docker-compose.yaml

version: '3'

services:
  kleckrelay_database:
    image: 'postgres:latest'
    container_name: kleckrelay_database
    restart: on-failure:5

    environment:
      POSTGRES_USER: user
      POSTGRES_PASSWORD: password
      POSTGRES_DB: mail

    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U user -d mail"]
      interval: 5s
      timeout: 5s
      retries: 5

    ports:
      - "35432:5432"

  kleckrelay_server:
    container_name: kleckrelay_server
    restart: on-failure:5
    build:
      context: .

    ports:
      - "8000:80"
      - "25:25"
      - "587:587"

    depends_on:
      kleckrelay_database:
        condition: service_healthy

    cap_add:
      - NET_BIND_SERVICE
      - SYS_PTRACE

    env_file:
      - .env

  kleckrelay_maid:
    container_name: kleckrelay_maid
    restart: on-failure
    build:
      context: .
      dockerfile: Maid.Dockerfile

    depends_on:
      kleckrelay_database:
        condition: service_healthy

  nginx:
    container_name: nginx
    image: bunkerity/bunkerweb
    restart: on-failure:5
    ports:
      - 80:8080
      - 443:8443
      # volumes:
      # Change to your own path where you would like to store your HTTPS certificates and
      # uncomment the line
      # ./letsencrypt:/etc/letsencrypt
    environment:
      - MULTISITE=yes
      # Specify your domains here (including subdomains)
      - SERVER_NAME=app.krl api.app.krl mail.app.krl
      - USE_REVERSE_PROXY=yes
      - DISABLE_DEFAULT_SERVER=yes
      # Make this "yes" in production
      - AUTO_LETS_ENCRYPT=no
      # We run this docker container only in debug, so there will be no actual attacks
      - USE_BUNKERNET=no
      # If you want to receive a notification when your certificates are not automatically
      # renewed and will expire soon, enter an email here
      # - EMAIL_LETS_ENCRYPT=
      - USE_BAD_BEHAVIOR=no

      - api.app.krl_REVERSE_PROXY_URL=/
      - api.app.krl_REVERSE_PROXY_HOST=http://kleckrelay_server:80
      - api.app.krl_ALLOWED_METHODS=GET|POST|PUT|PATCH|DELETE|OPTIONS
      # Security is too strict
      - api.app.krl_BLOCK_ABUSERS=no

      - api.app.krl_USE_CORS=yes
      - api.app.krl_CORS_ALLOW_ORIGIN=http://app.krl
      - api.app.krl_CORS_ALLOW_METHODS=GET, POST, PUT, PATCH, DELETE, OPTIONS
      - api.app.krl_CORS_ALLOW_CREDENTIALS=yes
      - api.app.krl_COOKIE_AUTO_SECURE_FLAG=no
      - api.app.krl_REMOVE_HEADERS=Server X-Powered-By Access-Control-Allow-Origin Access-Control-Allow-Credentials
      - api.app.krl_USE_LIMIT_REQ=no
      - api.app.krl_USE_LIMIT_CONN=no
      - api.app.krl_REVERSE_PROXY_INTERCEPT_ERRORS=no

      - app.krl_REVERSE_PROXY_URL=/
      - app.krl_REVERSE_PROXY_HOST=http://192.168.178.129:5173
      - app.krl_USE_LIMIT_CONN=no
      - app.krl_REVERSE_PROXY_WS=yes