Docker Compose Deployments

Backup Architecture

Cloudflare Tunnel Configuration

  1. Navigate and sign in to the Cloudflare Zero Trust dashboard.

  2. Using the sidebar, navigate to Networks -> Tunnels.

  1. Click the blue 'Create a tunnel' button.

  1. Select the default 'Cloudflared' connector type, and then click 'Next'.

  1. Give the tunnel a name, then click 'Save tunnel'.

You will then be presented with a list of connector installation options.

  1. Copy the token and use it with your preferred connector. For Docker instructrions, see Docker Compose Template

  1. Once connected, your connector should appear at the bottom of the page. Click 'Next'.

  1. Finally, assign your service a subdomain, and point it to the backend.

Please note, when using Docker networking (as per Docker Compose Template), there is no requirement to 'expose' the port with a port mapping. You can use the name of the container, as defined in the docker-compose.yml file with the appropriate listening port.

Docker Compose Template

Guidelines

These guidelines are suggested in order to maximise reliability of hosted services.

An example directory structure is shown below:

.
├── .env.db
├── .env.gitea
├── .env.tunnel
├── docker-compose.yml
├── start.sh
└── volumes/
    ├── gitea_config/
    │   └── ...
    ├── gitea_data/
    │   └── ...
    └── postgres_data/
        └── ...

See Cloudflare Tunnel Configuration for instructions on how to configure a tunnel and get a tunnel token.

Gitea

.env.db

POSTGRES_USER=gitea
POSTGRES_PASSWORD=gitea
POSTGRES_DB=gitea

.env.gitea

GITEA__database__DB_TYPE=mysql
GITEA__database__HOST=db:3306
GITEA__database__NAME=gitea
GITEA__database__USER=gitea
GITEA__database__PASSWD=gitea

.env.tunnel

TUNNEL_TOKEN=abc...

docker-compose.yml

services:
  tunnel:
    image: cloudflare/cloudflared:2024.4.0       # Use version tags to ensure only stable software is used.
    restart: unless-stopped                      # This restart command helps with crashing services.
    command: tunnel run
    depends_on:
      - gitea                                    # Ensure dependencies start in the correct order.
    networks:
      - frontend                                 # Use multiple networks to isolate services.
    env_file:
      - .env.tunnel                              # Use environment variables loaded via a .env file for tokens.
  gitea:
    image: gitea/gitea:1.21-rootless
    restart: unless-stopped
    healthcheck:                                 # Use healthchecks if possible.
      test: curl --fail http://localhost:3000/api/healthz || exit 1
      interval: 60s
      retries: 5
      start_period: 20s
      timeout: 10s
    depends_on:
      - db
    networks:
      - frontend
      - backend
    volumes:
      - './volumes/gitea_data:/var/lib/gitea'    # Mount volumes into the ./volumes directory.
      - './volumes/gitea_config:/etc/gitea'      # Relative volumes must be wrapped in single quotes.
      - '/etc/timezone:/etc/timezone:ro'         # Mount timezone/localtime so that timestamps are correct.
      - '/etc/localtime:/etc/localtime:ro'
    env_file:
      - .env.gitea
  db:
    image: postgres:14
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready", "-d", "db_prod"]
      interval: 60s
      retries: 5
      start_period: 20s
      timeout: 10s
    networks:
      - backend
    volumes:
      - './volumes/postgres_data:/var/lib/postgresql/data'
    env_file:
      - .env.db
networks:
  backend:
  frontend: