Passbolt/docker-compose.yml

version: '3.4'
services:
  db:
    image: mariadb:10.3
    env_file:
      - env/mysql.env
    volumes:
      - ./data/database_volume:/var/lib/mysql
    ports:
      - "127.0.0.1:3306:3306"
    networks:
      - backend 
    restart: always
    deploy:
      resources:
          limits:
            cpus: "1"
            memory: 150M 

  passbolt:
    image: passbolt/passbolt:latest-ce
    #Alternatively you can use rootless:
    #image: passbolt/passbolt:latest-ce-non-root
    tty: true
    depends_on:
      - db
    env_file:
      - env/passbolt.env
    volumes:
      - ./data/gpg_volume:/etc/passbolt/gpg
      - ./data/images_volume:/usr/share/php/passbolt/webroot/img/public
    command: ["/usr/bin/wait-for.sh", "-t", "0", "db:3306", "--", "/docker-entrypoint.sh"]
    #ports:
    #  - 80:80#
    #  - 443:443#
    #Alternatively for non-root images:
    # - 80:8080
    # - 443:4433
    labels:
      traefik.enable: "true"
      traefik.docker.network: "frontend"

      traefik.http.routers.passbolt-http.rule: "Host(`${DOMAIN}`)"
      traefik.http.routers.passbolt-http.entrypoints: "entrypoints-http"
      traefik.http.routers.passbolt-http.middlewares: "redirect"
      traefik.http.middlewares.redirect.redirectscheme.scheme: "https"

      traefik.http.routers.passbolt-https.rule: "Host(`${DOMAIN}`)"
      traefik.http.routers.passbolt-https.entrypoints: "entrypoints-https"
      traefik.http.routers.passbolt-https.tls.certresolver: "myresolver"
    networks:
      - frontend
      - backend
    restart: always
    deploy:
      resources:
          limits:
            cpus: "1"
            memory: 200M   



networks:
  frontend:
    external: true
  backend: