services: # 1. The Database guac-db: image: postgres:15-alpine container_name: guac-db user: root cpus: 2.0 mem_limit: "4096m" mem_reservation: "1024m" restart: unless-stopped environment: POSTGRESQL_USERNAME: ${PG_USERNAME} POSTGRESQL_PASSWORD: ${PG_PASSWORD} POSTGRESQL_DB: guacamole_db volumes: - /docker/guacamole/init:/docker-entrypoint-initdb.d:ro # Loads schema on first boot - /docker/guacamole/db:/var/lib/postgresql/data networks: - guac_internal # 2. The "Proxy Daemon" (Translates RDP/SSH to HTML5) guacd: image: guacamole/guacd container_name: guacd cpus: 1.0 mem_limit: "1024m" mem_reservation: "256m" restart: unless-stopped networks: - guac_internal - guac_ssh # 3. The Web Interface guacamole: image: guacamole/guacamole container_name: guacamole restart: unless-stopped user: root cpus: 2.0 mem_limit: "3072m" # 3 GB mem_reservation: "1024m" depends_on: - guac-db - guacd environment: GUACD_HOSTNAME: guacd POSTGRESQL_HOSTNAME: guac-db POSTGRESQL_DATABASE: guacamole_db POSTGRESQL_USERNAME: ${PG_USERNAME} POSTGRESQL_PASSWORD: ${PG_PASSWORD} CATALINA_OPTS: "-Djava.security.egd=file:/dev/./urandom -Xms1g -Xmx2g" networks: - guac_internal - guac_external # Connects to Traefik labels: - "traefik.enable=${TRAEFIK_ENABLED:-false}" # Routing Logic - "traefik.http.routers.${SERVICE_NAME}.rule=Host(`${SUBDOMAIN}.${ENV_DOMAIN}`)" - "traefik.http.routers.${SERVICE_NAME}.entrypoints=${TRAEFIK_ENTRYPOINT:-websecure}" - "traefik.http.routers.${SERVICE_NAME}.tls=true" - "traefik.http.routers.${SERVICE_NAME}.tls.certresolver=${TRAEFIK_RESOLVER:-myresolver}" # Service Logic - "traefik.http.services.${SERVICE_NAME}.loadbalancer.server.port=${INTERNAL_PORT:-80}" # Middleware Logic - "traefik.http.routers.${SERVICE_NAME}.middlewares=${MIDDLEWARES:-}" networks: guac_internal: internal: true guac_external: external: true guac_ssh: external: true