name: documenso-development services: database: image: postgres:15 container_name: database volumes: - documenso_database:/var/lib/postgresql/data healthcheck: test: ['CMD-SHELL', 'pg_isready -U ${POSTGRES_USER}'] interval: 10s timeout: 5s retries: 5 environment: - POSTGRES_USER=documenso - POSTGRES_PASSWORD=password - POSTGRES_DB=documenso ports: - 54320:5432 inbucket: image: inbucket/inbucket container_name: mailserver ports: - 9000:9000 - 2500:2500 - 1100:1100 redis: image: redis:8-alpine container_name: redis ports: - 63790:6379 volumes: - redis:/data minio: image: minio/minio container_name: minio ports: - 9002:9002 - 9001:9001 volumes: - minio:/data environment: MINIO_ROOT_USER: documenso MINIO_ROOT_PASSWORD: password entrypoint: sh command: -c 'mkdir -p /data/documenso && minio server /data --console-address ":9001" --address ":9002"' gotenberg: build: context: . dockerfile: Dockerfile.gotenberg image: documenso-dev-gotenberg:latest container_name: gotenberg restart: unless-stopped ports: - 3005:3000 environment: # Basic auth credentials Gotenberg checks when `--api-enable-basic-auth` # is passed. Dev defaults are non-secret — match # `NEXT_PRIVATE_DOCUMENT_CONVERSION_USERNAME` / `_PASSWORD` in `.env`. GOTENBERG_API_BASIC_AUTH_USERNAME: documenso GOTENBERG_API_BASIC_AUTH_PASSWORD: password command: - gotenberg # Require basic auth on every API route — prevents anyone with network # access to the container from invoking conversions. - --api-enable-basic-auth # SSRF defence in depth: reject any outbound fetch LibreOffice tries to # make to a private/loopback/link-local/cloud-metadata address while # processing an uploaded document. Mitigates CVE-2026-42591 (malicious # docx files embedding `TargetMode="External"` references to internal # services). Added in Gotenberg 8.32.0. - --libreoffice-deny-private-ips # Generous server-side timeout; the Node client aborts at 30 s by # default, so this is just a safety net. - --api-timeout=500s # Pre-warm LibreOffice at boot so the first request isn't cold. - --libreoffice-auto-start - --libreoffice-start-timeout=300s # Disable surfaces we don't use to shrink the attack surface. - --pdfengines-disable-routes - --webhook-disable # Verbose logs for the dev compose only. - --log-level=debug healthcheck: # `/health` is exempt from `--api-enable-basic-auth` so the check # doesn't need to authenticate. test: ['CMD', 'curl', '-fsS', 'http://localhost:3000/health'] interval: 10s timeout: 5s retries: 5 start_period: 20s volumes: minio: redis: documenso_database: