docker-compose.yml

services:

  metabase:
    image: metabase/metabase:v0.53.7
    container_name: metabase
    hostname: metabase
    volumes:
      - /dev/urandom:/dev/random:ro
    expose:
      - 3000
    environment:
      MB_DB_TYPE: postgres
      MB_DB_DBNAME: ${MB_DBNAME}
      MB_DB_PORT: 5432
      MB_DB_USER_FILE: /run/secrets/db_user
      MB_DB_PASS_FILE: /run/secrets/db_password
      MB_DB_HOST: postgres
      MB_ENCRYPTION_SECRET_KEY: /run/secrets/mb_key
    labels:
        - "traefik.enable=true"
        - "traefik.http.routers.metabasereports.rule=Host(`${MB_HOST}`)"
        - "traefik.http.routers.metabasereports.entrypoints=websecure"
        - "traefik.http.routers.metabasereports.tls.certresolver=myresolver"
    networks:
      - metanet1
    depends_on:
      - postgres
    secrets:
      - db_password
      - db_user
      - mb_key
    restart: always

  postgres:
    image: postgres:15.12
    container_name: postgres
    hostname: postgres
    environment:
      POSTGRES_DB: ${MB_DBNAME}
      POSTGRES_USER_FILE: /run/secrets/db_user
      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
    volumes:
      - ./postgres/data:/var/lib/postgresql/data
    networks:
      - metanet1
    secrets:
      - db_password
      - db_user
    restart: always

  traefik:
    image: traefik:v3.3.4
    container_name: traefik
    command:
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.myresolver.acme.email=${LE_EMAIL}"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    networks:
      - metanet1
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    restart: always

networks:
  metanet1:
    driver: bridge

secrets:
   db_password:
     file: db_password.txt
   db_user:
     file: db_user.txt
   mb_key:
     file: mb_key.txt