version: '3.8'

networks:
  host-network:
    name: host
    external: true
  prometheus-network:
    external: true
  traefik-network:
    external: true
  database-network:
    external: true

services:
  onlyoffice-service:
    image: docker.io/onlyoffice/documentserver:7.2
    hostname: onlyoffice-service-host
    networks:
      - traefik-network
    volumes:
      - type: bind
        source: /media/seagate-1000/onlyoffice/data
        target: /var/www/onlyoffice/Data
      - type: bind
        source: /media/seagate-1000/onlyoffice/logs
        target: /var/log/onlyoffice
    environment:
      - JWT_ENABLED=true
      - JWT_SECRET=bf420c41310528273eb307be6d78a432abc7b0276bb8590304e13de09db2dc44
    deploy:
      mode: replicated
      replicas: 1
      placement:
        max_replicas_per_node: 1
        ##constraints: 
          ##- node.role == worker
          ##- node.role == manager
      resources:
        reservations:
          memory: 1GB
        limits:
          memory: 2GB
      restart_policy:
        condition: on-failure
      labels:
        - traefik.enable=true
        ##- traefik.docker.network=traefik-network
        - traefik.http.routers.onlyoffice-https.entrypoints=websec
        - traefik.http.routers.onlyoffice-https.rule=Host(`oo.miflux.com`)
        - traefik.http.routers.onlyoffice-https.tls=true
        - traefik.http.services.onlyoffice-service.loadbalancer.server.port=80
        - traefik.http.services.onlyoffice-service.loadbalancer.sticky.cookie=true
        - traefik.http.services.onlyoffice-service.loadbalancer.sticky.cookie.name=onlyoffice-sticker
        ## wss:// access has an issue without followings:
        - traefik.http.middlewares.onlyoffice-headers.headers.customrequestheaders.X-Forwarded-Proto=https
        - traefik.http.middlewares.onlyoffice-headers.headers.accessControlAllowOriginList=*
        - traefik.http.routers.onlyoffice-https.middlewares=onlyoffice-headers