version: '2' services: hubot: image: rocketchat/hubot-rocketchat:latest dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 - 2606:4700:4700::1111 - 2606:4700:4700::1001 environment: ROCKETCHAT_URL: hubot.${TRAEFIK_HOST} ROCKETCHAT_ROOM: GENERAL ROCKETCHAT_USER: Hubot ROCKETCHAT_PASSWORD: BotPassw0rd BOT_NAME: Hubot EXTERNAL_SCRIPTS: hubot-help,hubot-seen,hubot-links,hubot-greetings labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} ### Begin Traefik Configuration traefik.enable: true # Routers traefik.http.routers.{{.Stack.Name}}-router-http.entrypoints: http traefik.http.routers.{{.Stack.Name}}-router-http.rule: Host(`${TRAEFIK_HOST}`) traefik.http.routers.{{.Stack.Name}}-router-http.middlewares: {{.Stack.Name}}-redirectHttp traefik.http.routers.{{.Stack.Name}}-router-http.service: {{.Stack.Name}}-service-http traefik.http.routers.{{.Stack.Name}}-router-https.entrypoints: https traefik.http.routers.{{.Stack.Name}}-router-https.rule: Host(`${TRAEFIK_HOST}`) traefik.http.routers.{{.Stack.Name}}-router-https.tls: true traefik.http.routers.{{.Stack.Name}}-router-https.tls.certresolver: letsencrypt traefik.http.routers.{{.Stack.Name}}-router-https.middlewares: {{.Stack.Name}}-security traefik.http.routers.{{.Stack.Name}}-router-https.service: {{.Stack.Name}}-service-http # Middlewares traefik.http.middlewares.{{.Stack.Name}}-redirectHttp.redirectscheme.permanent: true traefik.http.middlewares.{{.Stack.Name}}-redirectHttp.redirectscheme.scheme: https traefik.http.middlewares.{{.Stack.Name}}-security.headers.forceSTSHeader: true traefik.http.middlewares.{{.Stack.Name}}-security.headers.referrerPolicy: no-referrer # Prevents leaking of referer information traefik.http.middlewares.{{.Stack.Name}}-security.headers.sslredirect: true # Maybe good for redundancy? traefik.http.middlewares.{{.Stack.Name}}-security.headers.stsIncludeSubdomains: true traefik.http.middlewares.{{.Stack.Name}}-security.headers.stsPreload: true traefik.http.middlewares.{{.Stack.Name}}-security.headers.stsSeconds: "15552000" # Services traefik.http.services.{{.Stack.Name}}-service-http.loadbalancer.passhostheader: true traefik.http.services.{{.Stack.Name}}-service-http.loadbalancer.server.port: "8080" ### End Traefik Configuration links: - rocketchat:rocketchat volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system mongo: image: mongo:latest dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 - 2606:4700:4700::1111 - 2606:4700:4700::1001 labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} traefik.enable: false volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /Persistent/${DATA_DIR}/Database/Data:/data/db - /Persistent/${DATA_DIR}/Database/Dump:/dump command: mongod --smallfiles rocketchat: image: rocketchat/rocket.chat:latest dns: # Using Cloudflare DNS - 1.1.1.1 - 1.0.0.1 - 2606:4700:4700::1111 - 2606:4700:4700::1001 environment: MONGO_URL: mongodb://mongo:27017/rocketchat ROOT_URL: https://${TRAEFIK_HOST} Accounts_UseDNSDomainCheck: true labels: io.rancher.container.pull_image: always {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} traefik.enable: true ### Start RocketChat Segment traefik.rocketchat.frontend.entryPoints: http,https traefik.rocketchat.frontend.headers.forceSTSHeader: true traefik.rocketchat.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) traefik.rocketchat.frontend.headers.SSLRedirect: true traefik.rocketchat.frontend.headers.STSPreload: true traefik.rocketchat.frontend.headers.STSSeconds: 15552000 traefik.rocketchat.frontend.passHostHeader: true traefik.rocketchat.frontend.rule: Host:${TRAEFIK_HOST} traefik.rocketchat.port: "3000" ### End RocketChat Segment links: - mongo:mongo volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system