services: couchdb: image: couchdb:3 restart: unless-stopped environment: COUCHDB_USER: ${COUCHDB_USER:-admin} COUCHDB_PASSWORD: ${COUCHDB_PASSWORD} expose: - "5984" volumes: - couchdb_data:/opt/couchdb/data networks: - default # nginx fronts CouchDB to add `Secure` to the AuthSession cookie. CouchDB only # marks the cookie Secure when mochiweb sees a true HTTPS socket, which never # happens behind a TLS-terminating proxy — so SameSite=None cookies would be # dropped by browsers on cross-origin requests. See nginx/default.conf. nginx: image: nginx:alpine restart: unless-stopped depends_on: - couchdb environment: SERVICE_FQDN_NGINX_5984: expose: - "5984" volumes: - ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro networks: - default - coolify labels: - "traefik.enable=true" - "traefik.docker.network=lvw8efvnvsxduodrkg68zul3" - "traefik.http.routers.coolcouch.rule=Host(`couch.apoena.dev`)" - "traefik.http.routers.coolcouch.entrypoints=https" - "traefik.http.routers.coolcouch.tls=true" - "traefik.http.services.coolcouch.loadbalancer.server.port=5984" couchdb-init: image: curlimages/curl:latest restart: "no" depends_on: - couchdb environment: COUCHDB_USER: ${COUCHDB_USER:-admin} COUCHDB_PASSWORD: ${COUCHDB_PASSWORD} entrypoint: ["sh", "-c"] command: - | set -eu base="http://$${COUCHDB_USER}:$${COUCHDB_PASSWORD}@couchdb:5984" echo "waiting for couchdb..." i=0 until curl -fsS "http://couchdb:5984/_up" >/dev/null 2>&1; do i=$$((i + 1)) if [ $$i -gt 60 ]; then echo "couchdb did not become ready in 120s"; exit 1 fi sleep 2 done echo "couchdb ready" for db in _users _replicator _global_changes; do code=$$(curl -s -o /dev/null -w "%{http_code}" -X PUT "$$base/$$db") case "$$code" in 201|202|412) echo "db $$db: ok ($$code)" ;; *) echo "db $$db: failed ($$code)"; exit 1 ;; esac done put_config() { curl -fsS -X PUT -H "Content-Type: application/json" \ "$$base/_node/_local/_config/$$1/$$2" -d "\"$$3\"" >/dev/null echo "cfg $$1/$$2 = $$3" } put_config chttpd enable_cors true put_config cors origins 'http://localhost:8080,http://localhost:5173,http://localhost:3000,http://localhost:4173,https://vaquant.at' put_config cors credentials true put_config cors methods 'GET, PUT, POST, HEAD, DELETE' put_config cors headers 'accept, authorization, content-type, origin, referer, x-csrf-token' # SameSite=None is required for PouchDB cross-origin cookie sessions. # Browsers also require Secure on SameSite=None cookies — that flag is # added by the nginx sidecar via proxy_cookie_flags. put_config couch_httpd_auth same_site none signup: build: context: ./signup restart: unless-stopped depends_on: - couchdb environment: SERVICE_FQDN_SIGNUP_8080: COUCHDB_URL: http://couchdb:5984 COUCHDB_ADMIN_USER: ${COUCHDB_USER:-admin} COUCHDB_ADMIN_PASSWORD: ${COUCHDB_PASSWORD} INVITE_CODE: ${INVITE_CODE} SIGNUP_ALLOWED_ORIGINS: "http://localhost:8080,http://localhost:5173,http://localhost:3000,http://localhost:4173,https://vaquant.at" PORT: "8080" expose: - "8080" networks: - default - coolify labels: - "traefik.enable=true" - "traefik.docker.network=lvw8efvnvsxduodrkg68zul3" - "traefik.http.routers.coolcouch-signup.rule=Host(`signup-couch.apoena.dev`)" - "traefik.http.routers.coolcouch-signup.entrypoints=https" - "traefik.http.routers.coolcouch-signup.tls=true" - "traefik.http.services.coolcouch-signup.loadbalancer.server.port=8080" networks: coolify: external: true name: lvw8efvnvsxduodrkg68zul3 volumes: couchdb_data: