Created
October 20, 2025 00:24
-
-
Save LinkPhoenix/a756a69a250e8041d92bc27e80b43e66 to your computer and use it in GitHub Desktop.
Docker Compose stack for Passbolt CE with MariaDB, Traefik reverse proxy, and custom mail host integration.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Passbolt Docker Compose Stack with Traefik Proxy and custom mail host | |
| # | |
| # Description: | |
| # Deploys Passbolt CE with MariaDB backend and Traefik reverse proxy (using Cloudflare cert resolver). | |
| # Includes persistent volumes for database, GPG keys, and JWT tokens. | |
| # | |
| # Usage: | |
| # - Configure environment variables in a .env file. | |
| # - Ensure Traefik is running with network 'traefik-net' created externally. | |
| # - Launch with `docker-compose up -d`. | |
| # | |
| # Author: LinkPhoenix | |
| # Created: 2025-10-20 | |
| # Version: 1.1 | |
| # | |
| # Services: | |
| # - db: MariaDB 10.11 as Passbolt database. | |
| # - passbolt: Passbolt CE container with mail and Traefik integration. | |
| # | |
| services: | |
| db: | |
| image: mariadb:10.11 | |
| container_name: passbolt_database | |
| restart: unless-stopped | |
| environment: | |
| MYSQL_RANDOM_ROOT_PASSWORD: ${MYSQL_RANDOM_ROOT_PASSWORD} | |
| MYSQL_DATABASE: ${MYSQL_DATABASE} | |
| MYSQL_USER: ${MYSQL_USER} | |
| MYSQL_PASSWORD: ${MYSQL_PASSWORD} | |
| volumes: | |
| - database_volume:/var/lib/mysql | |
| networks: | |
| - default | |
| passbolt: | |
| image: passbolt/passbolt:latest-ce | |
| container_name: passbolt | |
| restart: unless-stopped | |
| depends_on: | |
| - db | |
| environment: | |
| APP_FULL_BASE_URL: ${APP_FULL_BASE_URL} | |
| DATASOURCES_DEFAULT_HOST: ${DATASOURCES_DEFAULT_HOST} | |
| DATASOURCES_DEFAULT_USERNAME: ${DATASOURCES_DEFAULT_USERNAME} | |
| DATASOURCES_DEFAULT_PASSWORD: ${DATASOURCES_DEFAULT_PASSWORD} | |
| DATASOURCES_DEFAULT_DATABASE: ${DATASOURCES_DEFAULT_DATABASE} | |
| EMAIL_DEFAULT_FROM_NAME: ${EMAIL_DEFAULT_FROM_NAME} | |
| EMAIL_DEFAULT_FROM: ${EMAIL_DEFAULT_FROM} | |
| EMAIL_TRANSPORT_DEFAULT_HOST: ${EMAIL_TRANSPORT_DEFAULT_HOST} | |
| EMAIL_TRANSPORT_DEFAULT_PORT: ${EMAIL_TRANSPORT_DEFAULT_PORT} | |
| EMAIL_TRANSPORT_DEFAULT_USERNAME: ${EMAIL_TRANSPORT_DEFAULT_USERNAME} | |
| EMAIL_TRANSPORT_DEFAULT_PASSWORD: ${EMAIL_TRANSPORT_DEFAULT_PASSWORD} | |
| EMAIL_TRANSPORT_DEFAULT_TLS: ${EMAIL_TRANSPORT_DEFAULT_TLS} | |
| DEBUG: ${DEBUG_STATE} | |
| volumes: | |
| - gpg_volume:/etc/passbolt/gpg | |
| - jwt_volume:/etc/passbolt/jwt | |
| command: | |
| [ | |
| "/usr/bin/wait-for.sh", | |
| "-t", | |
| "0", | |
| "db:3306", | |
| "--", | |
| "/bin/bash", | |
| "-c", | |
| "/docker-entrypoint.sh" | |
| ] | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.http.routers.passbolt.rule=Host(`${PASSBOLT_URL}`)" | |
| - "traefik.http.routers.passbolt.entrypoints=websecure" | |
| - "traefik.http.routers.passbolt.tls.certresolver=cloudflare" | |
| - "traefik.http.services.passbolt.loadbalancer.server.port=80" | |
| networks: | |
| - default | |
| - traefik-net | |
| networks: | |
| default: | |
| driver: bridge | |
| traefik-net: | |
| external: true | |
| volumes: | |
| database_volume: | |
| gpg_volume: | |
| jwt_volume: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment