-
Notifications
You must be signed in to change notification settings - Fork 341
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
99 lines (97 loc) · 3.41 KB
/
Copy pathdocker-compose.yml
File metadata and controls
99 lines (97 loc) · 3.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
version: "3.7"
services:
invidious:
container_name: invidious
image: quay.io/invidious/invidious:master
restart: unless-stopped
depends_on:
invidious-db:
condition: service_healthy
inv_sig_helper:
condition: service_started
ports:
- "${APP_PORT}:3000"
environment:
INVIDIOUS_CONFIG: |
db:
dbname: invidious
user: tipi
password: tipi
host: invidious-db
port: 5432
check_tables: true
hmac_key: ${INVIDIOUS_HMAC_KEY}
use_innertube_for_captions: true
domain: ${INVIDIOUS_DOMAIN}
external_port: ${INVIDIOUS_EXTERNAL_PORT:-${APP_PORT}}
https_only: ${INVIDIOUS_HTTPS_ONLY}
signature_server: inv_sig_helper:12999
visitor_data: ${INVIDIOUS_VISITOR_DATA}
po_token: ${INVIDIOUS_PO_TOKEN}
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1
interval: 30s
timeout: 5s
retries: 2
networks:
- tipi_main_network
labels:
# Main
traefik.enable: true
traefik.http.middlewares.invidious-web-redirect.redirectscheme.scheme: https
traefik.http.services.invidious.loadbalancer.server.port: 3000
# Web
traefik.http.routers.invidious-insecure.rule: Host(`${APP_DOMAIN}`)
traefik.http.routers.invidious-insecure.entrypoints: web
traefik.http.routers.invidious-insecure.service: invidious
traefik.http.routers.invidious-insecure.middlewares: invidious-web-redirect
# Websecure
traefik.http.routers.invidious.rule: Host(`${APP_DOMAIN}`)
traefik.http.routers.invidious.entrypoints: websecure
traefik.http.routers.invidious.service: invidious
traefik.http.routers.invidious.tls.certresolver: myresolver
# Local domain
traefik.http.routers.invidious-local-insecure.rule: Host(`invidious.${LOCAL_DOMAIN}`)
traefik.http.routers.invidious-local-insecure.entrypoints: web
traefik.http.routers.invidious-local-insecure.service: invidious
traefik.http.routers.invidious-local-insecure.middlewares: invidious-web-redirect
# Local domain secure
traefik.http.routers.invidious-local.rule: Host(`invidious.${LOCAL_DOMAIN}`)
traefik.http.routers.invidious-local.entrypoints: websecure
traefik.http.routers.invidious-local.service: invidious
traefik.http.routers.invidious-local.tls: true
runtipi.managed: true
inv_sig_helper:
container_name: inv_sig_helper
image: quay.io/invidious/inv-sig-helper:latest
command: ["--tcp", "0.0.0.0:12999"]
environment:
- RUST_LOG=info
restart: unless-stopped
cap_drop:
- ALL
read_only: true
security_opt:
- no-new-privileges:true
networks:
- tipi_main_network
labels:
runtipi.managed: true
invidious-db:
container_name: invidious-db
image: postgres:14
restart: unless-stopped
volumes:
- ${APP_DATA_DIR}/data/postgres:/var/lib/postgresql/data
- ${APP_DATA_DIR}/data/init/sql:/config/sql
- ${APP_DATA_DIR}/data/init/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
environment:
POSTGRES_DB: invidious
POSTGRES_USER: tipi
POSTGRES_PASSWORD: tipi
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
networks:
- tipi_main_network
labels:
runtipi.managed: true