---version: "3.5"networks: penpot:volumes: penpot_postgres_v15:

1. ---
2. version: "3.5"
3.  
4. networks:
5. penpot:
6.  
7. volumes:
8. penpot_postgres_v15:
9. penpot_assets:
10. # penpot_traefik:
11. # penpot_minio:
12.  
13. services:
14. ## Traefik service declaration example. Consider using it if you are going to expose
15. ## penpot to the internet or different host than `localhost`.
16.  
17. # traefik:
18. # image: traefik:v2.9
19. # networks:
20. # - penpot
21. # command:
22. # - "--api.insecure=true"
23. # - "--entryPoints.web.address=:80"
24. # - "--providers.docker=true"
25. # - "--providers.docker.exposedbydefault=false"
26. # - "--entryPoints.websecure.address=:443"
27. # - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
28. # - "--certificatesresolvers.letsencrypt.acme.email=<EMAIL_ADDRESS>"
29. # - "--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json"
30. # volumes:
31. # - "penpot_traefik:/traefik"
32. # - "/var/run/docker.sock:/var/run/docker.sock"
33. # ports:
34. # - "80:80"
35. # - "443:443"
36.  
37. penpot-frontend:
38. image: "penpotapp/frontend:latest"
39. restart: always
40. ports:
41. - 9001:80
42.  
43. volumes:
44. - penpot_assets:/opt/data/assets
45.  
46. depends_on:
47. - penpot-backend
48. - penpot-exporter
49.  
50. networks:
51. - penpot
52.  
53. labels:
54. - "traefik.enable=true"
55.  
56. ## HTTP: example of labels for the case if you are going to expose penpot to the
57. ## internet using only HTTP (without HTTPS) with traefik
58.  
59. # - "traefik.http.routers.penpot-http.entrypoints=web"
60. # - "traefik.http.routers.penpot-http.rule=Host(`<DOMAIN_NAME>`)"
61. # - "traefik.http.services.penpot-http.loadbalancer.server.port=80"
62.  
63. ## HTTPS: example of labels for the case if you are going to expose penpot to the
64. ## internet using with HTTPS using traefik
65.  
66. # - "traefik.http.middlewares.http-redirect.redirectscheme.scheme=https"
67. # - "traefik.http.middlewares.http-redirect.redirectscheme.permanent=true"
68. # - "traefik.http.routers.penpot-http.entrypoints=web"
69. # - "traefik.http.routers.penpot-http.rule=Host(`<DOMAIN_NAME>`)"
70. # - "traefik.http.routers.penpot-http.middlewares=http-redirect"
71. # - "traefik.http.routers.penpot-https.entrypoints=websecure"
72. # - "traefik.http.routers.penpot-https.rule=Host(`<DOMAIN_NAME>`)"
73. # - "traefik.http.services.penpot-https.loadbalancer.server.port=80"
74. # - "traefik.http.routers.penpot-https.tls=true"
75. # - "traefik.http.routers.penpot-https.tls.certresolver=letsencrypt"
76.  
77. ## Configuration envronment variables for frontend the container. In this case this
78. ## container only needs the `PENPOT_FLAGS`. This environment variable is shared with
79. ## other services but not all flags are relevant to all services.
80.  
81. environment:
82. ## Relevant flags for frontend:
83. ## - demo-users
84. ## - login-with-github
85. ## - login-with-gitlab
86. ## - login-with-google
87. ## - login-with-ldap
88. ## - login-with-oidc
89. ## - login-with-password
90. ## - registration
91. ## - webhooks
92. ##
93. ## You can read more about all available flags on:
94. ## https://help.penpot.app/technical-guide/configuration/#advanced-configuration
95.  
96. - PENPOT_FLAGS=enable-registration enable-login-with-password disable-secure-session-cookies
97.  
98. penpot-backend:
99. image: "penpotapp/backend:latest"
100. restart: always
101.  
102. volumes:
103. - penpot_assets:/opt/data/assets
104.  
105. depends_on:
106. - penpot-postgres
107. - penpot-redis
108.  
109. networks:
110. - penpot
111.  
112. ## Configuration envronment variables for backend the
113. ## container.
114.  
115. environment:
116.  
117. ## Relevant flags for backend:
118. ## - demo-users
119. ## - email-verification
120. ## - log-emails
121. ## - log-invitation-tokens
122. ## - login-with-github
123. ## - login-with-gitlab
124. ## - login-with-google
125. ## - login-with-ldap
126. ## - login-with-oidc
127. ## - login-with-password
128. ## - registration
129. ## - secure-session-cookies
130. ## - smtp
131. ## - smtp-debug
132. ## - telemetry
133. ## - webhooks
134. ## - prepl-server
135. ##
136. ## You can read more about all available flags and other
137. ## environment variables for the backend here:
138. ## https://help.penpot.app/technical-guide/configuration/#advanced-configuration
139.  
140. - PENPOT_FLAGS=enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server
141.  
142. ## Penpot SECRET KEY. It serves as a master key from which other keys for subsystems
143. ## (eg http sessions, or invitations) are derived.
144. ##
145. ## If you leve it commented, all created sessions and invitations will
146. ## become invalid on container restart.
147. ##
148. ## If you going to uncomment this, we recommend use here a trully randomly generated
149. ## 512 bits base64 encoded string. You can generate one with:
150. ##
151. ## python3 -c "import secrets; print(secrets.token_urlsafe(64))"
152.  
153. # - PENPOT_SECRET_KEY=my-insecure-key
154.  
155. ## The PREPL host. Mainly used for external programatic access to penpot backend
156. ## (example: admin). By default it listen on `localhost` but if you are going to use
157. ## the `admin`, you will need to uncomment this and set the host to `0.0.0.0`.
158.  
159. # - PENPOT_PREPL_HOST=0.0.0.0
160.  
161. ## Public URI. If you are going to expose this instance to the internet and use it
162. ## under different domain than 'localhost', you will need to adjust it to the final
163. ## domain.
164. ##
165. ## Consider using traefik and set the 'disable-secure-session-cookies' if you are
166. ## not going to serve penpot under HTTPS.
167.  
168. - PENPOT_PUBLIC_URI=http://localhost:9001
169.  
170. ## Database connection parameters. Don't touch them unless you are using custom
171. ## postgresql connection parameters.
172.  
173. - PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
174. - PENPOT_DATABASE_USERNAME=penpot
175. - PENPOT_DATABASE_PASSWORD=penpot
176.  
177. ## Redis is used for the websockets notifications. Don't touch unless the redis
178. ## container has different parameters or different name.
179.  
180. - PENPOT_REDIS_URI=redis://penpot-redis/0
181.  
182. ## Default configuration for assets storage: using filesystem based with all files
183. ## stored in a docker volume.
184.  
185. - PENPOT_ASSETS_STORAGE_BACKEND=assets-fs
186. - PENPOT_STORAGE_ASSETS_FS_DIRECTORY=/opt/data/assets
187.  
188. ## Also can be configured to to use a S3 compatible storage
189. ## service like MiniIO. Look below for minio service setup.
190.  
191. # - AWS_ACCESS_KEY_ID=<KEY_ID>
192. # - AWS_SECRET_ACCESS_KEY=<ACCESS_KEY>
193. # - PENPOT_ASSETS_STORAGE_BACKEND=assets-s3
194. # - PENPOT_STORAGE_ASSETS_S3_ENDPOINT=http://penpot-minio:9000
195. # - PENPOT_STORAGE_ASSETS_S3_BUCKET=<BUKET_NAME>
196.  
197. ## Telemetry. When enabled, a periodical process will send anonymous data about this
198. ## instance. Telemetry data will enable us to learn on how the application is used,
199. ## based on real scenarios. If you want to help us, please leave it enabled. You can
200. ## audit what data we send with the code available on github
201.  
202. - PENPOT_TELEMETRY_ENABLED=true
203.  
204. ## Example SMTP/Email configuration. By default, emails are sent to the mailcatch
205. ## service, but for production usage is recommended to setup a real SMTP
206. ## provider. Emails are used to confirm user registrations & invitations. Look below
207. ## how mailcatch service is configured.
208.  
209. - PENPOT_SMTP_DEFAULT_FROM=no-reply@example.com
210. - PENPOT_SMTP_DEFAULT_REPLY_TO=no-reply@example.com
211. - PENPOT_SMTP_HOST=penpot-mailcatch
212. - PENPOT_SMTP_PORT=1025
213. - PENPOT_SMTP_USERNAME=
214. - PENPOT_SMTP_PASSWORD=
215. - PENPOT_SMTP_TLS=false
216. - PENPOT_SMTP_SSL=false
217.  
218. penpot-exporter:
219. image: "penpotapp/exporter:latest"
220. restart: always
221. networks:
222. - penpot
223.  
224. environment:
225. # Don't touch it; this uses internal docker network to
226. # communicate with the frontend.
227. - PENPOT_PUBLIC_URI=http://penpot-frontend
228.  
229. ## Redis is used for the websockets notifications.
230. - PENPOT_REDIS_URI=redis://penpot-redis/0
231.  
232. penpot-postgres:
233. image: "postgres:15"
234. restart: always
235. stop_signal: SIGINT
236.  
237. volumes:
238. - penpot_postgres_v15:/var/lib/postgresql/data
239.  
240. networks:
241. - penpot
242.  
243. environment:
244. - POSTGRES_INITDB_ARGS=--data-checksums
245. - POSTGRES_DB=penpot
246. - POSTGRES_USER=penpot
247. - POSTGRES_PASSWORD=penpot
248.  
249. penpot-redis:
250. image: redis:7
251. restart: always
252. networks:
253. - penpot
254.  
255. ## A mailcatch service, used as temporal SMTP server. You can access via HTTP to the
256. ## port 1080 for read all emails the penpot platform has sent. Should be only used as a
257. ## temporal solution meanwhile you don't have a real SMTP provider configured.
258.  
259. penpot-mailcatch:
260. image: sj26/mailcatcher:latest
261. restart: always
262. expose:
263. - '1025'
264. ports:
265. - "1080:1080"
266. networks:
267. - penpot
268.  
269. ## Example configuration of MiniIO (S3 compatible object storage service); If you don't
270. ## have preference, then just use filesystem, this is here just for the completeness.
271.  
272. # minio:
273. # image: "minio/minio:latest"
274. # command: minio server /mnt/data --console-address ":9001"
275. # restart: always
276. #
277. # volumes:
278. # - "penpot_minio:/mnt/data"
279. #
280. # environment:
281. # - MINIO_ROOT_USER=minioadmin
282. # - MINIO_ROOT_PASSWORD=minioadmin
283. #
284. # ports:
285. # - 9000:9000
286. # - 9001:9001
287.