| 12345678910111213141516171819202122232425262728293031323334353637 |
- # https://docs.docker.com/compose/compose-file/compose-file-v2/
- # [...] By default, every container joins an application-wide default network,
- # and is discoverable at a hostname that’s the same as the service name. [...]
- version: '2.1'
- services:
- db:
- image: postgres:10.5-alpine
- environment:
- POSTGRES_DB: koel
- POSTGRES_USER: koel
- POSTGRES_PASSWORD: secret
- # WORKAROUND cannot whitelist required caps [chown, setuid, setgid, fowner]
- cap_drop: [setpcap, mknod, audit_write, net_raw, fsetid,
- kill, net_bind_service, sys_chroot, setfcap]
- # --security-opt=no-new-privileges
- # https://docs.docker.com/engine/reference/builder/#healthcheck
- # https://github.com/docker-library/healthcheck/blob/master/postgres/docker-healthcheck
- healthcheck:
- test: echo 'SELECT 1' | psql --username koel --dbname koel || exit 1
- restart: unless-stopped
- web:
- image: fphammerle/koel:3.7.2-wait-amd64
- environment:
- DB_CONNECTION: pgsql
- DB_HOST: db
- DB_PORT: 5432
- DB_DATABASE: koel
- DB_PASSWORD: secret
- ports: ['8080:8080']
- cap_drop: [all]
- # --security-opt=no-new-privileges
- # v3 no longer supports the condition form of depends_on
- depends_on:
- db: {condition: service_healthy}
- restart: unless-stopped
|
