Mealie/docker-compose.yml



services:
  mealie:
    image: ghcr.io/mealie-recipes/mealie:latest
    container_name: mealie
    restart: always
    networks:
      - traefik
      - internal
    volumes:
      - ./mealie-data:/app/data
    #orts:
    # - "9011:9000"        # ← ADD THIS LINE
    environment:
      # Backend settings
      ALLOW_SIGNUP: "false"
      PUID: 1000
      PGID: 1000
      TZ: Europe/Ljubljana # <-- Already set here
      BASE_URL: https://mealie.rozic-dev.com

      # Database
      DB_ENGINE: postgres
      POSTGRES_USER: mealie
      POSTGRES_PASSWORD: mealie
      POSTGRES_SERVER: postgres_mealie
      POSTGRES_PORT: 5432
      POSTGRES_DB: mealie

    depends_on:
      postgres_mealie:
        condition: service_healthy

    # -----------------------------
    # Traefik Reverse Proxy Labels
    # -----------------------------
    labels:
      # ──────────────────────────────
      # Enable Traefik for this container
      # ──────────────────────────────
      - "traefik.enable=true"

      # ──────────────────────────────
      # HTTP → HTTPS redirect router
      # ──────────────────────────────
      - "traefik.http.routers.mealie-http.entrypoints=web"
      - "traefik.http.routers.mealie-http.rule=Host(`mealie.rozic-dev.com`)"
      - "traefik.http.routers.mealie-http.middlewares=mealie-redirect"

      # ──────────────────────────────
      # HTTPS router (the real one)
      # ──────────────────────────────
      - "traefik.http.routers.mealie.entrypoints=websecure"
      - "traefik.http.routers.mealie.rule=Host(`mealie.rozic-dev.com`)"
      - "traefik.http.routers.mealie.tls=true"
      - "traefik.http.routers.mealie.tls.certresolver=letsencrypt"   # ← change only if your resolver has a different name
      - "traefik.http.routers.mealie.middlewares=mealie-chain"

      # ──────────────────────────────
      # Service (where Traefik forwards the traffic)
      # ──────────────────────────────
      - "traefik.http.services.mealie.loadbalancer.server.port=9000"

      # ──────────────────────────────
      # Middleware: redirect HTTP → HTTPS
      # ──────────────────────────────
      - "traefik.http.middlewares.mealie-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.mealie-redirect.redirectscheme.permanent=true"

      # ──────────────────────────────
      # Middleware: security headers
      # ──────────────────────────────
      - "traefik.http.middlewares.mealie-security.headers.stsSeconds=63072000"
      - "traefik.http.middlewares.mealie-security.headers.stsIncludeSubdomains=true"
      - "traefik.http.middlewares.mealie-security.headers.stsPreload=true"
      - "traefik.http.middlewares.mealie-security.headers.contentTypeNosniff=true"
      - "traefik.http.middlewares.mealie-security.headers.browserXssFilter=true"
      - "traefik.http.middlewares.mealie-security.headers.referrerPolicy=same-origin"
      - "traefik.http.middlewares.mealie-security.headers.customResponseHeaders.X-Robots-Tag=none"

      # ──────────────────────────────
      # Chain: redirect + security headers (applied only to HTTPS router)
      # ──────────────────────────────
      - "traefik.http.middlewares.mealie-chain.chain.middlewares=mealie-security"
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 1024M

  postgres_mealie:
    image: postgres:15
    container_name: mealie-postgres
    restart: always
    networks:
      - internal
    #  - traefik
    environment:
      #POSTGRES_USER: mealie          # keeps your app user
      POSTGRES_DB: mealie
      POSTGRES_USER: mealie
      POSTGRES_PASSWORD: mealie
      PGUSER: mealie
      # Added for Time Zone consistency (Suggestion 2)
      TZ: Europe/Ljubljana
      PGTZ: Europe/Ljubljana 
    volumes:
      - ./mealie-pgdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD", "pg_isready", "-U", "mealie"]
      interval: 30s
      timeout: 10s
      retries: 5
 #  labels:
 #    - "traefik.enable=false"        # <-- add this single line
   #  - "traefik.enable=false"                  # already good, keeps Traefik away
 #    - "io.portainer.docker.compose.skip=true" # <-- ADD THIS
 #    - "netdata.disable=true"                  # <-- AND THIS (if you use Netdata)
# ------------------
# NETWORKS & VOLUMES
# ------------------
networks:
  traefik:
    external: true
    name: traefik_default 

  internal:
    driver: bridge

volumes:
  mealie-data:
    driver: local
  mealie-pgdata:
    driver: local
removed version - no more needed 2025-11-30 17:03:18 +00:00
first commit 2025-11-23 17:23:56 +00:00
			`services:`
			`mealie:`
			`image: ghcr.io/mealie-recipes/mealie:latest`
			`container_name: mealie`
			`restart: always`
			`networks:`
			`- traefik`
			`- internal`
			`volumes:`
			`- ./mealie-data:/app/data`
fix docker-compose.yml 2025-12-01 07:54:20 +00:00			`#orts:`
			`# - "9011:9000" # ← ADD THIS LINE`
first commit 2025-11-23 17:23:56 +00:00			`environment:`
			`# Backend settings`
			`ALLOW_SIGNUP: "false"`
			`PUID: 1000`
			`PGID: 1000`
removed version - no more needed 2025-11-30 17:03:18 +00:00			`TZ: Europe/Ljubljana # <-- Already set here`
first commit 2025-11-23 17:23:56 +00:00			`BASE_URL: https://mealie.rozic-dev.com`

			`# Database`
			`DB_ENGINE: postgres`
			`POSTGRES_USER: mealie`
			`POSTGRES_PASSWORD: mealie`
fix docker-compose.yml 2025-12-01 07:54:20 +00:00			`POSTGRES_SERVER: postgres_mealie`
first commit 2025-11-23 17:23:56 +00:00			`POSTGRES_PORT: 5432`
			`POSTGRES_DB: mealie`

			`depends_on:`
fix docker-compose.yml 2025-12-01 07:54:20 +00:00			`postgres_mealie:`
first commit 2025-11-23 17:23:56 +00:00			`condition: service_healthy`

			`# -----------------------------`
			`# Traefik Reverse Proxy Labels`
			`# -----------------------------`
			`labels:`
added fix for docker-compose.yml 2025-11-30 17:45:48 +00:00			`# ──────────────────────────────`
			`# Enable Traefik for this container`
			`# ──────────────────────────────`
first commit 2025-11-23 17:23:56 +00:00			`- "traefik.enable=true"`
fix docker-compose.yml file 2025-11-30 17:11:15 +00:00
added fix for docker-compose.yml 2025-11-30 17:45:48 +00:00			`# ──────────────────────────────`
			`# HTTP → HTTPS redirect router`
			`# ──────────────────────────────`
fix docker-compose.yml file 2025-11-30 17:11:15 +00:00			`- "traefik.http.routers.mealie-http.entrypoints=web"`
			- "traefik.http.routers.mealie-http.rule=Host(`mealie.rozic-dev.com`)"
added fix for docker-compose.yml 2025-11-30 17:45:48 +00:00			`- "traefik.http.routers.mealie-http.middlewares=mealie-redirect"`
fix docker-compose.yml file 2025-11-30 17:11:15 +00:00
added fix for docker-compose.yml 2025-11-30 17:45:48 +00:00			`# ──────────────────────────────`
			`# HTTPS router (the real one)`
			`# ──────────────────────────────`
first commit 2025-11-23 17:23:56 +00:00			`- "traefik.http.routers.mealie.entrypoints=websecure"`
fix docker-compose.yml file 2025-11-30 17:11:15 +00:00			- "traefik.http.routers.mealie.rule=Host(`mealie.rozic-dev.com`)"
first commit 2025-11-23 17:23:56 +00:00			`- "traefik.http.routers.mealie.tls=true"`
added fix for docker-compose.yml 2025-11-30 17:45:48 +00:00			`- "traefik.http.routers.mealie.tls.certresolver=letsencrypt" # ← change only if your resolver has a different name`
			`- "traefik.http.routers.mealie.middlewares=mealie-chain"`
fix docker-compose.yml file 2025-11-30 17:11:15 +00:00
added fix for docker-compose.yml 2025-11-30 17:45:48 +00:00			`# ──────────────────────────────`
			`# Service (where Traefik forwards the traffic)`
			`# ──────────────────────────────`
first commit 2025-11-23 17:23:56 +00:00			`- "traefik.http.services.mealie.loadbalancer.server.port=9000"`
fix docker-compose.yml file 2025-11-30 17:11:15 +00:00
added fix for docker-compose.yml 2025-11-30 17:45:48 +00:00			`# ──────────────────────────────`
			`# Middleware: redirect HTTP → HTTPS`
			`# ──────────────────────────────`
			`- "traefik.http.middlewares.mealie-redirect.redirectscheme.scheme=https"`
			`- "traefik.http.middlewares.mealie-redirect.redirectscheme.permanent=true"`

			`# ──────────────────────────────`
			`# Middleware: security headers`
			`# ──────────────────────────────`
fix docker-compose.yml file 2025-11-30 17:11:15 +00:00			`- "traefik.http.middlewares.mealie-security.headers.stsSeconds=63072000"`
			`- "traefik.http.middlewares.mealie-security.headers.stsIncludeSubdomains=true"`
			`- "traefik.http.middlewares.mealie-security.headers.stsPreload=true"`
			`- "traefik.http.middlewares.mealie-security.headers.contentTypeNosniff=true"`
			`- "traefik.http.middlewares.mealie-security.headers.browserXssFilter=true"`
			`- "traefik.http.middlewares.mealie-security.headers.referrerPolicy=same-origin"`
added fix for docker-compose.yml 2025-11-30 17:45:48 +00:00			`- "traefik.http.middlewares.mealie-security.headers.customResponseHeaders.X-Robots-Tag=none"`

			`# ──────────────────────────────`
			`# Chain: redirect + security headers (applied only to HTTPS router)`
			`# ──────────────────────────────`
			`- "traefik.http.middlewares.mealie-chain.chain.middlewares=mealie-security"`
fix docker-compose.yml file 2025-11-30 17:11:15 +00:00			`deploy:`
			`resources:`
			`limits:`
			`cpus: '1.0'`
			`memory: 1024M`
first commit 2025-11-23 17:23:56 +00:00
fix docker-compose.yml 2025-12-01 07:54:20 +00:00			`postgres_mealie:`
first commit 2025-11-23 17:23:56 +00:00			`image: postgres:15`
			`container_name: mealie-postgres`
			`restart: always`
			`networks:`
			`- internal`
fix docker-compose.yml 2025-12-01 07:54:20 +00:00			`# - traefik`
first commit 2025-11-23 17:23:56 +00:00			`environment:`
fix docker-compose.yml 2025-12-01 07:54:20 +00:00			`#POSTGRES_USER: mealie # keeps your app user`
first commit 2025-11-23 17:23:56 +00:00			`POSTGRES_DB: mealie`
			`POSTGRES_USER: mealie`
			`POSTGRES_PASSWORD: mealie`
fix docker-compose.yml 2025-12-01 07:54:20 +00:00			`PGUSER: mealie`
removed version - no more needed 2025-11-30 17:03:18 +00:00			`# Added for Time Zone consistency (Suggestion 2)`
			`TZ: Europe/Ljubljana`
			`PGTZ: Europe/Ljubljana`
first commit 2025-11-23 17:23:56 +00:00			`volumes:`
			`- ./mealie-pgdata:/var/lib/postgresql/data`
			`healthcheck:`
			`test: ["CMD", "pg_isready", "-U", "mealie"]`
			`interval: 30s`
			`timeout: 10s`
			`retries: 5`
fix docker-compose.yml 2025-12-01 07:54:20 +00:00			`# labels:`
			`# - "traefik.enable=false" # <-- add this single line`
			`# - "traefik.enable=false" # already good, keeps Traefik away`
			`# - "io.portainer.docker.compose.skip=true" # <-- ADD THIS`
			`# - "netdata.disable=true" # <-- AND THIS (if you use Netdata)`
first commit 2025-11-23 17:23:56 +00:00			`# ------------------`
			`# NETWORKS & VOLUMES`
			`# ------------------`
			`networks:`
			`traefik:`
			`external: true`
removed version - no more needed 2025-11-30 17:03:18 +00:00			`name: traefik_default`
first commit 2025-11-23 17:23:56 +00:00
			`internal:`
			`driver: bridge`

			`volumes:`
			`mealie-data:`
added deploy resouce limit 2025-11-30 17:05:33 +00:00			`driver: local`
			`mealie-pgdata:`
			`driver: local`