Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ---
- version: "3.5"
- networks:
- penpot:
- volumes:
- penpot_postgres_v15:
- penpot_assets:
- # penpot_traefik:
- # penpot_minio:
- services:
- ## Traefik service declaration example. Consider using it if you are going to expose
- ## penpot to the internet or different host than `localhost`.
- # traefik:
- # image: traefik:v2.9
- # networks:
- # - penpot
- # command:
- # - "--api.insecure=true"
- # - "--entryPoints.web.address=:80"
- # - "--providers.docker=true"
- # - "--providers.docker.exposedbydefault=false"
- # - "--entryPoints.websecure.address=:443"
- # - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
- # - "--certificatesresolvers.letsencrypt.acme.email=<EMAIL_ADDRESS>"
- # - "--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json"
- # volumes:
- # - "penpot_traefik:/traefik"
- # - "/var/run/docker.sock:/var/run/docker.sock"
- # ports:
- # - "80:80"
- # - "443:443"
- penpot-frontend:
- image: "penpotapp/frontend:latest"
- restart: always
- ports:
- - 9001:80
- volumes:
- - penpot_assets:/opt/data/assets
- depends_on:
- - penpot-backend
- - penpot-exporter
- networks:
- - penpot
- labels:
- - "traefik.enable=true"
- ## HTTP: example of labels for the case if you are going to expose penpot to the
- ## internet using only HTTP (without HTTPS) with traefik
- # - "traefik.http.routers.penpot-http.entrypoints=web"
- # - "traefik.http.routers.penpot-http.rule=Host(`<DOMAIN_NAME>`)"
- # - "traefik.http.services.penpot-http.loadbalancer.server.port=80"
- ## HTTPS: example of labels for the case if you are going to expose penpot to the
- ## internet using with HTTPS using traefik
- # - "traefik.http.middlewares.http-redirect.redirectscheme.scheme=https"
- # - "traefik.http.middlewares.http-redirect.redirectscheme.permanent=true"
- # - "traefik.http.routers.penpot-http.entrypoints=web"
- # - "traefik.http.routers.penpot-http.rule=Host(`<DOMAIN_NAME>`)"
- # - "traefik.http.routers.penpot-http.middlewares=http-redirect"
- # - "traefik.http.routers.penpot-https.entrypoints=websecure"
- # - "traefik.http.routers.penpot-https.rule=Host(`<DOMAIN_NAME>`)"
- # - "traefik.http.services.penpot-https.loadbalancer.server.port=80"
- # - "traefik.http.routers.penpot-https.tls=true"
- # - "traefik.http.routers.penpot-https.tls.certresolver=letsencrypt"
- ## Configuration envronment variables for frontend the container. In this case this
- ## container only needs the `PENPOT_FLAGS`. This environment variable is shared with
- ## other services but not all flags are relevant to all services.
- environment:
- ## Relevant flags for frontend:
- ## - demo-users
- ## - login-with-github
- ## - login-with-gitlab
- ## - login-with-google
- ## - login-with-ldap
- ## - login-with-oidc
- ## - login-with-password
- ## - registration
- ## - webhooks
- ##
- ## You can read more about all available flags on:
- ## https://help.penpot.app/technical-guide/configuration/#advanced-configuration
- - PENPOT_FLAGS=enable-registration enable-login-with-password disable-secure-session-cookies
- penpot-backend:
- image: "penpotapp/backend:latest"
- restart: always
- volumes:
- - penpot_assets:/opt/data/assets
- depends_on:
- - penpot-postgres
- - penpot-redis
- networks:
- - penpot
- ## Configuration envronment variables for backend the
- ## container.
- environment:
- ## Relevant flags for backend:
- ## - demo-users
- ## - email-verification
- ## - log-emails
- ## - log-invitation-tokens
- ## - login-with-github
- ## - login-with-gitlab
- ## - login-with-google
- ## - login-with-ldap
- ## - login-with-oidc
- ## - login-with-password
- ## - registration
- ## - secure-session-cookies
- ## - smtp
- ## - smtp-debug
- ## - telemetry
- ## - webhooks
- ## - prepl-server
- ##
- ## You can read more about all available flags and other
- ## environment variables for the backend here:
- ## https://help.penpot.app/technical-guide/configuration/#advanced-configuration
- - PENPOT_FLAGS=enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server
- ## Penpot SECRET KEY. It serves as a master key from which other keys for subsystems
- ## (eg http sessions, or invitations) are derived.
- ##
- ## If you leve it commented, all created sessions and invitations will
- ## become invalid on container restart.
- ##
- ## If you going to uncomment this, we recommend use here a trully randomly generated
- ## 512 bits base64 encoded string. You can generate one with:
- ##
- ## python3 -c "import secrets; print(secrets.token_urlsafe(64))"
- # - PENPOT_SECRET_KEY=my-insecure-key
- ## The PREPL host. Mainly used for external programatic access to penpot backend
- ## (example: admin). By default it listen on `localhost` but if you are going to use
- ## the `admin`, you will need to uncomment this and set the host to `0.0.0.0`.
- # - PENPOT_PREPL_HOST=0.0.0.0
- ## Public URI. If you are going to expose this instance to the internet and use it
- ## under different domain than 'localhost', you will need to adjust it to the final
- ## domain.
- ##
- ## Consider using traefik and set the 'disable-secure-session-cookies' if you are
- ## not going to serve penpot under HTTPS.
- - PENPOT_PUBLIC_URI=http://localhost:9001
- ## Database connection parameters. Don't touch them unless you are using custom
- ## postgresql connection parameters.
- - PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
- - PENPOT_DATABASE_USERNAME=penpot
- - PENPOT_DATABASE_PASSWORD=penpot
- ## Redis is used for the websockets notifications. Don't touch unless the redis
- ## container has different parameters or different name.
- - PENPOT_REDIS_URI=redis://penpot-redis/0
- ## Default configuration for assets storage: using filesystem based with all files
- ## stored in a docker volume.
- - PENPOT_ASSETS_STORAGE_BACKEND=assets-fs
- - PENPOT_STORAGE_ASSETS_FS_DIRECTORY=/opt/data/assets
- ## Also can be configured to to use a S3 compatible storage
- ## service like MiniIO. Look below for minio service setup.
- # - AWS_ACCESS_KEY_ID=<KEY_ID>
- # - AWS_SECRET_ACCESS_KEY=<ACCESS_KEY>
- # - PENPOT_ASSETS_STORAGE_BACKEND=assets-s3
- # - PENPOT_STORAGE_ASSETS_S3_ENDPOINT=http://penpot-minio:9000
- # - PENPOT_STORAGE_ASSETS_S3_BUCKET=<BUKET_NAME>
- ## Telemetry. When enabled, a periodical process will send anonymous data about this
- ## instance. Telemetry data will enable us to learn on how the application is used,
- ## based on real scenarios. If you want to help us, please leave it enabled. You can
- ## audit what data we send with the code available on github
- - PENPOT_TELEMETRY_ENABLED=true
- ## Example SMTP/Email configuration. By default, emails are sent to the mailcatch
- ## service, but for production usage is recommended to setup a real SMTP
- ## provider. Emails are used to confirm user registrations & invitations. Look below
- ## how mailcatch service is configured.
- - PENPOT_SMTP_DEFAULT_FROM=no-reply@example.com
- - PENPOT_SMTP_DEFAULT_REPLY_TO=no-reply@example.com
- - PENPOT_SMTP_HOST=penpot-mailcatch
- - PENPOT_SMTP_PORT=1025
- - PENPOT_SMTP_USERNAME=
- - PENPOT_SMTP_PASSWORD=
- - PENPOT_SMTP_TLS=false
- - PENPOT_SMTP_SSL=false
- penpot-exporter:
- image: "penpotapp/exporter:latest"
- restart: always
- networks:
- - penpot
- environment:
- # Don't touch it; this uses internal docker network to
- # communicate with the frontend.
- - PENPOT_PUBLIC_URI=http://penpot-frontend
- ## Redis is used for the websockets notifications.
- - PENPOT_REDIS_URI=redis://penpot-redis/0
- penpot-postgres:
- image: "postgres:15"
- restart: always
- stop_signal: SIGINT
- volumes:
- - penpot_postgres_v15:/var/lib/postgresql/data
- networks:
- - penpot
- environment:
- - POSTGRES_INITDB_ARGS=--data-checksums
- - POSTGRES_DB=penpot
- - POSTGRES_USER=penpot
- - POSTGRES_PASSWORD=penpot
- penpot-redis:
- image: redis:7
- restart: always
- networks:
- - penpot
- ## A mailcatch service, used as temporal SMTP server. You can access via HTTP to the
- ## port 1080 for read all emails the penpot platform has sent. Should be only used as a
- ## temporal solution meanwhile you don't have a real SMTP provider configured.
- penpot-mailcatch:
- image: sj26/mailcatcher:latest
- restart: always
- expose:
- - '1025'
- ports:
- - "1080:1080"
- networks:
- - penpot
- ## Example configuration of MiniIO (S3 compatible object storage service); If you don't
- ## have preference, then just use filesystem, this is here just for the completeness.
- # minio:
- # image: "minio/minio:latest"
- # command: minio server /mnt/data --console-address ":9001"
- # restart: always
- #
- # volumes:
- # - "penpot_minio:/mnt/data"
- #
- # environment:
- # - MINIO_ROOT_USER=minioadmin
- # - MINIO_ROOT_PASSWORD=minioadmin
- #
- # ports:
- # - 9000:9000
- # - 9001:9001
Add Comment
Please, Sign In to add comment