version: "3.8"

services:
  sftpgo:
    container_name: sftpgo
    user: root
    image: drakkan/sftpgo:v2.5.6-alpine
    restart: unless-stopped
    depends_on:
      sftpgo-db:
        condition: service_healthy
    ports:
      - ${APP_PORT}:${SFTPGO_BINDING_PORT-8080} # Admin Web UI
      - 2022:2022 # SFTP
    healthcheck:
      test:
        ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:${SFTPGO_BINDING_PORT-8080}/healthz"]
      interval: 30s
      timeout: 5s
      retries: 5
      start_period: 30s
    volumes:
      - ${APP_DATA_DIR}/data/config:/var/lib/sftpgo
      - ${APP_DATA_DIR}/data/files:/srv/sftpgo/data
      - ${APP_DATA_DIR}/data/backups:/srv/sftpgo/backups
    environment:
      - SFTPGO_HTTPD__BINDINGS__0__PORT=${SFTPGO_BINDING_PORT-8080}
      - SFTPGO_GRACE_TIME=${SFTPGO_GRACE_TIME-5}
      - SFTPGO_MINIO_SHA256_SIMD=1
      - SFTPGO_DATA_PROVIDER__CREATE_DEFAULT_ADMIN=${SFTPGO_CREATE_DEFAULT_ADMIN-1}
      - SFTPGO_DEFAULT_ADMIN_USERNAME=${SFTPGO_ADMIN_USERNAME}
      - SFTPGO_DEFAULT_ADMIN_PASSWORD=${SFTPGO_ADMIN_PASSWORD}
      - SFTPGO_DATA_PROVIDER__DRIVER=postgresql
      - SFTPGO_DATA_PROVIDER__NAME=sftpgo
      - SFTPGO_DATA_PROVIDER__HOST=sftpgo-db
      - SFTPGO_DATA_PROVIDER__PORT=5432
      - SFTPGO_DATA_PROVIDER__USERNAME=sftpgo
      - SFTPGO_DATA_PROVIDER__PASSWORD=${SFTPGO_DATABASE_PASSWORD-sftpgo}
    networks:
      - tipi_main_network
    labels:
      # Main
      traefik.enable: true
      traefik.http.middlewares.sftpgo-web-redirect.redirectscheme.scheme: https
      traefik.http.services.sftpgo.loadbalancer.server.port: ${SFTPGO_BINDING_PORT-8080}
      # Web
      traefik.http.routers.sftpgo-insecure.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.sftpgo-insecure.entrypoints: web
      traefik.http.routers.sftpgo-insecure.service: sftpgo
      traefik.http.routers.sftpgo-insecure.middlewares: sftpgo-web-redirect
      # Websecure
      traefik.http.routers.sftpgo.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.sftpgo.entrypoints: websecure
      traefik.http.routers.sftpgo.service: sftpgo
      traefik.http.routers.sftpgo.tls.certresolver: myresolver
      # Local domain
      traefik.http.routers.sftpgo-local-insecure.rule: Host(`sftpgo.${LOCAL_DOMAIN}`)
      traefik.http.routers.sftpgo-local-insecure.entrypoints: web
      traefik.http.routers.sftpgo-local-insecure.service: sftpgo
      traefik.http.routers.sftpgo-local-insecure.middlewares: sftpgo-web-redirect
      # Local domain secure
      traefik.http.routers.sftpgo-local.rule: Host(`sftpgo.${LOCAL_DOMAIN}`)
      traefik.http.routers.sftpgo-local.entrypoints: websecure
      traefik.http.routers.sftpgo-local.service: sftpgo
      traefik.http.routers.sftpgo-local.tls: true
  
  # Postgres SQL
  sftpgo-db:
    container_name: sftpgo-db
    image: docker.io/library/postgres:16.2-alpine
    restart: unless-stopped
    networks:
      - tipi_main_network
    volumes:
      - ${APP_DATA_DIR}/db:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD", "pg_isready", "-d", "sftpgo"]
      interval: 10s
      timeout: 5s
      retries: 5
    environment:
      - POSTGRES_PASSWORD=${SFTPGO_DATABASE_PASSWORD-sftpgo}
      - POSTGRES_USER=sftpgo
      - POSTGRES_DB=sftpgo
      - PGUSER=sftpgo