version: '3.7' services: radicale: image: tomsquest/docker-radicale container_name: radicale init: true read_only: true security_opt: - no-new-privileges:true cap_drop: - ALL cap_add: - SETUID - SETGID - CHOWN - KILL healthcheck: test: curl -f http://127.0.0.1:5232 || exit 1 interval: 30s retries: 3 restart: unless-stopped volumes: - {{ data_dir }}:/data - {{ service_dir }}/config:/config:ro networks: - traefik labels: - traefik.enable=true - traefik.http.routers.radicale.entrypoints=websecure - traefik.http.routers.radicale.rule=Host(`{{ dav_domain }}`) - traefik.http.routers.radicale.tls=true - traefik.http.routers.radicale.tls.certresolver=letsencrypt - traefik.http.routers.radicale.service=radicale - traefik.http.services.radicale.loadbalancer.server.port=5232 networks: traefik: external: true