manohar/ignis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ignis/docker-compose.dokploy.yml

69 lines
3.2 KiB
YAML
Raw Blame History

# =============================================================================
# obsidian-notes : Ignis (real Obsidian, in the browser)
# Lives at the ROOT of your manohar/ignis Forgejo mirror as a SEPARATE compose
# file, so upstream's own docker-compose.yml stays untouched and pull-able.
# In Dokploy: Compose app -> repo manohar/ignis -> Compose Path: docker-compose.dokploy.yml
# Public endpoint: https://notes.manohargupta.com (Traefik basicAuth gate)
# =============================================================================
services:
ignis:
# Build from source — Ignis is NOT on any registry. Context "." is the repo
# root, which contains upstream's Dockerfile (downloads Obsidian on 1st run).
build: .
container_name: obsidian-ignis
restart: unless-stopped
environment:
- PORT=8080
# Pin the Obsidian version Ignis downloads. Bump deliberately, since a new
# Obsidian can outrun the shim. Keep in sync with what you run on the Mac.
- OBSIDIAN_VERSION=1.12.4
- PUID=1000
- PGID=1000
volumes:
# BIND mount (not a named volume) so the host backup cron can git-commit
# the plain-markdown vault directly. Each subdir here = one Obsidian vault.
- /opt/obsidian/vaults:/vaults
# Ignis internal state (plugin mgmt, sync state, auth tokens).
- /opt/obsidian/data:/app/data
# Cached Obsidian assets — persisted so redeploys don't re-download.
- obsidian-app:/app/obsidian-app
# Rendering happens in YOUR browser, so the server side is light. Cap anyway.
mem_limit: 512m
networks:
- dokploy-network
labels:
- traefik.enable=true
# --- HTTP router on :80. Gated by the SAME basicAuth as belt-and-suspenders
# so port 80 never serves the vault unauthenticated (in case there's no
# global 80->443 redirect). Also serves the ACME challenge. ---
- traefik.http.routers.obsidian-notes-http.rule=Host(`notes.manohargupta.com`)
- traefik.http.routers.obsidian-notes-http.entrypoints=web
- traefik.http.routers.obsidian-notes-http.middlewares=obsidian-auth
# --- HTTPS router on :443, WITH basicAuth ---
- traefik.http.routers.obsidian-notes.rule=Host(`notes.manohargupta.com`)
- traefik.http.routers.obsidian-notes.entrypoints=websecure
- traefik.http.routers.obsidian-notes.tls=true
- traefik.http.routers.obsidian-notes.tls.certresolver=letsencrypt
- traefik.http.routers.obsidian-notes.middlewares=obsidian-auth
# --- basicAuth middleware. The user:hash is injected from Dokploy's
# Environment tab (key BASIC_AUTH_USERS) so it never lands in git.
# Set BASIC_AUTH_USERS to the RAW htpasswd output with SINGLE $ signs
# (do NOT double them — compose does not re-escape an injected value):
# htpasswd -nbB manohar 'YOUR_PASSWORD'
# e.g. BASIC_AUTH_USERS=manohar:$2y$05$abc...
- traefik.http.middlewares.obsidian-auth.basicauth.users=${BASIC_AUTH_USERS}
# --- Service: Ignis listens on 8080 ---
- traefik.http.services.obsidian-notes.loadbalancer.server.port=8080
- traefik.docker.network=dokploy-network
networks:
dokploy-network:
external: true
volumes:
obsidian-app:
Reference in a new issue View git blame Copy permalink