version: "3.9" networks: traefik-network: name: traefik-network external: true services: server: image: docker.gitea.com/gitea:1.25.3-rootless networks: - traefik-network restart: always stop_grace_period: 1m # Allow Gitea time to shut down gracefully healthcheck: test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/api/healthz"] interval: 30s timeout: 5s retries: 3 start_period: 200s volumes: - ./data:/var/lib/gitea - ./config:/etc/gitea - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro # HTTP handled by Traefik; expose is optional but clarifies intent expose: - "3000" ports: - "2222:2222" # SSH port environment: # Ensure Gitea generates correct URLs (adjust if you terminate TLS at Traefik) - GITEA__server__DOMAIN=gitea.rezije.app - GITEA__server__ROOT_URL=https://gitea.rezije.app/ - GITEA__server__PROTOCOL=http # Traefik handles TLS - GITEA__server__SSH_PORT=2222 # Enable Docker Registry support - GITEA__packages__ENABLED=true # Set public URL detection to auto so that server # supports multiple hostnames (for registry and web console) - GITEA__server__PUBLIC_URL_DETECTION=auto labels: - traefik.enable=true - traefik.docker.network=traefik-network - traefik.http.services.gitea.loadbalancer.server.port=3000 # Web Console - traefik.http.routers.gitea.entrypoints=https - traefik.http.routers.gitea.rule=Host(`gitea.rezije.app`) - traefik.http.routers.gitea.tls=true - traefik.http.routers.gitea.tls.certresolver=letsencrypt # Registry (only /v2) - traefik.http.routers.gitea-registry.entrypoints=https - traefik.http.routers.gitea-registry.rule=Host(`registry.budakova.org`) && PathPrefix(`/v2`) - traefik.http.routers.gitea-registry.tls=true - traefik.http.routers.gitea-registry.tls.certresolver=letsencrypt - traefik.http.routers.gitea-registry.service=gitea