Eric Bower
·
2026-01-17
docker-compose.prod.yml
1services:
2 postgres:
3 env_file:
4 - .env.prod
5 volumes:
6 - ./data/postgres-data:/var/lib/postgresql/data
7 ports:
8 - "5432:5432"
9 command: -N 1024 -B 4096MB
10 pipemgr:
11 env_file:
12 - .env.prod
13 volumes:
14 - ./data/pipemgr/data/term_info_ed25519:/key:ro
15 - ./data/pipemgr/data/term_info_ed25519-cert.pub:/key-cert.pub:ro
16 logging:
17 driver: "json-file"
18 options:
19 max-file: "3"
20 max-size: "1024m"
21 imgproxy:
22 env_file:
23 - .env.prod
24 volumes:
25 - ./data/storage:/storage
26 networks:
27 prose:
28 pgs:
29 auth-web:
30 logging:
31 driver: "json-file"
32 options:
33 max-file: "3"
34 max-size: "1024m"
35 pastes-caddy:
36 image: ghcr.io/picosh/pico/caddy:latest
37 restart: always
38 networks:
39 - pastes
40 env_file:
41 - .env.prod
42 environment:
43 APP_DOMAIN: ${PASTES_DOMAIN:-pastes.sh}
44 APP_EMAIL: ${PASTES_EMAIL:-hello@pico.sh}
45 volumes:
46 - ${PASTES_CADDYFILE}:/etc/caddy/Caddyfile
47 - ./data/pastes-caddy/data:/data
48 - ./data/pastes-caddy/config:/config
49 ports:
50 - "${PASTES_HTTPS_V4:-443}:443"
51 - "${PASTES_HTTP_V4:-80}:80"
52 - "${PASTES_HTTPS_V6:-[::1]:443}:443"
53 - "${PASTES_HTTP_V6:-[::1]:80}:80"
54 profiles:
55 - pastes
56 - caddy
57 - all
58 logging:
59 driver: "json-file"
60 options:
61 max-file: "3"
62 max-size: "1024m"
63 pastes-web:
64 dns: 1.1.1.1
65 networks:
66 pastes:
67 aliases:
68 - web
69 env_file:
70 - .env.prod
71 volumes:
72 - ./data/pastes-ssh/data:/app/ssh_data
73 pastes-ssh:
74 networks:
75 pastes:
76 aliases:
77 - ssh
78 env_file:
79 - .env.prod
80 volumes:
81 - ./data/pastes-ssh/data:/app/ssh_data
82 ports:
83 - "${PASTES_SSH_V4:-22}:2222"
84 - "${PASTES_SSH_V6:-[::1]:22}:2222"
85 pipe-caddy:
86 image: ghcr.io/picosh/pico/caddy:latest
87 restart: always
88 networks:
89 - pipe
90 env_file:
91 - .env.prod
92 environment:
93 APP_DOMAIN: ${PIPE_DOMAIN:-pipe.pico.sh}
94 APP_EMAIL: ${PIPE_EMAIL:-hello@pico.sh}
95 volumes:
96 - ${PIPE_CADDYFILE}:/etc/caddy/Caddyfile
97 - ./data/pipe-caddy/data:/data
98 - ./data/pipe-caddy/config:/config
99 ports:
100 - "${PIPE_HTTPS_V4:-443}:443"
101 - "${PIPE_HTTP_V4:-80}:80"
102 - "${PIPE_HTTPS_V6:-[::1]:443}:443"
103 - "${PIPE_HTTP_V6:-[::1]:80}:80"
104 profiles:
105 - pipe
106 - caddy
107 - all
108 pipe-web:
109 networks:
110 pipe:
111 aliases:
112 - web
113 env_file:
114 - .env.prod
115 volumes:
116 - ./data/pipe-ssh/data:/app/ssh_data
117 pipe-ssh:
118 networks:
119 pipe:
120 aliases:
121 - ssh
122 env_file:
123 - .env.prod
124 volumes:
125 - ./data/pipe-ssh/data:/app/ssh_data
126 ports:
127 - "${PIPE_SSH_V4:-22}:2222"
128 - "${PIPE_SSH_V6:-[::1]:22}:2222"
129 prose-caddy:
130 image: ghcr.io/picosh/pico/caddy:latest
131 restart: always
132 networks:
133 - prose
134 env_file:
135 - .env.prod
136 environment:
137 APP_DOMAIN: ${PROSE_DOMAIN:-prose.sh}
138 APP_EMAIL: ${PROSE_EMAIL:-hello@pico.sh}
139 volumes:
140 - ${PROSE_CADDYFILE}:/etc/caddy/Caddyfile
141 - ./data/prose-caddy/data:/data
142 - ./data/prose-caddy/config:/config
143 labels:
144 pipemgr.enable: true
145 pipemgr.filter: "http.log.access"
146 depends_on:
147 pipemgr:
148 condition: service_healthy
149 ports:
150 - "${PROSE_HTTPS_V4:-443}:443"
151 - "${PROSE_HTTP_V4:-80}:80"
152 - "${PROSE_HTTPS_V6:-[::1]:443}:443"
153 - "${PROSE_HTTP_V6:-[::1]:80}:80"
154 profiles:
155 - prose
156 - caddy
157 - all
158 logging:
159 driver: "json-file"
160 options:
161 max-file: "3"
162 max-size: "1024m"
163 prose-web:
164 dns: 1.1.1.1
165 networks:
166 prose:
167 aliases:
168 - web
169 env_file:
170 - .env.prod
171 volumes:
172 - ./data/prose-ssh/data:/app/ssh_data
173 - ./data/storage:/storage
174 prose-ssh:
175 networks:
176 prose:
177 aliases:
178 - ssh
179 env_file:
180 - .env.prod
181 volumes:
182 - ./data/prose-ssh/data:/app/ssh_data
183 - ./data/storage:/storage
184 ports:
185 - "${PROSE_SSH_V4:-22}:2222"
186 - "${PROSE_SSH_V6:-[::1]:22}:2222"
187 pgs-caddy:
188 image: ghcr.io/picosh/pico/caddy:latest
189 restart: always
190 networks:
191 - pgs
192 env_file:
193 - .env.prod
194 environment:
195 APP_DOMAIN: ${PGS_DOMAIN:-pgs.sh}
196 APP_EMAIL: ${PGS_EMAIL:-hello@pico.sh}
197 volumes:
198 - ${PGS_CADDYFILE}:/etc/caddy/Caddyfile
199 - ./data/pgs-caddy/data:/data
200 - ./data/pgs-caddy/config:/config
201 ports:
202 - "${PGS_HTTPS_V4:-443}:443"
203 - "${PGS_HTTP_V4:-80}:80"
204 - "${PGS_HTTPS_V6:-[::1]:443}:443"
205 - "${PGS_HTTP_V6:-[::1]:80}:80"
206 labels:
207 pipemgr.enable: true
208 pipemgr.filter: "http.log.access"
209 depends_on:
210 pipemgr:
211 condition: service_healthy
212 profiles:
213 - pgs
214 - caddy
215 - all
216 logging:
217 driver: "json-file"
218 options:
219 max-file: "3"
220 max-size: "1024m"
221 pgs-web:
222 dns: 1.1.1.1
223 networks:
224 pgs:
225 aliases:
226 - web
227 env_file:
228 - .env.prod
229 volumes:
230 - ./data/storage:/storage
231 - ./data/pgs-ssh/data:/app/ssh_data
232 deploy:
233 resources:
234 limits:
235 memory: 3g
236 logging:
237 driver: "json-file"
238 options:
239 max-file: "3"
240 max-size: "1024m"
241 pgs-cdn:
242 dns: 1.1.1.1
243 networks:
244 pgs:
245 aliases:
246 - web
247 env_file:
248 - .env.prod
249 volumes:
250 - ./data/pgs-ssh/data:/app/ssh_data
251 deploy:
252 resources:
253 limits:
254 memory: 3g
255 logging:
256 driver: "json-file"
257 options:
258 max-file: "3"
259 max-size: "1024m"
260 pgs-ssh:
261 networks:
262 pgs:
263 aliases:
264 - ssh
265 env_file:
266 - .env.prod
267 volumes:
268 - ./data/storage:/storage
269 - ./data/pgs-ssh/data:/app/ssh_data
270 - ./data/tmp:/tmp
271 ports:
272 - "${PGS_SSH_V4:-22}:2222"
273 - "${PGS_SSH_V6:-[::1]:22}:2222"
274 deploy:
275 resources:
276 limits:
277 memory: 3g
278 logging:
279 driver: "json-file"
280 options:
281 max-file: "3"
282 max-size: "1024m"
283 feeds-caddy:
284 image: ghcr.io/picosh/pico/caddy:latest
285 restart: always
286 networks:
287 - feeds
288 env_file:
289 - .env.prod
290 environment:
291 APP_DOMAIN: ${FEEDS_DOMAIN:-feeds.pico.sh}
292 APP_EMAIL: ${FEEDS_EMAIL:-hello@pico.sh}
293 volumes:
294 - ${FEEDS_CADDYFILE}:/etc/caddy/Caddyfile
295 - ./data/feeds-caddy/data:/data
296 - ./data/feeds-caddy/config:/config
297 ports:
298 - "${FEEDS_HTTPS_V4:-443}:443"
299 - "${FEEDS_HTTP_V4:-80}:80"
300 - "${FEEDS_HTTPS_V6:-[::1]:443}:443"
301 - "${FEEDS_HTTP_V6:-[::1]:80}:80"
302 profiles:
303 - feeds
304 - caddy
305 - all
306 feeds-web:
307 networks:
308 feeds:
309 aliases:
310 - web
311 env_file:
312 - .env.prod
313 volumes:
314 - ./data/feeds-ssh/data:/app/ssh_data
315 logging:
316 driver: "json-file"
317 options:
318 max-file: "3"
319 max-size: "1024m"
320 feeds-ssh:
321 networks:
322 feeds:
323 aliases:
324 - ssh
325 env_file:
326 - .env.prod
327 volumes:
328 - ./data/feeds-ssh/data:/app/ssh_data
329 ports:
330 - "${FEEDS_SSH_V4:-22}:2222"
331 - "${FEEDS_SSH_V6:-[::1]:22}:2222"
332 logging:
333 driver: "json-file"
334 options:
335 max-file: "3"
336 max-size: "1024m"
337 pico-caddy:
338 image: ghcr.io/picosh/pico/caddy:latest
339 restart: always
340 networks:
341 - pico
342 env_file:
343 - .env.prod
344 environment:
345 APP_DOMAIN: ${PICO_DOMAIN:-pico.sh}
346 APP_EMAIL: ${PICO_EMAIL:-hello@pico.sh}
347 volumes:
348 - ${PICO_CADDYFILE}:/etc/caddy/Caddyfile
349 - ./data/pico-caddy/data:/data
350 - ./data/pico-caddy/config:/config
351 ports:
352 - "${PICO_HTTPS_V4:-443}:443"
353 - "${PICO_HTTP_V4:-80}:80"
354 - "${PICO_HTTPS_V6:-[::1]:443}:443"
355 - "${PICO_HTTP_V6:-[::1]:80}:80"
356 profiles:
357 - pico
358 - caddy
359 - all
360 logging:
361 driver: "json-file"
362 options:
363 max-file: "3"
364 max-size: "1024m"
365 pico-ssh:
366 networks:
367 pico:
368 aliases:
369 - ssh
370 env_file:
371 - .env.prod
372 volumes:
373 - ./data/pico-ssh/data:/app/ssh_data
374 ports:
375 - "${PICO_SSH_V4:-22}:2222"
376 - "${PICO_SSH_V6:-[::1]:22}:2222"
377
378networks:
379 default:
380 enable_ipv6: true
381 ipam:
382 driver: default
383 config:
384 - subnet: "172.101.0.0/24"
385 - subnet: fd00:dead:beef:101::/112
386 prose:
387 enable_ipv6: true
388 driver_opts:
389 com.docker.network.bridge.name: prose
390 ipam:
391 config:
392 - subnet: 172.30.0.0/16
393 - subnet: fd00:dead:beef:18::/112
394 pastes:
395 enable_ipv6: true
396 driver_opts:
397 com.docker.network.bridge.name: pastes
398 ipam:
399 config:
400 - subnet: 172.19.0.0/16
401 - subnet: fd00:dead:beef:19::/112
402 feeds:
403 enable_ipv6: true
404 driver_opts:
405 com.docker.network.bridge.name: feeds
406 ipam:
407 config:
408 - subnet: 172.22.0.0/16
409 - subnet: fd00:dead:beef:22::/112
410 pgs:
411 enable_ipv6: true
412 driver_opts:
413 com.docker.network.bridge.name: pgs
414 ipam:
415 config:
416 - subnet: 172.23.0.0/16
417 - subnet: fd00:dead:beef:23::/112
418 pico:
419 enable_ipv6: true
420 driver_opts:
421 com.docker.network.bridge.name: pico
422 ipam:
423 config:
424 - subnet: 172.25.0.0/16
425 - subnet: fd00:dead:beef:25::/112
426 pipe:
427 enable_ipv6: true
428 driver_opts:
429 com.docker.network.bridge.name: pipe
430 ipam:
431 config:
432 - subnet: 172.27.0.0/16
433 - subnet: fd00:dead:beef:27::/112