version: '3.8' services: # Laravel Application app: build: context: . dockerfile: Dockerfile args: - PHP_VERSION=8.4 container_name: teren-app restart: unless-stopped working_dir: /var/www volumes: - ./:/var/www - ./storage:/var/www/storage - ./bootstrap/cache:/var/www/bootstrap/cache environment: - APP_ENV=${APP_ENV:-production} - APP_DEBUG=${APP_DEBUG:-false} - DB_CONNECTION=pgsql - DB_HOST=postgres - DB_PORT=5432 - DB_DATABASE=${DB_DATABASE} - DB_USERNAME=${DB_USERNAME} - DB_PASSWORD=${DB_PASSWORD} - REDIS_HOST=redis - REDIS_PORT=6379 - QUEUE_CONNECTION=redis - LIBREOFFICE_BIN=/usr/bin/soffice depends_on: postgres: condition: service_healthy redis: condition: service_healthy networks: - teren-network # Supervisor runs inside the container (defined in Dockerfile) # Includes PHP-FPM, Laravel queue workers, and queue-sms workers # Nginx Web Server (VPN-only access) nginx: image: nginx:alpine container_name: teren-nginx restart: unless-stopped ports: - "10.13.13.1:80:80" # Only accessible via WireGuard VPN - "10.13.13.1:443:443" # Only accessible via WireGuard VPN volumes: - ./:/var/www - ./docker/nginx/conf.d:/etc/nginx/conf.d - ./docker/nginx/ssl:/etc/nginx/ssl - ./docker/certbot/conf:/etc/letsencrypt - ./docker/certbot/www:/var/www/certbot depends_on: - app networks: - teren-network command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" # Certbot for SSL certificates certbot: image: certbot/certbot container_name: teren-certbot restart: unless-stopped volumes: - ./docker/certbot/conf:/etc/letsencrypt - ./docker/certbot/www:/var/www/certbot entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" networks: - teren-network # PostgreSQL Database postgres: image: postgres:16-alpine container_name: teren-postgres restart: unless-stopped ports: - "127.0.0.1:5432:5432" # Only accessible via localhost (or VPN) environment: - POSTGRES_DB=${DB_DATABASE} - POSTGRES_USER=${DB_USERNAME} - POSTGRES_PASSWORD=${DB_PASSWORD} - PGDATA=/var/lib/postgresql/data/pgdata volumes: - postgres-data:/var/lib/postgresql/data - ./docker/postgres/init:/docker-entrypoint-initdb.d healthcheck: test: ["CMD-SHELL", "pg_isready -U ${DB_USERNAME}"] interval: 10s timeout: 5s retries: 5 networks: - teren-network # pgAdmin - PostgreSQL UI pgadmin: image: dpage/pgadmin4:latest container_name: teren-pgadmin restart: unless-stopped ports: - "127.0.0.1:5050:80" # Only accessible via localhost (or VPN) environment: - PGADMIN_DEFAULT_EMAIL=${PGADMIN_EMAIL:-admin@admin.com} - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_PASSWORD:-admin} - PGADMIN_CONFIG_SERVER_MODE=True - PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED=True volumes: - pgadmin-data:/var/lib/pgadmin depends_on: - postgres networks: - teren-network # Redis for caching and queues redis: image: redis:7-alpine container_name: teren-redis restart: unless-stopped ports: - "127.0.0.1:6379:6379" volumes: - redis-data:/data command: redis-server --appendonly yes healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 10s timeout: 3s retries: 5 networks: - teren-network # WireGuard VPN with Web UI Dashboard wireguard: image: weejewel/wg-easy:latest container_name: teren-wireguard restart: unless-stopped cap_add: - NET_ADMIN - SYS_MODULE environment: - WG_HOST=${WG_SERVERURL} # Your VPS public IP or domain - PASSWORD=${WG_UI_PASSWORD} # Password for WireGuard UI - WG_PORT=51820 - WG_DEFAULT_ADDRESS=10.13.13.x - WG_DEFAULT_DNS=1.1.1.1,1.0.0.1 - WG_MTU=1420 - WG_PERSISTENT_KEEPALIVE=25 - WG_ALLOWED_IPS=10.13.13.0/24 volumes: - wireguard-data:/etc/wireguard ports: - "51820:51820/udp" # WireGuard VPN port (public) - "51821:51821/tcp" # WireGuard Web UI (public for initial setup, then VPN-only) sysctls: - net.ipv4.conf.all.src_valid_mark=1 - net.ipv4.ip_forward=1 networks: - teren-network # Portainer - Docker Management UI (VPN-only access) portainer: image: portainer/portainer-ce:latest container_name: teren-portainer restart: unless-stopped ports: - "10.13.13.1:9000:9000" # Portainer UI (VPN-only) - "10.13.13.1:9443:9443" # Portainer HTTPS (VPN-only) volumes: - /var/run/docker.sock:/var/run/docker.sock - portainer-data:/data networks: - teren-network networks: teren-network: driver: bridge volumes: postgres-data: driver: local pgadmin-data: driver: local redis-data: driver: local wireguard-data: driver: local portainer-data: driver: local