From 531f7924b00a92db23b384b9dfc8fb3b20ebdc05 Mon Sep 17 00:00:00 2001
From: Kevin B <kevin@kev1.net>
Date: Sun, 15 Feb 2026 15:59:21 +0000
Subject: [PATCH] Working config

---
 Caddyfile                   |  2 +-
 compose.yml                 | 67 ++++++++++++++++++++++++++-----------
 docker-compose.override.yml | 44 ------------------------
 3 files changed, 48 insertions(+), 65 deletions(-)
 delete mode 100644 docker-compose.override.yml

diff --git a/Caddyfile b/Caddyfile
index fe41d41..57b99a6 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -1,4 +1,4 @@
-http://{$HOSTNAME} {
+:80 {
 	route /api* {
 		uri strip_prefix /api
 		reverse_proxy http://api:14702 {
diff --git a/compose.yml b/compose.yml
index e3ab836..491c652 100644
--- a/compose.yml
+++ b/compose.yml
@@ -1,14 +1,19 @@
 name: stoat
 
+networks:
+  web:
+    external: true
+    name: web
+
 services:
   # MongoDB: Database
   database:
-    image: docker.io/mongo
-    restart: always
+    image: docker.io/mongo:4.4
+    restart: unless-stopped
     volumes:
       - ./data/db:/data/db
     healthcheck:
-      test: echo 'db.runCommand("ping").ok' | mongosh localhost:27017/test --quiet
+      test: echo 'db.runCommand("ping").ok' | mongo localhost:27017/test --quiet
       interval: 10s
       timeout: 10s
       retries: 5
@@ -16,13 +21,13 @@ services:
 
   # Redis: Event message broker & KV store
   redis:
-    image: docker.io/eqalpha/keydb
-    restart: always
+    image: docker.io/redis:6-alpine
+    restart: unless-stopped
 
   # RabbitMQ: Internal message broker
   rabbit:
     image: docker.io/rabbitmq:4
-    restart: always
+    restart: unless-stopped
     environment:
       RABBITMQ_DEFAULT_USER: rabbituser
       RABBITMQ_DEFAULT_PASS: rabbitpass
@@ -37,7 +42,7 @@ services:
 
   # MinIO: S3-compatible storage server
   minio:
-    image: docker.io/minio/minio
+    image: minio/minio:RELEASE.2022-10-24T18-35-07Z
     command: server /data
     volumes:
       - ./data/minio:/data
@@ -56,20 +61,42 @@ services:
           - icons.minio
           - banners.minio
           - emojis.minio
-    restart: always
+    restart: unless-stopped
 
   # Caddy: Web server
   caddy:
     image: docker.io/caddy
-    restart: always
+    restart: unless-stopped
     env_file: .env.web
-    ports:
-      - "80:80"
-      - "443:443"
     volumes:
       - ./Caddyfile:/etc/caddy/Caddyfile
       - ./data/caddy-data:/data
       - ./data/caddy-config:/config
+    labels:
+      # Explicitly tell Traefik to expose this container
+      - traefik.enable=true
+      - traefik.docker.network=web
+      # HTTPS
+      - traefik.http.services.stoat-service-secure.loadbalancer.server.port=80
+      - traefik.http.routers.stoat-secure.service=stoat-service-secure
+      - traefik.http.routers.stoat-secure.entrypoints=websecure
+      - traefik.http.routers.stoat-secure.tls.certresolver=le
+      - traefik.http.routers.stoat-secure.rule=Host(`stoat.mistergeek.fr`)
+      - traefik.http.middlewares.stoat-secure-cache.compress=true
+      # HTTP
+      - traefik.http.services.stoat-service-insecure.loadbalancer.server.port=80
+      - traefik.http.routers.stoat-insecure.service=stoat-service-insecure
+      - traefik.http.routers.stoat-insecure.entrypoints=web
+      - traefik.http.routers.stoat-insecure.rule=Host(`stoat.mistergeek.fr`)
+      - traefik.http.middlewares.stoat-insecure-cache.compress=true
+      - traefik.http.routers.traefik.tls=true
+      - traefik.http.routers.traefik.tls.certresolver=le
+      # GZIP
+      - traefik.http.routers.traefik.middlewares=traefik-compress
+      - traefik.http.middlewares.traefik-compress.compress=true
+    networks:
+      - default
+      - web
 
   # API server
   api:
@@ -85,7 +112,7 @@ services:
       - type: bind
         source: ./Revolt.toml
         target: /Revolt.toml
-    restart: always
+    restart: unless-stopped
 
   # Events service
   events:
@@ -99,12 +126,12 @@ services:
       - type: bind
         source: ./Revolt.toml
         target: /Revolt.toml
-    restart: always
+    restart: unless-stopped
 
   # Web App
   web:
     image: ghcr.io/revoltchat/client:master
-    restart: always
+    restart: unless-stopped
     env_file: .env.web
 
   # File server
@@ -119,7 +146,7 @@ services:
       - type: bind
         source: ./Revolt.toml
         target: /Revolt.toml
-    restart: always
+    restart: unless-stopped
 
   # Metadata and image proxy
   january:
@@ -128,7 +155,7 @@ services:
       - type: bind
         source: ./Revolt.toml
         target: /Revolt.toml
-    restart: always
+    restart: unless-stopped
 
   # Tenor proxy
   gifbox:
@@ -137,7 +164,7 @@ services:
       - type: bind
         source: ./Revolt.toml
         target: /Revolt.toml
-    restart: always
+    restart: unless-stopped
 
   # Regular task daemon
   crond:
@@ -151,7 +178,7 @@ services:
       - type: bind
         source: ./Revolt.toml
         target: /Revolt.toml
-    restart: always
+    restart: unless-stopped
 
   # Push notification daemon
   pushd:
@@ -167,7 +194,7 @@ services:
       - type: bind
         source: ./Revolt.toml
         target: /Revolt.toml
-    restart: always
+    restart: unless-stopped
 
   # Create buckets for minio.
   createbuckets:
diff --git a/docker-compose.override.yml b/docker-compose.override.yml
deleted file mode 100644
index 95db904..0000000
--- a/docker-compose.override.yml
+++ /dev/null
@@ -1,44 +0,0 @@
-name: stoat
-
-networks:
-  web:
-    external: true
-    name: web
-
-services:
-  # Caddy: Web server
-  caddy:
-    image: docker.io/caddy
-    restart: unless-stopped
-    env_file: .env.web
-    volumes:
-      - ./Caddyfile:/etc/caddy/Caddyfile
-      - ./data/caddy-data:/data
-      - ./data/caddy-config:/config
-    labels:
-      # Explicitly tell Traefik to expose this container
-      - traefik.enable=true
-      - traefik.docker.network=web
-      # HTTPS
-      - traefik.http.services.stoat-service-secure.loadbalancer.server.port=80
-      - traefik.http.routers.stoat-secure.service=stoat-service-secure
-      - traefik.http.routers.stoat-secure.entrypoints=websecure
-      - traefik.http.routers.stoat-secure.tls.certresolver=le
-      - traefik.http.routers.stoat-secure.rule=Host(`stoat.mistergeek.fr`)
-      # - traefik.http.routers.stoat-secure.rule=Host(`stoat.stoat.net`)
-      - traefik.http.middlewares.stoat-secure-cache.compress=true
-      # HTTP
-      - traefik.http.services.stoat-service-insecure.loadbalancer.server.port=80
-      - traefik.http.routers.stoat-insecure.service=stoat-service-insecure
-      - traefik.http.routers.stoat-insecure.entrypoints=web
-      - traefik.http.routers.stoat-insecure.rule=Host(stoat.mistergeek.fr)
-      # - traefik.http.routers.stoat-insecure.rule=Host(`stoat.stoat.net`)
-      - traefik.http.middlewares.stoat-insecure-cache.compress=true
-      - traefik.http.routers.traefik.tls=true
-      - traefik.http.routers.traefik.tls.certresolver=le
-      # GZIP
-      - traefik.http.routers.traefik.middlewares=traefik-compress
-      - traefik.http.middlewares.traefik-compress.compress=true
-    networks:
-      - web
-