Dockge

.gitignore

@@ -43,18 +43,17 @@
 !etc/dnsmasq.d/*
 !etc/fstab/*
 !etc/netplan/*
-!etc/nginx/include/*
 !etc/nginx/sites-available/*
 !etc/mysql/mariadb.conf.d/*
 !etc/php/*
 !etc/postgresql/*
 !etc/wsl/*
-!etc/dnsmasq.d/SDN/*
 
 !etc/letsencrypt/**/*
 
 !opt/copy/**/*
-!opt/dockge/**/*.yaml
+!opt/stacks/**/*.env
+!opt/stacks/**/*.yaml
 
 !root/**/*container
 !home/podman/**/*volume

.vscode/settings.json

@@ -3,11 +3,5 @@
         "*.container": "ini",
         "*.org": "ini",
         "*.net": "ini"
-    },
-    "cSpell.words": [
-        "diskstation",
-        "dockge",
-        "neko",
-        "phares"
-    ]
+    }
 }

etc/dnsmasq.d/SDN/00-default.conf

@@ -1,24 +0,0 @@
-except-interface=lo
-enable-ra
-quiet-ra
-bind-dynamic
-no-hosts
-dhcp-leasefile=/var/lib/misc/dnsmasq.SDN.leases
-dhcp-hostsfile=/etc/dnsmasq.d/SDN/ethers
-dhcp-ignore=tag:!known
-
-dhcp-option=26,1500
-ra-param=*,mtu:1500,0
-
-# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
-dhcp-option=252,"\n"
-
-# Send microsoft-specific option to tell windows to release the DHCP lease
-# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
-# value as a four-byte integer - that's what microsoft wants.
-dhcp-option=vendor:MSFT,2,1i
-
-# If a DHCP client claims that its name is "wpad", ignore that.
-# This fixes a security hole. see CERT Vulnerability VU#598349
-dhcp-name-match=set:wpad-ignore,wpad
-dhcp-ignore-names=tag:wpad-ignore

etc/dnsmasq.d/SDN/10-SDN.conf

@@ -1,3 +0,0 @@
-dhcp-option=tag:SDN-192.168.32.1-25,option:router,192.168.32.1
-dhcp-range=set:SDN-192.168.32.1-25,192.168.32.1,static,255.255.255.128,infinite
-interface=SDN

etc/dnsmasq.d/SDN/ethers

@@ -1,2 +0,0 @@
-BC:24:11:D6:FC:B3,192.168.32.100
-BC:24:11:6A:65:00,192.168.32.101

etc/nginx/include/adguard.conf

@@ -1,20 +0,0 @@
-server {
-    # touch /etc/nginx/include/adguard.affirm.duckdns.org
-    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/adguard.affirm.duckdns.org.key -out /etc/nginx/include/adguard.affirm.duckdns.org.crt -config /etc/nginx/include/adguard.affirm.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name adguard.affirm.duckdns.org;
-    client_max_body_size 5000m;
-    location / {
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://192.168.31.12:3002/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
-    }
-}

etc/nginx/include/chat.conf

@@ -1,20 +0,0 @@
-server {
-    # touch /etc/nginx/include/chat.affirm.duckdns.org
-    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/chat.affirm.duckdns.org.key -out /etc/nginx/include/chat.affirm.duckdns.org.crt -config /etc/nginx/include/chat.affirm.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name chat.affirm.duckdns.org;
-    client_max_body_size 5000m;
-    location / {
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              https://192.168.0.31:5001/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
-    }
-}

etc/nginx/include/cockpit.conf

@@ -1,24 +0,0 @@
-server {
-    # touch /etc/nginx/include/cockpit.affirm.duckdns.org
-    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/cockpit.affirm.duckdns.org.key -out /etc/nginx/include/cockpit.affirm.duckdns.org.crt -config /etc/nginx/include/cockpit.affirm.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name cockpit.affirm.duckdns.org;
-    location / {
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              https://127.0.0.1:9090/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
-        proxy_http_version 1.1;
-        proxy_buffering off;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        gzip off;
-    }
-}

etc/nginx/include/diskstation.conf

@@ -1,18 +0,0 @@
-server {
-    # touch /etc/nginx/include/diskstation.affirm.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name diskstation.affirm.duckdns.org;
-    location / {
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              https://192.168.0.31:5001/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
-    }
-}

etc/nginx/include/dockge.conf

@@ -1,20 +0,0 @@
-server {
-    # touch /etc/nginx/include/dockge.affirm.duckdns.org
-    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/dockge.affirm.duckdns.org.key -out /etc/nginx/include/dockge.affirm.duckdns.org.crt -config /etc/nginx/include/dockge.affirm.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name dockge.affirm.duckdns.org;
-    client_max_body_size 5000m;
-    location / {
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://192.168.31.12:5002/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
-    }
-}

etc/nginx/include/drive.conf

@@ -1,18 +0,0 @@
-server {
-    # touch /etc/nginx/include/drive.affirm.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name drive.affirm.duckdns.org;
-    location / {
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              https://192.168.0.31:5001/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
-    }
-}

etc/nginx/include/firefox.conf

@@ -1,19 +0,0 @@
-server {
-    # touch /etc/nginx/include/firefox.affirm.duckdns.org
-    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/firefox.affirm.duckdns.org.key -out /etc/nginx/include/firefox.affirm.duckdns.org.crt -config /etc/nginx/include/firefox.affirm.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name firefox.affirm.duckdns.org;
-    location / {
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://192.168.31.12:5800/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
-    }
-}

etc/nginx/include/kuma.conf

@@ -1,32 +0,0 @@
-server {
-    # touch /etc/nginx/include/kuma.affirm.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name kuma.affirm.duckdns.org;
-    client_max_body_size 5000m;
-    location / {
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://192.168.31.12:3001/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
-    }
-}
-
-# [Container]
-# AutoUpdate=registry
-# ContainerName=uptime-kuma-server
-# Environment="UPTIME_KUMA_SSL_CERT=/certs/server.cert"
-# Environment="UPTIME_KUMA_SSL_KEY=/certs/server.key"
-# Image=docker.io/louislam/uptime-kuma:1
-# PodmanArgs=--add-host=cockpit.phares.duckdns.org:192.168.11.2
-# PodmanArgs=--add-host=mattermost.phares.duckdns.org:192.168.11.2
-# PublishPort=3004:3001
-# Volume=uptime-kuma-server-data.volume:/app/data:rw
-# Volume=/home/podman/wild-phares/fullchain.cer:/certs/server.cert:ro
-# Volume=/home/podman/wild-phares/phares.duckdns.org.key:/certs/server.key:ro

etc/nginx/include/neko.conf

@@ -1,24 +0,0 @@
-server {
-    # touch /etc/nginx/include/neko.affirm.duckdns.org
-    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/neko.affirm.duckdns.org.key -out /etc/nginx/include/neko.phares.duckdns.org.crt -config /etc/nginx/include/neko.phares.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name neko.affirm.duckdns.org;
-    location / {
-        # https://neko.m1k1o.net/#/getting-started/reverse-proxy
-        proxy_pass http://192.168.31.12:8082;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_read_timeout 86400;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $remote_addr;
-        proxy_set_header X-Forwarded-Host $host;
-        proxy_set_header X-Forwarded-Port $server_port;
-        proxy_set_header X-Forwarded-Protocol $scheme;
-    }
-}

etc/nginx/include/photos.conf

@@ -1,19 +0,0 @@
-server {
-    # touch /etc/nginx/include/photos.affirm.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name photos.affirm.duckdns.org;
-    client_max_body_size 5000m;
-    location / {
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              https://192.168.0.31:5001/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
-    }
-}

etc/nginx/include/products.conf

@@ -1,19 +0,0 @@
-server {
-    # touch /etc/nginx/include/products.affirm.duckdns.org
-    # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/include/products.affirm.duckdns.org.key -out /etc/nginx/include/products.affirm.duckdns.org.crt -config /etc/nginx/include/products.affirm.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name products.affirm.duckdns.org;
-    location / {
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              http://192.168.31.12:5005/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
-    }
-}

etc/nginx/include/pve.conf

@@ -1,22 +0,0 @@
-server {
-    # touch /etc/nginx/include/pve.affirm.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name pve.affirm.duckdns.org;
-    location / {
-        proxy_set_header        Host $host;
-        proxy_set_header        X-Real-IP $remote_addr;
-        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_pass              https://192.168.31.12:8006/;
-        proxy_read_timeout      600s;
-        proxy_send_timeout      600s;
-        proxy_buffering off;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        client_max_body_size 500M;
-    }
-}

etc/nginx/include/quartz.conf

@@ -1,23 +0,0 @@
-server {
-	listen 8084 default_server;
-	root /var/www/html-quartz;
-	index index.html index.htm;
-	server_name _;
-	location / {
-		try_files $uri $uri/ =404;
-	}
-}
-server {
-    # touch /etc/nginx/include/quartz.affirm.duckdns.org
-    ssl_certificate /root/.acme.sh/wild-affirm/fullchain.cer;
-    # ssl_certificate /root/.acme.sh/wild-affirm/affirm.duckdns.org.cer;
-    ssl_certificate_key /root/.acme.sh/wild-affirm/affirm.duckdns.org.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-    listen 443 ssl http2;
-    server_name quartz.affirm.duckdns.org;
-    root /var/www/html-quartz;
-    index index.html index.htm index.nginx-debian.html;
-    location / {
-        try_files $uri $uri.html $uri/ =404;
-    }
-}

etc/nginx/sites-available/default

@@ -7,6 +7,7 @@ include /etc/nginx/include/drive.conf; # https://drive.affirm.duckdns.org # http
 include /etc/nginx/include/firefox.conf; # https://firefox.affirm.duckdns.org # http://192.168.31.12:5800/;
 include /etc/nginx/include/kuma.conf; # https://kuma.affirm.duckdns.org # http://192.168.32.100:3001/;
 include /etc/nginx/include/neko.conf; # https://neko.affirm.duckdns.org # http://192.168.31.12:8082/;
+include /etc/nginx/include/open-project.conf; # https://open-project.affirm.duckdns.org # https://192.168.31.12:8080/;
 include /etc/nginx/include/photos.conf; # https://photos.affirm.duckdns.org # https://192.168.31.12:5001/;
 include /etc/nginx/include/products.conf; # https://products.affirm.duckdns.org # https://192.168.31.12:5005/;
 include /etc/nginx/include/pve.conf; # https://pve.affirm.duckdns.org # https://192.168.31.12:8006/;

opt/dockge/compose.yaml

@@ -1,22 +0,0 @@
-services:
-  dockge:
-    image: louislam/dockge:1
-    restart: unless-stopped
-    ports:
-      # Host Port : Container Port
-      - 5002:5001
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - ./data:/app/data
-        
-      # If you want to use private registries, you need to share the auth file with Dockge:
-      # - /root/.docker/:/root/.docker
-
-      # Stacks Directory
-      # ⚠️ READ IT CAREFULLY. If you did it wrong, your data could end up writing into a WRONG PATH.
-      # ⚠️ 1. FULL path only. No relative path (MUST)
-      # ⚠️ 2. Left Stacks Path === Right Stacks Path (MUST)
-      - /opt/stacks:/opt/stacks
-    environment:
-      # Tell Dockge where is your stacks directory
-      - DOCKGE_STACKS_DIR=/opt/stacks

opt/stacks/firefox/.env

@@ -0,0 +1 @@
+FF_OPEN_URL=https://192.168.31.1

opt/stacks/firefox/compose.yaml

@@ -0,0 +1,8 @@
+version: '3'
+services:
+  firefox:
+    image: jlesage/firefox
+    ports:
+      - "5800:5800"
+    volumes:
+      - "/docker/appdata/firefox:/config:rw"

opt/stacks/kuma/compose.yaml

@@ -0,0 +1,8 @@
+version: "3"
+services:
+  kuma:
+    image: docker.io/louislam/uptime-kuma:1
+    ports:
+      - 3001:3001
+    volumes:
+      - /docker/appdata/kuma:/app/data:rw

opt/stacks/one-review-webapp-production/.env

@@ -0,0 +1 @@
+ASPNETCORE_ENVIRONMENT=Production

opt/stacks/one-review-webapp-production/compose.yaml

@@ -0,0 +1,7 @@
+version: "3"
+services:
+  one-review-webapp:
+    image: one-review-webapp
+    ports:
+      - 5005:5001
+networks: {}

opt/stacks/open-project/.env

@@ -0,0 +1,11 @@
+TAG=14-slim
+OPENPROJECT_HTTPS=false
+OPENPROJECT_HOST__NAME=open-project.affirm.duckdns.org
+PORT=192.168.31.12:8080
+OPENPROJECT_RAILS__RELATIVE__URL__ROOT=
+IMAP_ENABLED=false
+DATABASE_URL=postgres://postgres:p4ssw0rd@db/openproject?pool=20&encoding=unicode&reconnect=true
+RAILS_MIN_THREADS=4
+RAILS_MAX_THREADS=16
+PGDATA="/var/lib/postgresql/data"
+OPDATA="/var/openproject/assets"

opt/stacks/open-project/compose.yaml

@@ -0,0 +1,112 @@
+networks:
+  frontend: null
+  backend: null
+volumes:
+  pgdata: null
+  opdata: null
+x-op-restart-policy: &a2
+  restart: unless-stopped
+x-op-image: &a1
+  image: openproject/openproject:${TAG:-15-slim}
+x-op-app: &a3
+  <<:
+    - *a1
+    - *a2
+  environment:
+    OPENPROJECT_HTTPS: ${OPENPROJECT_HTTPS:-true}
+    OPENPROJECT_HOST__NAME: ${OPENPROJECT_HOST__NAME:-localhost:8080}
+    OPENPROJECT_HSTS: ${OPENPROJECT_HSTS:-true}
+    RAILS_CACHE_STORE: memcache
+    OPENPROJECT_CACHE__MEMCACHE__SERVER: cache:11211
+    OPENPROJECT_RAILS__RELATIVE__URL__ROOT: ${OPENPROJECT_RAILS__RELATIVE__URL__ROOT:-}
+    DATABASE_URL: ${DATABASE_URL:-postgres://postgres:p4ssw0rd@db/openproject?pool=20&encoding=unicode&reconnect=true}
+    RAILS_MIN_THREADS: ${RAILS_MIN_THREADS:-4}
+    RAILS_MAX_THREADS: ${RAILS_MAX_THREADS:-16}
+    # set to true to enable the email receiving feature. See ./docker/cron for more options
+    IMAP_ENABLED: ${IMAP_ENABLED:-false}
+  volumes:
+    - ${OPDATA:-opdata}:/var/openproject/assets
+services:
+  db:
+    image: postgres:13
+    <<: *a2
+    stop_grace_period: 3s
+    volumes:
+      - ${PGDATA:-pgdata}:/var/lib/postgresql/data
+    environment:
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-p4ssw0rd}
+      POSTGRES_DB: openproject
+    networks:
+      - backend
+  cache:
+    image: memcached
+    <<: *a2
+    networks:
+      - backend
+  proxy:
+    build:
+      context: ./proxy
+      args:
+        APP_HOST: web
+    image: openproject/proxy
+    <<: *a2
+    ports:
+      - ${PORT:-8080}:80
+    depends_on:
+      - web
+    networks:
+      - frontend
+  web:
+    <<: *a3
+    command: ./docker/prod/web
+    networks:
+      - frontend
+      - backend
+    depends_on:
+      - db
+      - cache
+      - seeder
+    labels:
+      - autoheal=true
+    healthcheck:
+      test:
+        - CMD
+        - curl
+        - -f
+        - http://localhost:8080${OPENPROJECT_RAILS__RELATIVE__URL__ROOT:-}/health_checks/default
+      interval: 10s
+      timeout: 3s
+      retries: 3
+      start_period: 30s
+  autoheal:
+    image: willfarrell/autoheal:1.2.0
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      AUTOHEAL_CONTAINER_LABEL: autoheal
+      AUTOHEAL_START_PERIOD: 600
+      AUTOHEAL_INTERVAL: 30
+  worker:
+    <<: *a3
+    command: ./docker/prod/worker
+    networks:
+      - backend
+    depends_on:
+      - db
+      - cache
+      - seeder
+  cron:
+    <<: *a3
+    command: ./docker/prod/cron
+    networks:
+      - backend
+    depends_on:
+      - db
+      - cache
+      - seeder
+  seeder:
+    <<: *a3
+    command: ./docker/prod/seeder
+    restart: on-failure
+    networks:
+      - backend

opt/stacks/openproject-docker-compose/.gitignore

@@ -0,0 +1,4 @@
+.env
+
+docker-compose.override.yml
+backups/