docker-apps/fireflyiii/stacks/compose.yml

# https://docs.firefly-iii.org/how-to/firefly-iii/installation/docker/
#
# The Firefly III Data Importer will ask you for the Firefly III URL and a "Client ID".
# You can generate the Client ID at http://localhost/profile (after registering)
# The Firefly III URL is: http://app:8080
#
# Other URL's will give 500 | Server Error
#
name: fireflyiii

networks:
  traefik-net:
    external: true
  fireflyiii-net:
    external: true
    
secrets:
  fireflyiii_access_token:
    file: ${SECRETSDIR}/fireflyiii_access_token
  fireflyiii_app_key:
    file: ${SECRETSDIR}/fireflyiii_app_key
  fireflyiii_default_lat:
    file: ${SECRETSDIR}/fireflyiii_default_lat
  fireflyiii_default_long:
    file: ${SECRETSDIR}/fireflyiii_default_long
  fireflyiii_mail_destination:
    file: ${SECRETSDIR}/fireflyiii_mail_destination
  fireflyiii_mail_from:
    file: ${SECRETSDIR}/fireflyiii_mail_from
  fireflyiii_mail_host:
    file: ${SECRETSDIR}/fireflyiii_mail_host
  fireflyiii_mail_password:
    file: ${SECRETSDIR}/fireflyiii_mail_password
  fireflyiii_mail_username:
    file: ${SECRETSDIR}/fireflyiii_mail_username
  fireflyiii_postgresql_database:
    file: ${SECRETSDIR}/fireflyiii_postgresql_database
  fireflyiii_postgresql_password:
    file: ${SECRETSDIR}/fireflyiii_postgresql_password
  fireflyiii_postgresql_username:
    file: ${SECRETSDIR}/fireflyiii_postgresql_username
  fireflyiii_site_owner:
    file: ${SECRETSDIR}/fireflyiii_site_owner
  fireflyiii_static_cron_token:
    file: ${SECRETSDIR}/fireflyiii_static_cron_token

services:
  firefly:
    image: fireflyiii/core:latest
    #image: fireflyiii/core:version-6.1.16
    hostname: "${APPLICATION_NAME}"
#    user: ${PUID}:${PGID}
    volumes:
      - ${DATADIR}/appdata:/var/www/html/storage/upload
      - ${DATADIR}/config:/config
    restart: unless-stopped
    env_file: .firefly.env
    networks:
      fireflyiii-net: 
        aliases: ["fireflyiii", "${FFIII_FQDN}"]
      traefik-net: {}
    depends_on:
      postgresql:
        condition: service_healthy
    secrets:
      - fireflyiii_app_key
      - fireflyiii_default_lat
      - fireflyiii_default_long
      - fireflyiii_mail_from
      - fireflyiii_mail_host
      - fireflyiii_mail_password
      - fireflyiii_mail_username
      - fireflyiii_postgresql_database
      - fireflyiii_postgresql_password
      - fireflyiii_postgresql_username
      - fireflyiii_site_owner
      - fireflyiii_static_cron_token
    labels:
      - traefik.enable=true
      - traefik.docker.network=traefik-net
      #
      # http services
      # -------------
      - "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${WEBUI_PORT}"
      #
      # http routers
      # ------------
      # limit router to web ":80" entrypoint
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web"
      # set match criteria for router
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${FFIII_FQDN}`)&& PathPrefix(`/`)"
      # attach middlewares to router
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file"
      # assign svc target to router
      - "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
      #
      # limit router to websecure ":443" entrypoint
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure"
      # set match criteria for router
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${FFIII_FQDN}`)&& PathPrefix(`/`)"
      # set router to be dedicated to secure requests only for the host specified in match criteria
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true"
      # apply tls options
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.options=tls-options@file"
      # generate certificates using following certresolver
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns"
      # attach middlewares to router
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file"
      # assign svc target to router
      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc"

  importer:
    image: fireflyiii/data-importer:latest
    hostname: "${IMPORTER_NAME}"
    restart: unless-stopped
    env_file: .importer.env
#    user: ${PUID}:${PGID}
    networks:
      traefik-net: {}
#        ipv4_address: ${FFIII_IMPORTER_IPV4_ADDRESS}
#        aliases: ["${FFIII_IMPORTER_FQDN}"]
    depends_on:
      - firefly
    secrets:
      - fireflyiii_access_token
      - fireflyiii_mail_from
      - fireflyiii_mail_host
      - fireflyiii_mail_password
      - fireflyiii_mail_username
      - fireflyiii_mail_destination
    labels:
      - traefik.enable=true
      - traefik.docker.network=traefik-net
      - "traefik.http.services.${IMPORTER_NAME}-svc.loadbalancer.server.port=${IMPORTER_WEBUI_PORT}"
      - "traefik.http.routers.${IMPORTER_NAME}-rtr.entrypoints=web"
      - "traefik.http.routers.${IMPORTER_NAME}-rtr.rule=Host(`${FFIII_IMPORTER_FQDN}`)&& PathPrefix(`/`)"
      - "traefik.http.routers.${IMPORTER_NAME}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file"
      - "traefik.http.routers.${IMPORTER_NAME}-rtr.service=${IMPORTER_NAME}-svc"
      - "traefik.http.routers.${IMPORTER_NAME}-secure-rtr.entrypoints=websecure"
      - "traefik.http.routers.${IMPORTER_NAME}-secure-rtr.rule=Host(`${FFIII_IMPORTER_FQDN}`)&& PathPrefix(`/`)"
      - "traefik.http.routers.${IMPORTER_NAME}-secure-rtr.tls=true"
      - "traefik.http.routers.${IMPORTER_NAME}-secure-rtr.tls.options=tls-options@file"
      - "traefik.http.routers.${IMPORTER_NAME}-secure-rtr.tls.certresolver=solver-dns"
      - "traefik.http.routers.${IMPORTER_NAME}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file"
      - "traefik.http.routers.${IMPORTER_NAME}-secure-rtr.service=${IMPORTER_NAME}-svc"

  postgresql:
    image: postgres:16-alpine
    hostname: "firefly_postgresql"
    shm_size: 128mb # https://hub.docker.com/_/postgres
    restart: unless-stopped
    env_file: .postgresql.env
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
      start_period: 20s
      interval: 30s
      retries: 5
      timeout: 5s
    networks:
      fireflyiii-net:
        aliases: ["fireflyiii_postgresql"]
    secrets:
      - fireflyiii_postgresql_database
      - fireflyiii_postgresql_password
      - fireflyiii_postgresql_username
    volumes:
      - "${DATADIR}/pgdata:/var/lib/postgresql/data"
      - "${DATADIR}/pgbackups:/mnt/backups"

  cron:
    #
    # To make this work, set STATIC_CRON_TOKEN in your .env file or as an environment variable
    # The STATIC_CRON_TOKEN must be *exactly* 32 characters long
    # Generate the token with
    #      openssl rand 32 | base64 -w 0 | sed 's/[\$,\#,/,+,=]//g' | cut -c -32
    #
    image: alpine
    restart: always
    secrets:
      - fireflyiii_static_cron_token
    command: sh -c "echo \"0 3 * * * wget -qO- http://fireflyiii:8080/api/v1/cron/$${STATIC_CRON_TOKEN}\" | crontab - && crond -f -L /dev/stdout"
    networks:
      - fireflyiii-net