Ognir/docker-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7a496b235c8c3697d6de85063de7ecbb6e7b4e01
docker-configs/gitea/docker-compose.yml

53 lines
2.0 KiB
YAML
Executable File
Raw Blame History

# ==============================================================================
# GITEA - CONFIGURACIÓN DE PRODUCCIÓN (REVISIÓN DE SEGURIDAD)
# ==============================================================================
# - Identidad: Ejecución bajo UID 1032 / GID 100 (Estándar OgnirNAS).
# - Red: Conectado a 'services-internal-net' para aislamiento Bridge.
# - Traefik v3:
# * Se utiliza 'security-headers@file' (Middleware dinámico actualizado).
# * Vinculación explícita router-servicio para evitar estados 'disabled'.
# * Resolución de certificados vía Let's Encrypt.
# ==============================================================================
version: "3.9"
services:
server:
image: gitea/gitea:latest
container_name: gitea
restart: always
networks:
- services-internal-net
volumes:
- /volume1/docker/data/gitea:/data
environment:
- USER_UID=1032
- USER_GID=100
- TZ=Europe/Madrid
- GITEA__server__ROOT_URL=https://gitea.ognir-server.synology.me/
- GITEA__database__DB_TYPE=sqlite3
labels:
- "traefik.enable=true"
# --- Configuración del Router ---
- "traefik.http.routers.gitea.rule=Host(`gitea.ognir-server.synology.me`)"
- "traefik.http.routers.gitea.entrypoints=websecure"
- "traefik.http.routers.gitea.tls=true"
- "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
# --- Vinculación Router-Service ---
# Define el destino explícito para habilitar el router en el Dashboard.
- "traefik.http.routers.gitea.service=gitea"
# --- Configuración del Servicio (Backend) ---
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
- "traefik.docker.network=services-internal-net"
# --- Middlewares ---
# Se actualiza de 'seguridad-general' a 'security-headers' según el inventario dinámico.
- "traefik.http.routers.gitea.middlewares=security-headers@file"
networks:
services-internal-net:
external: true
Reference in New Issue View Git Blame Copy Permalink