review content inside <current_summary></current_summary> tags".
# - Provide a clear example within the prompt.
#
# Example format:
# anthropic: |
# <YOUR INSTRUCTIONS HERE>
# <example>
# <PROVIDE AN EXAMPLE>
# </example>
# <current_summary>{{.PrevSummary}}</current_summary>
# <new_lines>{{.MessagesJoined}}</new_lines>
# Response without preamble.
#
# If left empty, the default Anthropic summary prompt from zep/pkg/extractors/prompts.go will be used.
anthropic: |
# OpenAI summarizer prompt configuration.
# Guidelines:
# - Include {{.PrevSummary}} and {{.MessagesJoined}} as template variables.
# - Provide a clear example within the prompt.
#
# Example format:
# openai: |
# <YOUR INSTRUCTIONS HERE>
# Example:
# <PROVIDE AN EXAMPLE>
# Current summary: {{.PrevSummary}}
# New lines of conversation: {{.MessagesJoined}}
# New summary:`
#
# If left empty, the default OpenAI summary prompt from zep/pkg/extractors/prompts.go will be used.
openai: |
healthcheck:
test: "timeout 10s bash -c ':> /dev/tcp/127.0.0.1/8000' || exit 1"
interval: 5s
timeout: 10s
retries: 3
start_period: 40s

42
templates/compose/zipline.yaml Normal file
View File

@@ -0,0 +1,42 @@
# documentation: https://github.com/diced/zipline
# slogan: A ShareX/file upload server that is easy to use, packed with features, and with an easy setup!
# tags: zipline,file-sharing,upload,sharing
# logo: svgs/zipline.png
# port: 3000
services:
zipline:
image: ghcr.io/diced/zipline:latest
environment:
- SERVICE_FQDN_ZIPLINE_3000
- CORE_RETURN_HTTPS=${CORE_RETURN_HTTPS:-false}
- CORE_SECRET=${SERVICE_PASSWORD_64_ZIPLINE}
- CORE_DATABASE_URL=postgres://${SERVICE_USER_POSTGRES}:${SERVICE_PASSWORD_POSTGRES}@postgres/${POSTGRES_DB:-zipline-db}
- CORE_LOGGER=${CORE_LOGGER:-true}
# Default credentials are "administrator" and "password"
volumes:
- zipline-uploads:/zipline/uploads
- zipline-public:/zipline/public
depends_on:
postgres:
condition: service_healthy
healthcheck:
test:
["CMD", "wget", "-q", "--spider", "http://127.0.0.1:3000/auth/login"]
interval: 5s
timeout: 20s
retries: 10
postgres:
image: postgres:16-alpine
volumes:
- zipline-postgres-data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=${SERVICE_USER_POSTGRES}
- POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}
- POSTGRES_DB=${POSTGRES_DB:-zipline-db}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
interval: 5s
timeout: 20s
retries: 10