version: "3.7"
services:
  db:
    image: postgres:latest
    restart: unless-stopped
    environment:
      POSTGRES_DB: "passbolt"
      POSTGRES_USER: "passbolt"
      POSTGRES_PASSWORD: "P4ssb0lt"
    volumes:
      - database_volume:/var/lib/postgresql/data

  passbolt:
    image: passbolt/passbolt:latest
    #Alternatively you can use rootless:
    #image: passbolt/passbolt:latest-ce-non-root
    restart: unless-stopped
    tty: true
    depends_on:
      - db
    environment:
      APP_FULL_BASE_URL: https://passbolt.local
      DATASOURCES_DEFAULT_DRIVER: Cake\Database\Driver\Postgres
      DATASOURCES_DEFAULT_ENCODING: "utf8"
      DATASOURCES_DEFAULT_URL: "postgres://passbolt:P4ssb0lt@db:5432/passbolt?schema=passbolt"
      EMAIL_TRANSPORT_DEFAULT_HOST: "smtp.domain.tld"
      EMAIL_TRANSPORT_DEFAULT_PORT: 587
    volumes:
      - gpg_volume:/etc/passbolt/gpg
      - jwt_volume:/etc/passbolt/jwt
      #- ./cert.pem:/etc/ssl/certs/certificate.crt:ro
      #- ./key.pem:/etc/ssl/certs/certificate.key:ro
      #- ./cert.pem:/etc/passbolt/certs/certificate.crt:ro
      #- ./key.pem:/etc/passbolt/certs/certificate.key:ro
    command: >
      bash -c "/usr/bin/wait-for.sh -t 0 db:5432 -- /docker-entrypoint.sh"
    ports:
      - 80:80
      - 443:443
    #Alternatively for non-root images:
    # - 80:8080
    # - 443:4433

volumes:
  database_volume:
  gpg_volume:
  jwt_volume: