continuwuity/docs/deploying/docker-compose.with-traefik.yml

# Continuwuity - Behind Traefik Reverse Proxy

services:
  homeserver:
    ### If you already built the Continuwuity image with 'docker build' or want to use the Docker Hub image,
    ### then you are ready to go.
    image: forgejo.ellis.link/continuwuation/continuwuity:latest
    restart: unless-stopped
    volumes:
      - db:/var/lib/continuwuity
      - /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's.
      #- ./continuwuity.toml:/etc/continuwuity.toml
    networks:
      - proxy
    environment:
      CONTINUWUITY_SERVER_NAME: your.server.name.example # EDIT THIS
      CONTINUWUITY_TRUSTED_SERVERS: '["matrix.org"]'
      CONTINUWUITY_ALLOW_REGISTRATION: 'false' # After setting a secure registration token, you can enable this
      CONTINUWUITY_REGISTRATION_TOKEN: "" # This is a token you can use to register on the server
      #CONTINUWUITY_REGISTRATION_TOKEN_FILE: "" # Alternatively you can configure a path to a token file to read
      CONTINUWUITY_ADDRESS: 0.0.0.0
      CONTINUWUITY_PORT: 6167 # you need to match this with the traefik load balancer label if you're want to change it
      CONTINUWUITY_DATABASE_PATH: /var/lib/continuwuity
      #CONTINUWUITY_CONFIG: '/etc/continuwuity.toml' # Uncomment if you mapped config toml above
      ### Uncomment and change values as desired, note that Continuwuity has plenty of config options, so you should check out the example example config too
      # Available levels are: error, warn, info, debug, trace - more info at: https://docs.rs/env_logger/*/env_logger/#enabling-logging
      # CONTINUWUITY_LOG: info  # default is: "warn,state_res=warn"
      # CONTINUWUITY_ALLOW_ENCRYPTION: 'true'
      # CONTINUWUITY_ALLOW_FEDERATION: 'true'
      # CONTINUWUITY_ALLOW_CHECK_FOR_UPDATES: 'true'
      # CONTINUWUITY_ALLOW_INCOMING_PRESENCE: true
      # CONTINUWUITY_ALLOW_OUTGOING_PRESENCE: true
      # CONTINUWUITY_ALLOW_LOCAL_PRESENCE: true
      # CONTINUWUITY_WORKERS: 10
      # CONTINUWUITY_MAX_REQUEST_SIZE: 20000000  # in bytes, ~20 MB
      # CONTINUWUITY_NEW_USER_DISPLAYNAME_SUFFIX = "🏳<200d>⚧"

      # We need some way to serve the client and server .well-known json. The simplest way is via the CONTINUWUITY_WELL_KNOWN
      # variable / config option, there are multiple ways to do this, e.g. in the continuwuity.toml file, and in a separate
      # reverse proxy, but since you do not have a reverse proxy and following this guide, this example is included
      CONTINUWUITY_WELL_KNOWN: |
        {
          client=https://your.server.name.example,
          server=your.server.name.example:443
        }
    #cpuset: "0-4" # Uncomment to limit to specific CPU cores
    ulimits: # Continuwuity uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it
      nofile:
        soft: 1048567
        hard: 1048567

    ### Uncomment if you want to use your own Element-Web App.
    ### Note: You need to provide a config.json for Element and you also need a second
    ###       Domain or Subdomain for the communication between Element and Continuwuity
    ### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md
    # element-web:
    #     image: vectorim/element-web:latest
    #     restart: unless-stopped
    #     volumes:
    #         - ./element_config.json:/app/config.json
    #     networks:
    #         - proxy
    #     depends_on:
    #         - homeserver

  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    restart: "unless-stopped"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:z"
      - "acme:/etc/traefik/acme"
      #- "./traefik_config:/etc/traefik:z"
    labels:
      - "traefik.enable=true"

      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      # global redirect to https
      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redirs.entrypoints=web"
      - "traefik.http.routers.redirs.middlewares=redirect-to-https"

    configs:
      - source: dynamic.yml
        target: /etc/traefik/dynamic.yml

    environment:
      TRAEFIK_LOG_LEVEL: DEBUG
      TRAEFIK_ENTRYPOINTS_WEB: true
      TRAEFIK_ENTRYPOINTS_WEB_ADDRESS: ":80"
      TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure

      TRAEFIK_ENTRYPOINTS_WEBSECURE: true
      TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS: ":443"
      TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_CERTRESOLVER: letsencrypt
      #TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_MIDDLEWARES: secureHeaders@file # if you want to enabled STS

      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT: true
      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_EMAIL: # Set this to the email you want to receive certificate expiration emails for
      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_KEYTYPE: EC384
      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE: true
      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web
      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: "/etc/traefik/acme/acme.json"

      TRAEFIK_PROVIDERS_DOCKER: true
      TRAEFIK_PROVIDERS_DOCKER_ENDPOINT: "unix:///var/run/docker.sock"
      TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: false

      TRAEFIK_PROVIDERS_FILE: true
      TRAEFIK_PROVIDERS_FILE_FILENAME: "/etc/traefik/dynamic.yml"

configs:
  dynamic.yml:
    content: |
      # Optionally set STS headers, like in https://hstspreload.org
      # http:
      #   middlewares:
      #     secureHeaders:
      #       headers:
      #         forceSTSHeader: true
      #         stsIncludeSubdomains: true
      #         stsPreload: true
      #         stsSeconds: 31536000
      tls:
        options:
          default:
            cipherSuites:
              - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
              - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
              - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
              - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
              - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
              - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
            minVersion: VersionTLS12

volumes:
    db:
    acme:

networks:
    proxy:

# vim: ts=2:sw=2:expandtab
docs: Rename in more places 2025-04-22 07:56:42 -05:00			`# Continuwuity - Behind Traefik Reverse Proxy`
Add Element-Web to compose and provide extra compose files for using.. ..Conduit behind Traefik Reverse Proxy 2020-08-02 15:55:40 +02:00
			`services:`
deploying: make traefik config self-sufficient, include well known 2024-08-31 14:08:31 +02:00			`homeserver:`
docs: Rename in more places 2025-04-22 07:56:42 -05:00			`### If you already built the Continuwuity image with 'docker build' or want to use the Docker Hub image,`
deploying: make traefik config self-sufficient, include well known 2024-08-31 14:08:31 +02:00			`### then you are ready to go.`
Fix up the docs, replace a lot of conduwuit references 2025-04-20 23:50:48 +01:00			`image: forgejo.ellis.link/continuwuation/continuwuity:latest`
deploying: make traefik config self-sufficient, include well known 2024-08-31 14:08:31 +02:00			`restart: unless-stopped`
			`volumes:`
docs: Rename conduwuit to continuwuity in more places 2025-05-10 20:37:08 +01:00			`- db:/var/lib/continuwuity`
docs: Work around DNS issues in example compose files 2025-04-22 14:29:02 +01:00			`- /etc/resolv.conf:/etc/resolv.conf:ro # Use the host's DNS resolver rather than Docker's.`
docs: Rename conduwuit to continuwuity in more places 2025-05-10 20:37:08 +01:00			`#- ./continuwuity.toml:/etc/continuwuity.toml`
deploying: make traefik config self-sufficient, include well known 2024-08-31 14:08:31 +02:00			`networks:`
			`- proxy`
			`environment:`
docs: Rename conduwuit to continuwuity in more places 2025-05-10 20:37:08 +01:00			`CONTINUWUITY_SERVER_NAME: your.server.name.example # EDIT THIS`
			`CONTINUWUITY_TRUSTED_SERVERS: '["matrix.org"]'`
			`CONTINUWUITY_ALLOW_REGISTRATION: 'false' # After setting a secure registration token, you can enable this`
			`CONTINUWUITY_REGISTRATION_TOKEN: "" # This is a token you can use to register on the server`
			`#CONTINUWUITY_REGISTRATION_TOKEN_FILE: "" # Alternatively you can configure a path to a token file to read`
			`CONTINUWUITY_ADDRESS: 0.0.0.0`
			`CONTINUWUITY_PORT: 6167 # you need to match this with the traefik load balancer label if you're want to change it`
			`CONTINUWUITY_DATABASE_PATH: /var/lib/continuwuity`
			`#CONTINUWUITY_CONFIG: '/etc/continuwuity.toml' # Uncomment if you mapped config toml above`
docs: Rename in more places 2025-04-22 07:56:42 -05:00			`### Uncomment and change values as desired, note that Continuwuity has plenty of config options, so you should check out the example example config too`
deploying: make traefik config self-sufficient, include well known 2024-08-31 14:08:31 +02:00			`# Available levels are: error, warn, info, debug, trace - more info at: https://docs.rs/env_logger/*/env_logger/#enabling-logging`
docs: Rename conduwuit to continuwuity in more places 2025-05-10 20:37:08 +01:00			`# CONTINUWUITY_LOG: info # default is: "warn,state_res=warn"`
			`# CONTINUWUITY_ALLOW_ENCRYPTION: 'true'`
			`# CONTINUWUITY_ALLOW_FEDERATION: 'true'`
			`# CONTINUWUITY_ALLOW_CHECK_FOR_UPDATES: 'true'`
			`# CONTINUWUITY_ALLOW_INCOMING_PRESENCE: true`
			`# CONTINUWUITY_ALLOW_OUTGOING_PRESENCE: true`
			`# CONTINUWUITY_ALLOW_LOCAL_PRESENCE: true`
			`# CONTINUWUITY_WORKERS: 10`
			`# CONTINUWUITY_MAX_REQUEST_SIZE: 20000000 # in bytes, ~20 MB`
			`# CONTINUWUITY_NEW_USER_DISPLAYNAME_SUFFIX = "🏳<200d>⚧"`
Add Element-Web to compose and provide extra compose files for using.. ..Conduit behind Traefik Reverse Proxy 2020-08-02 15:55:40 +02:00
docs: Rename conduwuit to continuwuity in more places 2025-05-10 20:37:08 +01:00			`# We need some way to serve the client and server .well-known json. The simplest way is via the CONTINUWUITY_WELL_KNOWN`
			`# variable / config option, there are multiple ways to do this, e.g. in the continuwuity.toml file, and in a separate`
deploying: make traefik config self-sufficient, include well known 2024-08-31 14:08:31 +02:00			`# reverse proxy, but since you do not have a reverse proxy and following this guide, this example is included`
docs: Rename conduwuit to continuwuity in more places 2025-05-10 20:37:08 +01:00			`CONTINUWUITY_WELL_KNOWN: \|`
deploying: make traefik config self-sufficient, include well known 2024-08-31 14:08:31 +02:00			`{`
			`client=https://your.server.name.example,`
			`server=your.server.name.example:443`
			`}`
			`#cpuset: "0-4" # Uncomment to limit to specific CPU cores`
docs: Rename in more places 2025-04-22 07:56:42 -05:00			`ulimits: # Continuwuity uses quite a few file descriptors, and on some systems it defaults to 1024, so you can tell docker to increase it`
deploying: make traefik config self-sufficient, include well known 2024-08-31 14:08:31 +02:00			`nofile:`
			`soft: 1048567`
			`hard: 1048567`
Add Traefik setup, incl. step-by-step, to docker README. 2021-08-17 14:44:53 +02:00
Add Element-Web to compose and provide extra compose files for using.. ..Conduit behind Traefik Reverse Proxy 2020-08-02 15:55:40 +02:00			`### Uncomment if you want to use your own Element-Web App.`
			`### Note: You need to provide a config.json for Element and you also need a second`
docs: Rename in more places 2025-04-22 07:56:42 -05:00			`### Domain or Subdomain for the communication between Element and Continuwuity`
Add Element-Web to compose and provide extra compose files for using.. ..Conduit behind Traefik Reverse Proxy 2020-08-02 15:55:40 +02:00			`### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md`
			`# element-web:`
Update Dockerfile and docker-compose - Dockerfile now tracks the gitlab repository and the master branch. - docker-compose now points to conduit.toml instead of Rocket.toml and its env vars were also renamed from ROCKET_ to CONDUIT_. Furthermore vectorim/riot-web was changed to vectorim/element-web 2021-03-12 18:26:23 +01:00			`# image: vectorim/element-web:latest`
Add Element-Web to compose and provide extra compose files for using.. ..Conduit behind Traefik Reverse Proxy 2020-08-02 15:55:40 +02:00			`# restart: unless-stopped`
			`# volumes:`
			`# - ./element_config.json:/app/config.json`
			`# networks:`
			`# - proxy`
			`# depends_on:`
			`# - homeserver`

deploying: make traefik config self-sufficient, include well known 2024-08-31 14:08:31 +02:00			`traefik:`
			`image: "traefik:latest"`
			`container_name: "traefik"`
			`restart: "unless-stopped"`
			`ports:`
			`- "80:80"`
			`- "443:443"`
			`volumes:`
			`- "/var/run/docker.sock:/var/run/docker.sock:z"`
			`- "acme:/etc/traefik/acme"`
			`#- "./traefik_config:/etc/traefik:z"`
			`labels:`
			`- "traefik.enable=true"`
improve docker documentation some 2022-02-19 17:06:06 +01:00
deploying: make traefik config self-sufficient, include well known 2024-08-31 14:08:31 +02:00			`# middleware redirect`
			`- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"`
			`# global redirect to https`
			- "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
			`- "traefik.http.routers.redirs.entrypoints=web"`
			`- "traefik.http.routers.redirs.middlewares=redirect-to-https"`
improve docker documentation some 2022-02-19 17:06:06 +01:00
deploying: make traefik config self-sufficient, include well known 2024-08-31 14:08:31 +02:00			`configs:`
			`- source: dynamic.yml`
			`target: /etc/traefik/dynamic.yml`

			`environment:`
			`TRAEFIK_LOG_LEVEL: DEBUG`
			`TRAEFIK_ENTRYPOINTS_WEB: true`
			`TRAEFIK_ENTRYPOINTS_WEB_ADDRESS: ":80"`
			`TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure`

			`TRAEFIK_ENTRYPOINTS_WEBSECURE: true`
			`TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS: ":443"`
			`TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_CERTRESOLVER: letsencrypt`
			`#TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_MIDDLEWARES: secureHeaders@file # if you want to enabled STS`

			`TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT: true`
			`TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_EMAIL: # Set this to the email you want to receive certificate expiration emails for`
			`TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_KEYTYPE: EC384`
			`TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE: true`
			`TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web`
			`TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE: "/etc/traefik/acme/acme.json"`

			`TRAEFIK_PROVIDERS_DOCKER: true`
			`TRAEFIK_PROVIDERS_DOCKER_ENDPOINT: "unix:///var/run/docker.sock"`
			`TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: false`

			`TRAEFIK_PROVIDERS_FILE: true`
			`TRAEFIK_PROVIDERS_FILE_FILENAME: "/etc/traefik/dynamic.yml"`

			`configs:`
			`dynamic.yml:`
			`content: \|`
			`# Optionally set STS headers, like in https://hstspreload.org`
			`# http:`
			`# middlewares:`
			`# secureHeaders:`
			`# headers:`
			`# forceSTSHeader: true`
			`# stsIncludeSubdomains: true`
			`# stsPreload: true`
			`# stsSeconds: 31536000`
			`tls:`
			`options:`
			`default:`
			`cipherSuites:`
			`- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`
			`- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`
			`- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`
			`- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
			`- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305`
			`- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305`
			`minVersion: VersionTLS12`
improve docker documentation some 2022-02-19 17:06:06 +01:00
Add Element-Web to compose and provide extra compose files for using.. ..Conduit behind Traefik Reverse Proxy 2020-08-02 15:55:40 +02:00			`volumes:`
			`db:`
improve docker documentation some 2022-02-19 17:06:06 +01:00			`acme:`
Add Element-Web to compose and provide extra compose files for using.. ..Conduit behind Traefik Reverse Proxy 2020-08-02 15:55:40 +02:00
			`networks:`
replace all mentions of docker compose v1 Signed-off-by: strawberry <strawberry@puppygock.gay> 2024-04-23 01:39:13 -04:00			`proxy:`
deploying: make traefik config self-sufficient, include well known 2024-08-31 14:08:31 +02:00
			`# vim: ts=2:sw=2:expandtab`