x-flags: &penpot-flags # Merged disable-sandbox into the flags array to protect the headless engine # PENPOT_FLAGS: disable-email-verification enable-smtp enable-prepl-server disable-secure-session-cookies enable-mcp disable-sandbox enable-login-with-password PENPOT_FLAGS: disable-email-verification enable-smtp enable-prepl-server disable-secure-session-cookies disable-sandbox enable-login-with-password x-uri: &penpot-public-uri PENPOT_PUBLIC_URI: ${PENPOT_PUBLIC_URI} x-body-size: &penpot-http-body-size PENPOT_HTTP_SERVER_MAX_BODY_SIZE: 367001600 PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE: 367001600 x-secret-key: &penpot-secret-key PENPOT_SECRET_KEY: ${PENPOT_SECRET_KEY} networks: penpot-net: driver: bridge volumes: penpot_assets: penpot_postgres_v15: services: penpot-frontend: image: "penpotapp/frontend:${PENPOT_VERSION:-latest}" restart: always ports: - "8084:80" # Binds your port 8084 layout mapping to Penpot frontend volumes: - penpot_assets:/opt/data/assets depends_on: - penpot-backend - penpot-exporter - penpot-mcp networks: - penpot-net environment: << : [*penpot-flags, *penpot-http-body-size, *penpot-public-uri] penpot-backend: image: "penpotapp/backend:${PENPOT_VERSION:-latest}" restart: always volumes: - penpot_assets:/opt/data/assets networks: - penpot-net ports: - "6060:6060" depends_on: penpot-postgres: condition: service_healthy # Wait for database stability penpot-valkey: condition: service_healthy # Wait for internal caching layer stability environment: << : [*penpot-flags, *penpot-public-uri, *penpot-http-body-size, *penpot-secret-key] # Security Handshake Key for internal Exporter validation routines PENPOT_EXPORTER_SECRET_KEY: ${PENPOT_EXPORTER_SECRET_KEY} ## Local Internal Database connection parameters PENPOT_DATABASE_URI: postgresql://penpot-postgres/penpot PENPOT_DATABASE_USERNAME: penpot PENPOT_DATABASE_PASSWORD: penpot ## Local Caching Layer connection parameter PENPOT_REDIS_URI: redis://penpot-valkey/0 ## Storage Settings PENPOT_OBJECTS_STORAGE_BACKEND: fs PENPOT_OBJECTS_STORAGE_FS_DIRECTORY: /opt/data/assets ## Telemetry & Optional settings PENPOT_TELEMETRY_ENABLED: "false" penpot-mcp: image: "penpotapp/mcp:${PENPOT_VERSION:-latest}" restart: always networks: - penpot-net penpot-exporter: image: "penpotapp/exporter:${PENPOT_VERSION:-latest}" restart: always shm_size: '2gb' # Protects Puppeteer rendering processes from memory crashes depends_on: penpot-valkey: condition: service_healthy networks: - penpot-net environment: << : [*penpot-secret-key] PENPOT_EXPORTER_SECRET_KEY: ${PENPOT_EXPORTER_SECRET_KEY} PENPOT_PUBLIC_URI: http://penpot-frontend:8080 ## Local Caching Layer connections for the exporter sub-engine PENPOT_REDIS_URI: redis://penpot-valkey/0 PENPOT_REDIS_URL: redis://penpot-valkey/0 PENPOT_FLAGS: disable-sandbox # Integrated isolated Database Service penpot-postgres: image: "postgres:15" restart: always stop_signal: SIGINT networks: - penpot-net volumes: - penpot_postgres_v15:/var/lib/postgresql/data environment: - POSTGRES_INITDB_ARGS=--data-checksums - POSTGRES_DB=penpot - POSTGRES_USER=penpot - POSTGRES_PASSWORD=penpot healthcheck: test: ["CMD-SHELL", "pg_isready -U penpot"] interval: 2s timeout: 10s retries: 5 start_period: 2s # Integrated isolated Caching Engine (Valkey drop-in for Redis) penpot-valkey: image: valkey/valkey:8.1 restart: always networks: - penpot-net environment: - VALKEY_EXTRA_FLAGS=--maxmemory 128mb --maxmemory-policy volatile-lfu healthcheck: test: ["CMD-SHELL", "valkey-cli ping | grep PONG"] interval: 1s timeout: 3s retries: 5 start_period: 3s