rozic-dev-server/BabyBuddy
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
BabyBuddy/docker-compose.yml
Dejan R. c7af272bb0 first commit
2025-11-24 17:06:27 +00:00

67 lines
2.7 KiB
YAML
Raw Permalink Blame History

version: "3.8"
services:
babybuddy:
image: lscr.io/linuxserver/babybuddy:latest
container_name: babybuddy
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Ljubljana
# generate once: openssl rand -base64 48
- SECRET_KEY=CHANGE_ME_LONG_RANDOM
# domain settings for Django
- ALLOWED_HOSTS=baby.rozic-dev.com
- CSRF_TRUSTED_ORIGINS=https://baby.rozic-dev.com
# >>> make Django treat proxied requests as HTTPS
- USE_X_FORWARDED_HOST=true
- SECURE_PROXY_SSL_HEADER=HTTP_X_FORWARDED_PROTO,https
- SECURE_SSL_REDIRECT=true
- SESSION_COOKIE_SECURE=true
- CSRF_COOKIE_SECURE=true
volumes:
- ./config:/config
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik_default"
# --- HTTPS router ---
- "traefik.http.routers.babybuddy-https.rule=Host(`baby.rozic-dev.com`)"
- "traefik.http.routers.babybuddy-https.entrypoints=websecure"
- "traefik.http.routers.babybuddy-https.tls=true"
- "traefik.http.routers.babybuddy-https.tls.certresolver=letsencrypt"
- "traefik.http.routers.babybuddy-https.service=babybuddy"
- "traefik.http.services.babybuddy.loadbalancer.server.port=8000"
# --- HTTP -> HTTPS redirect ---
- "traefik.http.routers.babybuddy-http.rule=Host(`baby.rozic-dev.com`)"
- "traefik.http.routers.babybuddy-http.entrypoints=web"
- "traefik.http.routers.babybuddy-http.middlewares=babybuddy-redirect"
- "traefik.http.middlewares.babybuddy-redirect.redirectscheme.scheme=https"
# --- Optional compression/headers ---
- "traefik.http.middlewares.babybuddy-compress.compress=true"
- "traefik.http.middlewares.babybuddy-headers.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.babybuddy-headers.headers.browserXssFilter=true"
- "traefik.http.routers.babybuddy-https.middlewares=babybuddy-compress,babybuddy-headers"
# Security headers + HSTS
- "traefik.http.middlewares.babybuddy-headers.headers.stsSeconds=31536000"
- "traefik.http.middlewares.babybuddy-headers.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.babybuddy-headers.headers.stsPreload=true"
- "traefik.http.middlewares.babybuddy-headers.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.babybuddy-headers.headers.browserXssFilter=true"
- "traefik.http.middlewares.babybuddy-headers.headers.referrerPolicy=no-referrer-when-downgrade"
- "traefik.http.routers.babybuddy-https.middlewares=babybuddy-compress,babybuddy-headers"
networks:
- traefik
networks:
traefik:
external: true
name: traefik_default
Reference in a new issue View git blame Copy permalink