version: "3.7" services: linkstack: container_name: linkstack hostname: linkstack entrypoint: "/bin/sh" command: - -c - | cp -n -r /htdocs/database/ /data/database cp -n /htdocs/.env /data/.env cp -n -r /htdocs/littlelink/images /data/images cp -n -r /htdocs/themes /data/themes cp -n -r /htdocs/img /data/img chown -R apache:apache /data rm -rf /htdocs/database/ rm /htdocs/.env rm -rf /htdocs/littlelink/images rm -rf /htdocs/themes rm -rf /htdocs/img sed -i 's/FORCE_HTTPS=false/FORCE_HTTPS=true/g' /data/.env # uncomment this after first start # to prevent the installing dialog coming up # if the container is recreated # rm /htdocs/INSTALLING ln -s /data/database /htdocs/database ln -s /data/.env /htdocs/.env ln -s /data/images /htdocs/littlelink/images ln -s /data/themes /htdocs/themes ln -s /data/img/ /htdocs/img cd /htdocs php artisan migrate --force exec /usr/local/bin/docker-entrypoint.sh server image: linkstackorg/linkstack:latest environment: - TZ=${TZ} - SERVER_ADMIN=${LINKSTACK_CUSTOM_EMAIL} - HTTP_SERVER_NAME=${APP_DOMAIN} - HTTPS_SERVER_NAME=${APP_DOMAIN} - LOG_LEVEL=info - PHP_MEMORY_LIMIT=256M - UPLOAD_MAX_FILESIZE=8M - DB_CONNECTION=sqlite - FORCE_HTTPS=true volumes: - "${APP_DATA_DIR}/data/linkstack:/data" ports: - 8184:80 - "${APP_PORT}:443" restart: unless-stopped networks: - tipi_main_network labels: # Main traefik.enable: true traefik.http.services.linkstack.loadbalancer.server.port: 80 traefik.http.middlewares.linkstack-web-redirect.redirectscheme.scheme: https traefik.http.middlewares.linkstack-security-headers.headers.contentSecurityPolicy: "upgrade-insecure-requests" traefik.http.middlewares.linkstack-forwarded-headers.headers.customrequestheaders.X-Real-IP: "$remote_addr" traefik.http.middlewares.linkstack-forwarded-headers.headers.customrequestheaders.X-Forwarded-For: "$proxy_add_x_forwarded_for" traefik.http.middlewares.linkstack-forwarded-headers.headers.customrequestheaders.X-Forwarded-Proto: "https" traefik.http.middlewares.linkstack-forwarded-headers.headers.customrequestheaders.X-VerifiedViaNginx: "yes" traefik.http.middlewares.linkstack-forwarded-headers.headers.customrequestheaders.Upgrade: "$http_upgrade" traefik.http.middlewares.linkstack-forwarded-headers.headers.customrequestheaders.Connection: "upgrade" # Web traefik.http.routers.linkstack-insecure.rule: Host(`${APP_DOMAIN}`) traefik.http.routers.linkstack-insecure.entrypoints: web traefik.http.routers.linkstack-insecure.service: linkstack traefik.http.routers.linkstack-insecure.middlewares: linkstack-web-redirect # Websecure traefik.http.routers.linkstack.rule: Host(`${APP_DOMAIN}`) traefik.http.routers.linkstack.entrypoints: websecure traefik.http.routers.linkstack.service: linkstack traefik.http.routers.linkstack.middlewares: linkstack-security-headers,linkstack-forwarded-headers traefik.http.routers.linkstack.tls.certresolver: myresolver # Local domain traefik.http.routers.linkstack-local-insecure.rule: Host(`linkstack.${LOCAL_DOMAIN}`) traefik.http.routers.linkstack-local-insecure.entrypoints: web traefik.http.routers.linkstack-local-insecure.service: linkstack traefik.http.routers.linkstack-local-insecure.middlewares: linkstack-web-redirect # Local domain secure traefik.http.routers.linkstack-local.rule: Host(`linkstack.${LOCAL_DOMAIN}`) traefik.http.routers.linkstack-local.entrypoints: websecure traefik.http.routers.linkstack-local.service: linkstack traefik.http.routers.linkstack-local.middlewares: linkstack-security-headers,linkstack-forwarded-headers traefik.http.routers.linkstack-local.tls: true