volumes: lago_postgres_data: lago_redis_data: lago_storage_data: traefik_certificates: traefik_config: x-common-environment: &common-environment LAGO_API_URL: ${LAGO_API_URL} REDIS_PASSWORD: ${REDIS_PASSWORD} SECRET_KEY_BASE: ${SECRET_KEY_BASE} RAILS_ENV: ${RAILS_ENV} RAILS_LOG_TO_STDOUT: ${LAGO_RAILS_STDOUT} SENTRY_DSN: ${SENTRY_DSN} LAGO_FRONT_URL: ${LAGO_FRONT_URL} LAGO_RSA_PRIVATE_KEY: ${LAGO_RSA_PRIVATE_KEY} LAGO_ENCRYPTION_PRIMARY_KEY: ${LAGO_ENCRYPTION_PRIMARY_KEY} LAGO_ENCRYPTION_DETERMINISTIC_KEY: ${LAGO_ENCRYPTION_DETERMINISTIC_KEY} LAGO_ENCRYPTION_KEY_DERIVATION_SALT: ${LAGO_ENCRYPTION_KEY_DERIVATION_SALT} LAGO_USE_AWS_S3: ${LAGO_USE_AWS_S3} LAGO_AWS_S3_ACCESS_KEY_ID: ${LAGO_AWS_S3_ACCESS_KEY_ID} LAGO_AWS_S3_SECRET_ACCESS_KEY: ${LAGO_AWS_S3_SECRET_ACCESS_KEY} LAGO_AWS_S3_REGION: ${LAGO_AWS_S3_REGION} LAGO_AWS_S3_BUCKET: ${LAGO_AWS_S3_BUCKET} LAGO_AWS_S3_ENDPOINT: ${LAGO_AWS_S3_ENDPOINT} LAGO_USE_GCS: ${LAGO_USE_GCS} LAGO_GCS_PROJECT: ${LAGO_GCS_PROJECT} LAGO_GCS_BUCKET: ${LAGO_GCS_BUCKET} LAGO_PDF_URL: ${LAGO_PDF_URL} LAGO_REDIS_CACHE_PASSWORD: ${LAGO_REDIS_CACHE_PASSWORD} LAGO_DISABLE_SEGMENT: ${LAGO_DISABLE_SEGMENT} LAGO_DISABLE_WALLET_REFRESH: ${LAGO_DISABLE_WALLET_REFRESH} NANGO_SECRET_KEY: ${NANGO_SECRET_KEY} LAGO_LICENSE: ${LAGO_LICENSE} x-api-environment: &api-environment <<: *common-environment LAGO_SIDEKIQ_WEB: ${LAGO_SIDEKIQ_WEB} LAGO_OAUTH_PROXY_URL: ${LAGO_OAUTH_PROXY_URL} GOOGLE_AUTH_CLIENT_ID: ${GOOGLE_AUTH_CLIENT_ID} GOOGLE_AUTH_CLIENT_SECRET: ${GOOGLE_AUTH_CLIENT_SECRET} x-front-environment: &front-environment API_URL: ${LAGO_API_URL} APP_ENV: ${APP_ENV} LAGO_DISABLE_SIGNUP: ${LAGO_DISABLE_SIGNUP} LAGO_OAUTH_PROXY_URL: ${LAGO_OAUTH_PROXY_URL} SENTRY_DSN: ${SENTRY_DSN_FRONT} NANGO_SECRET_KEY: ${NANGO_SECRET_KEY} services: traefik: image: traefik:v2.5 container_name: traefik restart: unless-stopped command: - "--api.insecure=false" - "--api.dashboard=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--certificatesresolvers.myresolver.acme.tlschallenge=true" - "--certificatesresolvers.myresolver.acme.email=youremail@domain.tld" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" ports: - "80:80" - "443:443" volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" - traefik_certificates:/letsencrypt - traefik_config:/traefik labels: - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)" - "traefik.http.routers.traefik.entrypoints=websecure" - "traefik.http.routers.traefik.tls.certresolver=myresolver" - "traefik.http.services.traefik.loadbalancer.server.port=8080" api: container_name: lago-api image: getlago/api:v1.13.1 restart: unless-stopped depends_on: db: condition: service_healthy redis: condition: service_healthy command: ['./scripts/start.sh'] environment: <<: *api-environment DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?search_path=${POSTGRES_SCHEMA}" REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT:-6379}" healthcheck: test: ["CMD", "curl", "-f", "http://localhost:3000/health"] interval: 10s timeout: 60s retries: 5 labels: - "traefik.enable=true" - "traefik.http.routers.api.entrypoints=websecure" - "traefik.http.routers.api.rule=Host(`${DOMAIN}`) && PathPrefix(`/api`)" - "traefik.http.routers.api.tls.certresolver=myresolver" - "traefik.http.routers.api.priority=100" - "traefik.http.services.api.loadbalancer.server.port=3000" - "traefik.http.middlewares.api-strip-prefix.stripprefix.prefixes=/api" - "traefik.http.routers.api.middlewares=api-strip-prefix" volumes: - lago_storage_data:/app/storage front: container_name: lago-front image: getlago/front:v1.13.1 restart: unless-stopped depends_on: api: condition: service_healthy environment: <<: *front-environment healthcheck: test: ["CMD", "curl", "-f", "http://localhost:80"] interval: 30s timeout: 10s retries: 3 labels: - "traefik.http.routers.front.priority=50" - "traefik.enable=true" - "traefik.http.routers.front.entrypoints=websecure" - "traefik.http.routers.front.rule=Host(`${DOMAIN}`) && PathPrefix(`/`)" - "traefik.http.routers.front.tls.certresolver=myresolver" - "traefik.http.services.front.loadbalancer.server.port=80" volumes: - lago_storage_data:/app/storage db: image: postgres:14-alpine restart: unless-stopped environment: POSTGRES_DB: ${POSTGRES_DB} POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} PGDATA: ${PGDATA} PGPORT: ${POSTGRES_PORT} POSTGRES_SCHEMA: ${POSTGRES_SCHEMA} volumes: - lago_postgres_data:/data/postgres ports: - "${POSTGRES_PORT}:${POSTGRES_PORT}" healthcheck: test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"] interval: 10s timeout: 5s retries: 5 redis: image: redis:6-alpine container_name: lago-redis restart: unless-stopped command: --port ${REDIS_PORT:-6379} volumes: - lago_redis_data:/data ports: - "${REDIS_PORT:-6379}:${REDIS_PORT:-6379}" healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 10s timeout: 5s retries: 5 api-worker: container_name: lago-worker image: getlago/api:v1.13.1 restart: unless-stopped depends_on: api: condition: service_healthy command: ['./scripts/start.worker.sh'] environment: <<: *common-environment LAGO_REDIS_CACHE_URL: "redis://${LAGO_REDIS_CACHE_HOST}:${LAGO_REDIS_CACHE_PORT}" DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?search_path=${POSTGRES_SCHEMA}" REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT:-6379}" healthcheck: test: ['CMD-SHELL', 'bundle exec sidekiqmon | grep $(hostname) || exit 1'] volumes: - lago_storage_data:/app/storage api-clock: container_name: lago-clock image: getlago/api:v1.13.1 restart: unless-stopped depends_on: api: condition: service_healthy command: ['./scripts/start.clock.sh'] environment: <<: *common-environment LAGO_REDIS_CACHE_URL: "redis://${LAGO_REDIS_CACHE_HOST}:${LAGO_REDIS_CACHE_PORT}" DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?search_path=${POSTGRES_SCHEMA}" REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT:-6379}" pdf: image: getlago/lago-gotenberg:7.8.2 migrate: container_name: lago-migrate image: getlago/api:v1.13.1 depends_on: db: condition: service_healthy redis: condition: service_healthy command: ['./scripts/start.migrate.sh'] volumes: - lago_storage_data:/app/storage # You can uncomment this if you want to use a dedicated Sidekiq worker for the event ingestion. # It is recommendend if you have a high usage of events to not impact the other Sidekiq Jobs. #api-events-worker: # container_name: lago-events-worker # image: getlago/api:v1.13.1 # restart: unless-stopped # depends_on: # api: # condition: service_healthy # command: ["./scripts/start.events.worker.sh"] # environment: # - LAGO_API_URL=${LAGO_API_URL:-http://localhost:3000} # - DATABASE_URL=postgresql://${POSTGRES_USER:-lago}:${POSTGRES_PASSWORD:-changeme}@${POSTGRES_HOST:-db}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-lago}?search_path=${POSTGRES_SCHEMA:-public} # - REDIS_URL=redis://${REDIS_HOST:-redis}:${REDIS_PORT:-6379} # - REDIS_PASSWORD=${REDIS_PASSWORD} # - SECRET_KEY_BASE=${SECRET_KEY_BASE:-your-secret-key-base-hex-64} # - RAILS_ENV=production # - RAILS_LOG_TO_STDOUT=${LAGO_RAILS_STDOUT:-true} # - SENTRY_DSN=${SENTRY_DSN} # - LAGO_RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded # - RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded # - LAGO_ENCRYPTION_PRIMARY_KEY=${LAGO_ENCRYPTION_PRIMARY_KEY:-your-encryption-primary-key} # - LAGO_ENCRYPTION_DETERMINISTIC_KEY=${LAGO_ENCRYPTION_DETERMINISTIC_KEY:-your-encryption-deterministic-key} # - LAGO_ENCRYPTION_KEY_DERIVATION_SALT=${LAGO_ENCRYPTION_KEY_DERIVATION_SALT:-your-encryption-derivation-salt} # - LAGO_FRONT_URL=${LAGO_FRONT_URL:-http://localhost} # - LAGO_USE_AWS_S3=${LAGO_USE_AWS_S3:-false} # - LAGO_AWS_S3_ACCESS_KEY_ID=${LAGO_AWS_S3_ACCESS_KEY_ID:-azerty123456} # - LAGO_AWS_S3_SECRET_ACCESS_KEY=${LAGO_AWS_S3_SECRET_ACCESS_KEY:-azerty123456} # - LAGO_AWS_S3_REGION=${LAGO_AWS_S3_REGION:-us-east-1} # - LAGO_AWS_S3_BUCKET=${LAGO_AWS_S3_BUCKET:-bucket} # - LAGO_AWS_S3_ENDPOINT=${LAGO_AWS_S3_ENDPOINT} # - LAGO_USE_GCS=${LAGO_USE_GCS:-false} # - LAGO_GCS_PROJECT=${LAGO_GCS_PROJECT:-} # - LAGO_GCS_BUCKET=${LAGO_GCS_BUCKET:-} # - LAGO_PDF_URL=${LAGO_PDF_URL:-http://pdf:3000} # - LAGO_REDIS_CACHE_URL=redis://${LAGO_REDIS_CACHE_HOST:-redis}:${LAGO_REDIS_CACHE_PORT:-6379} # - LAGO_REDIS_CACHE_PASSWORD=${LAGO_REDIS_CACHE_PASSWORD} # - LAGO_DISABLE_SEGMENT=${LAGO_DISABLE_SEGMENT} # - LAGO_DISABLE_WALLET_REFRESH=${LAGO_DISABLE_WALLET_REFRESH} # - NANGO_SECRET_KEY=${NANGO_SECRET_KEY:-} # - SIDEKIQ_EVENTS=true # - LAGO_LICENSE=${LAGO_LICENSE:-} # You can uncomment this if you want to use a dedicated Sidekiq worker for the invoices pdf creation. # It is recommended if you have a high usage of invoices being created to not impact the other Sidekiq Jobs. #api-pdfs-worker: # container_name: lago-pdfs-worker # image: getlago/api:v1.13.1 # restart: unless-stopped # depends_on: # api: # condition: service_healthy # command: ["./scripts/start.pdfs.worker.sh"] # environment: # - LAGO_API_URL=${LAGO_API_URL:-http://localhost:3000} # - DATABASE_URL=postgresql://${POSTGRES_USER:-lago}:${POSTGRES_PASSWORD:-changeme}@${POSTGRES_HOST:-db}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-lago}?search_path=${POSTGRES_SCHEMA:-public} # - REDIS_URL=redis://${REDIS_HOST:-redis}:${REDIS_PORT:-6379} # - REDIS_PASSWORD=${REDIS_PASSWORD} # - SECRET_KEY_BASE=${SECRET_KEY_BASE:-your-secret-key-base-hex-64} # - RAILS_ENV=production # - RAILS_LOG_TO_STDOUT=${LAGO_RAILS_STDOUT:-true} # - SENTRY_DSN=${SENTRY_DSN} # - LAGO_RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded # - RSA_PRIVATE_KEY=${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded # - LAGO_ENCRYPTION_PRIMARY_KEY=${LAGO_ENCRYPTION_PRIMARY_KEY:-your-encryption-primary-key} # - LAGO_ENCRYPTION_DETERMINISTIC_KEY=${LAGO_ENCRYPTION_DETERMINISTIC_KEY:-your-encryption-deterministic-key} # - LAGO_ENCRYPTION_KEY_DERIVATION_SALT=${LAGO_ENCRYPTION_KEY_DERIVATION_SALT:-your-encryption-derivation-salt} # - LAGO_FRONT_URL=${LAGO_FRONT_URL:-http://localhost} # - LAGO_USE_AWS_S3=${LAGO_USE_AWS_S3:-false} # - LAGO_AWS_S3_ACCESS_KEY_ID=${LAGO_AWS_S3_ACCESS_KEY_ID:-azerty123456} # - LAGO_AWS_S3_SECRET_ACCESS_KEY=${LAGO_AWS_S3_SECRET_ACCESS_KEY:-azerty123456} # - LAGO_AWS_S3_REGION=${LAGO_AWS_S3_REGION:-us-east-1} # - LAGO_AWS_S3_BUCKET=${LAGO_AWS_S3_BUCKET:-bucket} # - LAGO_AWS_S3_ENDPOINT=${LAGO_AWS_S3_ENDPOINT} # - LAGO_USE_GCS=${LAGO_USE_GCS:-false} # - LAGO_GCS_PROJECT=${LAGO_GCS_PROJECT:-} # - LAGO_GCS_BUCKET=${LAGO_GCS_BUCKET:-} # - LAGO_PDF_URL=${LAGO_PDF_URL:-http://pdf:3000} # - LAGO_REDIS_CACHE_URL=redis://${LAGO_REDIS_CACHE_HOST:-redis}:${LAGO_REDIS_CACHE_PORT:-6379} # - LAGO_REDIS_CACHE_PASSWORD=${LAGO_REDIS_CACHE_PASSWORD} # - LAGO_DISABLE_SEGMENT=${LAGO_DISABLE_SEGMENT} # - LAGO_DISABLE_WALLET_REFRESH=${LAGO_DISABLE_WALLET_REFRESH} # - NANGO_SECRET_KEY=${NANGO_SECRET_KEY:-} # - SIDEKIQ_PDFS=true # - LAGO_LICENSE=${LAGO_LICENSE:-}