path: root/devdocs/docker/compose%2Fcompose-file%2Fcompose-file-v3%2Findex.html

<h1>Compose file version 3 reference</h1>

<h2 id="reference-and-guidelines">Reference and guidelines</h2> <p>These topics describe version 3 of the Compose file format. This is the newest version.</p> <h2 id="compose-and-docker-compatibility-matrix">Compose and Docker compatibility matrix</h2> <p>There are several versions of the Compose file format – 1, 2, 2.x, and 3.x. The table below is a quick look. For full details on what each version includes and how to upgrade, see <strong><a href="../compose-versioning/index">About versions and upgrading</a></strong>.</p> <p>This table shows which Compose file versions support specific Docker releases.</p> <table> <thead> <tr> <th><strong>Compose file format</strong></th> <th><strong>Docker Engine release</strong></th> </tr> </thead> <tbody> <tr> <td>Compose specification</td> <td>19.03.0+</td> </tr> <tr> <td>3.8</td> <td>19.03.0+</td> </tr> <tr> <td>3.7</td> <td>18.06.0+</td> </tr> <tr> <td>3.6</td> <td>18.02.0+</td> </tr> <tr> <td>3.5</td> <td>17.12.0+</td> </tr> <tr> <td>3.4</td> <td>17.09.0+</td> </tr> <tr> <td>3.3</td> <td>17.06.0+</td> </tr> <tr> <td>3.2</td> <td>17.04.0+</td> </tr> <tr> <td>3.1</td> <td>1.13.1+</td> </tr> <tr> <td>3.0</td> <td>1.13.0+</td> </tr> <tr> <td>2.4</td> <td>17.12.0+</td> </tr> <tr> <td>2.3</td> <td>17.06.0+</td> </tr> <tr> <td>2.2</td> <td>1.13.0+</td> </tr> <tr> <td>2.1</td> <td>1.12.0+</td> </tr> <tr> <td>2.0</td> <td>1.10.0+</td> </tr> </tbody> </table> <p>In addition to Compose file format versions shown in the table, the Compose itself is on a release schedule, as shown in <a href="https://github.com/docker/compose/releases/">Compose releases</a>, but file format versions do not necessarily increment with each release. For example, Compose file format 3.0 was first introduced in <a href="https://github.com/docker/compose/releases/tag/1.10.0">Compose release 1.10.0</a>, and versioned gradually in subsequent releases.</p> <p>The latest Compose file format is defined by the <a href="https://github.com/compose-spec/compose-spec/blob/master/spec/" target="_blank" rel="noopener" class="_">Compose Specification</a> and is implemented by Docker Compose <strong>1.27.0+</strong>.</p> <h2 id="compose-file-structure-and-examples">Compose file structure and examples</h2> <p>Here is a sample Compose file from the voting app sample used in the <a href="https://github.com/docker/labs/tree/master/beginner/">Docker for Beginners lab</a> topic on <a href="https://github.com/docker/labs/blob/master/beginner/chapters/votingapp/">Deploying an app to a Swarm</a>:</p> <div class="panel panel-default"> <div class="panel-heading collapsed" data-toggle="collapse" data-target="#collapseSample1" style="cursor: pointer"> Example Compose file version 3  </div> <div class="collapse block" id="collapseSample1"> <div class="highlight"><pre class="highlight" data-language="">
version: "3.9"
services:

  redis:
    image: redis:alpine
    ports:
      - "6379"
    networks:
      - frontend
    deploy:
      replicas: 2
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure

  db:
    image: postgres:9.4
    volumes:
      - db-data:/var/lib/postgresql/data
    networks:
      - backend
    deploy:
      placement:
        max_replicas_per_node: 1
        constraints:
          - "node.role==manager"

  vote:
    image: dockersamples/examplevotingapp_vote:before
    ports:
      - "5000:80"
    networks:
      - frontend
    depends_on:
      - redis
    deploy:
      replicas: 2
      update_config:
        parallelism: 2
      restart_policy:
        condition: on-failure

  result:
    image: dockersamples/examplevotingapp_result:before
    ports:
      - "5001:80"
    networks:
      - backend
    depends_on:
      - db
    deploy:
      replicas: 1
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure

  worker:
    image: dockersamples/examplevotingapp_worker
    networks:
      - frontend
      - backend
    deploy:
      mode: replicated
      replicas: 1
      labels: [APP=VOTING]
      restart_policy:
        condition: on-failure
        delay: 10s
        max_attempts: 3
        window: 120s
      placement:
        constraints:
          - "node.role==manager"

  visualizer:
    image: dockersamples/visualizer:stable
    ports:
      - "8080:8080"
    stop_grace_period: 1m30s
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    deploy:
      placement:
        constraints:
          - "node.role==manager"

networks:
  frontend:
  backend:

volumes:
  db-data:
</pre></div>  </div> </div> <p>The topics on this reference page are organized alphabetically by top-level key to reflect the structure of the Compose file itself. Top-level keys that define a section in the configuration file such as <code class="language-plaintext highlighter-rouge">build</code>, <code class="language-plaintext highlighter-rouge">deploy</code>, <code class="language-plaintext highlighter-rouge">depends_on</code>, <code class="language-plaintext highlighter-rouge">networks</code>, and so on, are listed with the options that support them as sub-topics. This maps to the <code class="language-plaintext highlighter-rouge">&lt;key&gt;: &lt;option&gt;: &lt;value&gt;</code> indent structure of the Compose file.</p> <h2 id="service-configuration-reference">Service configuration reference</h2> <p>The Compose file is a <a href="https://yaml.org">YAML</a> file defining <a href="#service-configuration-reference">services</a>, <a href="#network-configuration-reference">networks</a> and <a href="#volume-configuration-reference">volumes</a>. The default path for a Compose file is <code class="language-plaintext highlighter-rouge">./docker-compose.yml</code>.</p> <blockquote> <p><strong>Tip</strong>: You can use either a <code class="language-plaintext highlighter-rouge">.yml</code> or <code class="language-plaintext highlighter-rouge">.yaml</code> extension for this file. They both work.</p> </blockquote> <p>A service definition contains configuration that is applied to each container started for that service, much like passing command-line parameters to <code class="language-plaintext highlighter-rouge">docker run</code>. Likewise, network and volume definitions are analogous to <code class="language-plaintext highlighter-rouge">docker network create</code> and <code class="language-plaintext highlighter-rouge">docker volume create</code>.</p> <p>As with <code class="language-plaintext highlighter-rouge">docker run</code>, options specified in the Dockerfile, such as <code class="language-plaintext highlighter-rouge">CMD</code>, <code class="language-plaintext highlighter-rouge">EXPOSE</code>, <code class="language-plaintext highlighter-rouge">VOLUME</code>, <code class="language-plaintext highlighter-rouge">ENV</code>, are respected by default - you don’t need to specify them again in <code class="language-plaintext highlighter-rouge">docker-compose.yml</code>.</p> <p>You can use environment variables in configuration values with a Bash-like <code class="language-plaintext highlighter-rouge">${VARIABLE}</code> syntax - see <a href="#variable-substitution">variable substitution</a> for full details.</p> <p>This section contains a list of all configuration options supported by a service definition in version 3.</p> <h3 id="build">build</h3> <p>Configuration options that are applied at build time.</p> <p><code class="language-plaintext highlighter-rouge">build</code> can be specified either as a string containing a path to the build context:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  webapp:
    build: ./dir
</pre></div> <p>Or, as an object with the path specified under <a href="#context">context</a> and optionally <a href="#dockerfile">Dockerfile</a> and <a href="#args">args</a>:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  webapp:
    build:
      context: ./dir
      dockerfile: Dockerfile-alternate
      args:
        buildno: 1
</pre></div> <p>If you specify <code class="language-plaintext highlighter-rouge">image</code> as well as <code class="language-plaintext highlighter-rouge">build</code>, then Compose names the built image with the <code class="language-plaintext highlighter-rouge">webapp</code> and optional <code class="language-plaintext highlighter-rouge">tag</code> specified in <code class="language-plaintext highlighter-rouge">image</code>:</p> <div class="highlight"><pre class="highlight" data-language="">build: ./dir
image: webapp:tag
</pre></div> <p>This results in an image named <code class="language-plaintext highlighter-rouge">webapp</code> and tagged <code class="language-plaintext highlighter-rouge">tag</code>, built from <code class="language-plaintext highlighter-rouge">./dir</code>.</p> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">build</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a> The <code class="language-plaintext highlighter-rouge">docker stack</code> command does not build images before deploying.</p> </blockquote> <h4 id="context">context</h4> <p>Either a path to a directory containing a Dockerfile, or a url to a git repository.</p> <p>When the value supplied is a relative path, it is interpreted as relative to the location of the Compose file. This directory is also the build context that is sent to the Docker daemon.</p> <p>Compose builds and tags it with a generated name, and uses that image thereafter.</p> <div class="highlight"><pre class="highlight" data-language="">build:
  context: ./dir
</pre></div> <h4 id="dockerfile">dockerfile</h4> <p>Alternate Dockerfile.</p> <p>Compose uses an alternate file to build with. A build path must also be specified.</p> <div class="highlight"><pre class="highlight" data-language="">build:
  context: .
  dockerfile: Dockerfile-alternate
</pre></div> <h4 id="args">args</h4> <p>Add build arguments, which are environment variables accessible only during the build process.</p> <p>First, specify the arguments in your Dockerfile:</p> <div class="highlight"><pre class="highlight" data-language=""># syntax=docker/dockerfile:1

ARG buildno
ARG gitcommithash

RUN echo "Build number: $buildno"
RUN echo "Based on commit: $gitcommithash"
</pre></div> <p>Then specify the arguments under the <code class="language-plaintext highlighter-rouge">build</code> key. You can pass a mapping or a list:</p> <div class="highlight"><pre class="highlight" data-language="">build:
  context: .
  args:
    buildno: 1
    gitcommithash: cdc3b19
</pre></div> <div class="highlight"><pre class="highlight" data-language="">build:
  context: .
  args:
    - buildno=1
    - gitcommithash=cdc3b19
</pre></div> <blockquote> <p>Scope of build-args</p> <p>In your Dockerfile, if you specify <code class="language-plaintext highlighter-rouge">ARG</code> before the <code class="language-plaintext highlighter-rouge">FROM</code> instruction, <code class="language-plaintext highlighter-rouge">ARG</code> is not available in the build instructions under <code class="language-plaintext highlighter-rouge">FROM</code>. If you need an argument to be available in both places, also specify it under the <code class="language-plaintext highlighter-rouge">FROM</code> instruction. Refer to the <a href="../../../engine/reference/builder/index#understand-how-arg-and-from-interact">understand how ARGS and FROM interact</a> section in the documentation for usage details.</p> </blockquote> <p>You can omit the value when specifying a build argument, in which case its value at build time is the value in the environment where Compose is running.</p> <div class="highlight"><pre class="highlight" data-language="">args:
  - buildno
  - gitcommithash
</pre></div> <blockquote> <p>Tip when using boolean values</p> <p>YAML boolean values (<code class="language-plaintext highlighter-rouge">"true"</code>, <code class="language-plaintext highlighter-rouge">"false"</code>, <code class="language-plaintext highlighter-rouge">"yes"</code>, <code class="language-plaintext highlighter-rouge">"no"</code>, <code class="language-plaintext highlighter-rouge">"on"</code>, <code class="language-plaintext highlighter-rouge">"off"</code>) must be enclosed in quotes, so that the parser interprets them as strings.</p> </blockquote> <h4 id="cache_from">cache_from</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-32">version 3.2</a> file format</p> </blockquote> <p>A list of images that the engine uses for cache resolution.</p> <div class="highlight"><pre class="highlight" data-language="">build:
  context: .
  cache_from:
    - alpine:latest
    - corp/web_app:3.14
</pre></div> <h4 id="labels">labels</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-33">version 3.3</a> file format</p> </blockquote> <p>Add metadata to the resulting image using <a href="https://docs.docker.com/config/labels-custom-metadata/">Docker labels</a>. You can use either an array or a dictionary.</p> <p>It’s recommended that you use reverse-DNS notation to prevent your labels from conflicting with those used by other software.</p> <div class="highlight"><pre class="highlight" data-language="">build:
  context: .
  labels:
    com.example.description: "Accounting webapp"
    com.example.department: "Finance"
    com.example.label-with-empty-value: ""
</pre></div> <div class="highlight"><pre class="highlight" data-language="">build:
  context: .
  labels:
    - "com.example.description=Accounting webapp"
    - "com.example.department=Finance"
    - "com.example.label-with-empty-value"
</pre></div> <h4 id="network">network</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-34">version 3.4</a> file format</p> </blockquote> <p>Set the network containers connect to for the <code class="language-plaintext highlighter-rouge">RUN</code> instructions during build.</p> <div class="highlight"><pre class="highlight" data-language="">build:
  context: .
  network: host
</pre></div> <div class="highlight"><pre class="highlight" data-language="">build:
  context: .
  network: custom_network_1
</pre></div> <p>Use <code class="language-plaintext highlighter-rouge">none</code> to disable networking during build:</p> <div class="highlight"><pre class="highlight" data-language="">build:
  context: .
  network: none
</pre></div> <h4 id="shm_size">shm_size</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-35">version 3.5</a> file format</p> </blockquote> <p>Set the size of the <code class="language-plaintext highlighter-rouge">/dev/shm</code> partition for this build’s containers. Specify as an integer value representing the number of bytes or as a string expressing a <a href="#specifying-byte-values">byte value</a>.</p> <div class="highlight"><pre class="highlight" data-language="">build:
  context: .
  shm_size: '2gb'
</pre></div> <div class="highlight"><pre class="highlight" data-language="">build:
  context: .
  shm_size: 10000000
</pre></div> <h4 id="target">target</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-34">version 3.4</a> file format</p> </blockquote> <p>Build the specified stage as defined inside the <code class="language-plaintext highlighter-rouge">Dockerfile</code>. See the <a href="https://docs.docker.com/develop/develop-images/multistage-build/">multi-stage build docs</a> for details.</p> <div class="highlight"><pre class="highlight" data-language="">build:
  context: .
  target: prod
</pre></div> <h3 id="cap_add-cap_drop">cap_add, cap_drop</h3> <p>Add or drop container capabilities. See <code class="language-plaintext highlighter-rouge">man 7 capabilities</code> for a full list.</p> <div class="highlight"><pre class="highlight" data-language="">cap_add:
  - ALL

cap_drop:
  - NET_ADMIN
  - SYS_ADMIN
</pre></div> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">cap_add</code> and <code class="language-plaintext highlighter-rouge">cap_drop</code> options are ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a></p> </blockquote> <h3 id="cgroup_parent">cgroup_parent</h3> <p>Specify an optional parent cgroup for the container.</p> <div class="highlight"><pre class="highlight" data-language="">cgroup_parent: m-executor-abcd
</pre></div> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">cgroup_parent</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a></p> </blockquote> <h3 id="command">command</h3> <p>Override the default command.</p> <div class="highlight"><pre class="highlight" data-language="">command: bundle exec thin -p 3000
</pre></div> <p>The command can also be a list, in a manner similar to <a href="../../../engine/reference/builder/index#cmd">dockerfile</a>:</p> <div class="highlight"><pre class="highlight" data-language="">command: ["bundle", "exec", "thin", "-p", "3000"]
</pre></div> <h3 id="configs">configs</h3> <p>Grant access to configs on a per-service basis using the per-service <code class="language-plaintext highlighter-rouge">configs</code> configuration. Two different syntax variants are supported.</p> <blockquote> <p><strong>Note</strong>: The config must already exist or be <a href="#configs-configuration-reference">defined in the top-level <code class="language-plaintext highlighter-rouge">configs</code> configuration</a> of this stack file, or stack deployment fails.</p> </blockquote> <p>For more information on configs, see <a href="../../../engine/swarm/configs/index">configs</a>.</p> <h4 id="short-syntax">Short syntax</h4> <p>The short syntax variant only specifies the config name. This grants the container access to the config and mounts it at <code class="language-plaintext highlighter-rouge">/&lt;config_name&gt;</code> within the container. The source name and destination mountpoint are both set to the config name.</p> <p>The following example uses the short syntax to grant the <code class="language-plaintext highlighter-rouge">redis</code> service access to the <code class="language-plaintext highlighter-rouge">my_config</code> and <code class="language-plaintext highlighter-rouge">my_other_config</code> configs. The value of <code class="language-plaintext highlighter-rouge">my_config</code> is set to the contents of the file <code class="language-plaintext highlighter-rouge">./my_config.txt</code>, and <code class="language-plaintext highlighter-rouge">my_other_config</code> is defined as an external resource, which means that it has already been defined in Docker, either by running the <code class="language-plaintext highlighter-rouge">docker config create</code> command or by another stack deployment. If the external config does not exist, the stack deployment fails with a <code class="language-plaintext highlighter-rouge">config not found</code> error.</p> <blockquote> <p>Added in <a href="../compose-versioning/index#version-33">version 3.3</a> file format.</p> <p><code class="language-plaintext highlighter-rouge">config</code> definitions are only supported in version 3.3 and higher of the compose file format.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  redis:
    image: redis:latest
    deploy:
      replicas: 1
    configs:
      - my_config
      - my_other_config
configs:
  my_config:
    file: ./my_config.txt
  my_other_config:
    external: true
</pre></div> <h4 id="long-syntax">Long syntax</h4> <p>The long syntax provides more granularity in how the config is created within the service’s task containers.</p> <ul> <li>
<code class="language-plaintext highlighter-rouge">source</code>: The identifier of the config as it is defined in this configuration.</li> <li>
<code class="language-plaintext highlighter-rouge">target</code>: The path and name of the file to be mounted in the service’s task containers. Defaults to <code class="language-plaintext highlighter-rouge">/&lt;source&gt;</code> if not specified.</li> <li>
<code class="language-plaintext highlighter-rouge">uid</code> and <code class="language-plaintext highlighter-rouge">gid</code>: The numeric UID or GID that owns the mounted config file within in the service’s task containers. Both default to <code class="language-plaintext highlighter-rouge">0</code> on Linux if not specified. Not supported on Windows.</li> <li>
<code class="language-plaintext highlighter-rouge">mode</code>: The permissions for the file that is mounted within the service’s task containers, in octal notation. For instance, <code class="language-plaintext highlighter-rouge">0444</code> represents world-readable. The default is <code class="language-plaintext highlighter-rouge">0444</code>. Configs cannot be writable because they are mounted in a temporary filesystem, so if you set the writable bit, it is ignored. The executable bit can be set. If you aren’t familiar with UNIX file permission modes, you may find this <a href="http://permissions-calculator.org/" target="_blank" rel="noopener" class="_">permissions calculator</a> useful.</li> </ul> <p>The following example sets the name of <code class="language-plaintext highlighter-rouge">my_config</code> to <code class="language-plaintext highlighter-rouge">redis_config</code> within the container, sets the mode to <code class="language-plaintext highlighter-rouge">0440</code> (group-readable) and sets the user and group to <code class="language-plaintext highlighter-rouge">103</code>. The <code class="language-plaintext highlighter-rouge">redis</code> service does not have access to the <code class="language-plaintext highlighter-rouge">my_other_config</code> config.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  redis:
    image: redis:latest
    deploy:
      replicas: 1
    configs:
      - source: my_config
        target: /redis_config
        uid: '103'
        gid: '103'
        mode: 0440
configs:
  my_config:
    file: ./my_config.txt
  my_other_config:
    external: true
</pre></div> <p>You can grant a service access to multiple configs and you can mix long and short syntax. Defining a config does not imply granting a service access to it.</p> <h3 id="container_name">container_name</h3> <p>Specify a custom container name, rather than a generated default name.</p> <div class="highlight"><pre class="highlight" data-language="">container_name: my-web-container
</pre></div> <p>Because Docker container names must be unique, you cannot scale a service beyond 1 container if you have specified a custom name. Attempting to do so results in an error.</p> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">container_name</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a></p> </blockquote> <h3 id="credential_spec">credential_spec</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-33">version 3.3</a> file format.</p> <p>The <code class="language-plaintext highlighter-rouge">credential_spec</code> option was added in v3.3. Using group Managed Service Account (gMSA) configurations with compose files is supported in file format version 3.8 or up.</p> </blockquote> <p>Configure the credential spec for managed service account. This option is only used for services using Windows containers. The <code class="language-plaintext highlighter-rouge">credential_spec</code> must be in the format <code class="language-plaintext highlighter-rouge">file://&lt;filename&gt;</code> or <code class="language-plaintext highlighter-rouge">registry://&lt;value-name&gt;</code>.</p> <p>When using <code class="language-plaintext highlighter-rouge">file:</code>, the referenced file must be present in the <code class="language-plaintext highlighter-rouge">CredentialSpecs</code> subdirectory in the Docker data directory, which defaults to <code class="language-plaintext highlighter-rouge">C:\ProgramData\Docker\</code> on Windows. The following example loads the credential spec from a file named <code class="language-plaintext highlighter-rouge">C:\ProgramData\Docker\CredentialSpecs\my-credential-spec.json</code>.</p> <div class="highlight"><pre class="highlight" data-language="">credential_spec:
  file: my-credential-spec.json
</pre></div> <p>When using <code class="language-plaintext highlighter-rouge">registry:</code>, the credential spec is read from the Windows registry on the daemon’s host. A registry value with the given name must be located in:</p> <div class="highlight"><pre class="highlight" data-language="">HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Containers\CredentialSpecs
</pre></div> <p>The following example load the credential spec from a value named <code class="language-plaintext highlighter-rouge">my-credential-spec</code> in the registry:</p> <div class="highlight"><pre class="highlight" data-language="">credential_spec:
  registry: my-credential-spec
</pre></div> <h4 id="example-gmsa-configuration">Example gMSA configuration</h4> <p>When configuring a gMSA credential spec for a service, you only need to specify a credential spec with <code class="language-plaintext highlighter-rouge">config</code>, as shown in the following example:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  myservice:
    image: myimage:latest
    credential_spec:
      config: my_credential_spec

configs:
  my_credentials_spec:
    file: ./my-credential-spec.json|
</pre></div> <h3 id="depends_on">depends_on</h3> <p>Express dependency between services. Service dependencies cause the following behaviors:</p> <ul> <li>
<code class="language-plaintext highlighter-rouge">docker-compose up</code> starts services in dependency order. In the following example, <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">redis</code> are started before <code class="language-plaintext highlighter-rouge">web</code>.</li> <li>
<code class="language-plaintext highlighter-rouge">docker-compose up SERVICE</code> automatically includes <code class="language-plaintext highlighter-rouge">SERVICE</code>’s dependencies. In the example below, <code class="language-plaintext highlighter-rouge">docker-compose up web</code> also creates and starts <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">redis</code>.</li> <li>
<code class="language-plaintext highlighter-rouge">docker-compose stop</code> stops services in dependency order. In the following example, <code class="language-plaintext highlighter-rouge">web</code> is stopped before <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">redis</code>.</li> </ul> <p>Simple example:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  web:
    build: .
    depends_on:
      - db
      - redis
  redis:
    image: redis
  db:
    image: postgres
</pre></div> <blockquote> <p>There are several things to be aware of when using <code class="language-plaintext highlighter-rouge">depends_on</code>:</p> <ul> <li>
<code class="language-plaintext highlighter-rouge">depends_on</code> does not wait for <code class="language-plaintext highlighter-rouge">db</code> and <code class="language-plaintext highlighter-rouge">redis</code> to be “ready” before starting <code class="language-plaintext highlighter-rouge">web</code> - only until they have been started. If you need to wait for a service to be ready, see <a href="../../startup-order/index">Controlling startup order</a> for more on this problem and strategies for solving it.</li> <li>The <code class="language-plaintext highlighter-rouge">depends_on</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a> with a version 3 Compose file.</li> </ul> </blockquote> <h3 id="deploy">deploy</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-3">version 3</a> file format.</p> </blockquote> <p>Specify configuration related to the deployment and running of services. The following<br> sub-options only takes effect when deploying to a <a href="../../../engine/swarm/index">swarm</a> with <a href="../../../engine/reference/commandline/stack_deploy/index">docker stack deploy</a>, and is ignored by <code class="language-plaintext highlighter-rouge">docker-compose up</code> and <code class="language-plaintext highlighter-rouge">docker-compose run</code>, except for <code class="language-plaintext highlighter-rouge">resources</code>.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  redis:
    image: redis:alpine
    deploy:
      replicas: 6
      placement:
        max_replicas_per_node: 1
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure
</pre></div> <p>Several sub-options are available:</p> <h4 id="endpoint_mode">endpoint_mode</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-32">version 3.2</a> file format.</p> </blockquote> <p>Specify a service discovery method for external clients connecting to a swarm.</p> <ul> <li> <p><code class="language-plaintext highlighter-rouge">endpoint_mode: vip</code> - Docker assigns the service a virtual IP (VIP) that acts as the front end for clients to reach the service on a network. Docker routes requests between the client and available worker nodes for the service, without client knowledge of how many nodes are participating in the service or their IP addresses or ports. (This is the default.)</p> </li> <li> <p><code class="language-plaintext highlighter-rouge">endpoint_mode: dnsrr</code> - DNS round-robin (DNSRR) service discovery does not use a single virtual IP. Docker sets up DNS entries for the service such that a DNS query for the service name returns a list of IP addresses, and the client connects directly to one of these. DNS round-robin is useful in cases where you want to use your own load balancer, or for Hybrid Windows and Linux applications.</p> </li> </ul> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"

services:
  wordpress:
    image: wordpress
    ports:
      - "8080:80"
    networks:
      - overlay
    deploy:
      mode: replicated
      replicas: 2
      endpoint_mode: vip

  mysql:
    image: mysql
    volumes:
       - db-data:/var/lib/mysql/data
    networks:
       - overlay
    deploy:
      mode: replicated
      replicas: 2
      endpoint_mode: dnsrr

volumes:
  db-data:

networks:
  overlay:
</pre></div> <p>The options for <code class="language-plaintext highlighter-rouge">endpoint_mode</code> also work as flags on the swarm mode CLI command <a href="../../../engine/reference/commandline/service_create/index">docker service create</a>. For a quick list of all swarm related <code class="language-plaintext highlighter-rouge">docker</code> commands, see <a href="../../../engine/swarm/index#swarm-mode-key-concepts-and-tutorial">Swarm mode CLI commands</a>.</p> <p>To learn more about service discovery and networking in swarm mode, see <a href="https://docs.docker.com/network/overlay#configure-service-discovery">Configure service discovery</a> in the swarm mode topics.</p> <h4 id="labels-1">labels</h4> <p>Specify labels for the service. These labels are <em>only</em> set on the service, and <em>not</em> on any containers for the service.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  web:
    image: web
    deploy:
      labels:
        com.example.description: "This label will appear on the web service"
</pre></div> <p>To set labels on containers instead, use the <code class="language-plaintext highlighter-rouge">labels</code> key outside of <code class="language-plaintext highlighter-rouge">deploy</code>:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  web:
    image: web
    labels:
      com.example.description: "This label will appear on all containers for the web service"
</pre></div> <h4 id="mode">mode</h4> <p>Either <code class="language-plaintext highlighter-rouge">global</code> (exactly one container per swarm node) or <code class="language-plaintext highlighter-rouge">replicated</code> (a specified number of containers). The default is <code class="language-plaintext highlighter-rouge">replicated</code>. (To learn more, see <a href="../../../engine/swarm/how-swarm-mode-works/services/index#replicated-and-global-services">Replicated and global services</a> in the <a href="../../../engine/swarm/index">swarm</a> topics.)</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  worker:
    image: dockersamples/examplevotingapp_worker
    deploy:
      mode: global
</pre></div> <h4 id="placement">placement</h4> <p>Specify placement of constraints and preferences. See the docker service create documentation for a full description of the syntax and available types of <a href="../../../engine/reference/commandline/service_create/index#specify-service-constraints---constraint">constraints</a>, <a href="../../../engine/reference/commandline/service_create/index#specify-service-placement-preferences---placement-pref">preferences</a>, and <a href="../../../engine/reference/commandline/service_create/index#specify-maximum-replicas-per-node---replicas-max-per-node">specifying the maximum replicas per node</a></p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  db:
    image: postgres
    deploy:
      placement:
        constraints:
          - "node.role==manager"
          - "engine.labels.operatingsystem==ubuntu 18.04"
        preferences:
          - spread: node.labels.zone
</pre></div> <h4 id="max_replicas_per_node">max_replicas_per_node</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-38">version 3.8</a> file format.</p> </blockquote> <p>If the service is <code class="language-plaintext highlighter-rouge">replicated</code> (which is the default), <a href="../../../engine/reference/commandline/service_create/index#specify-maximum-replicas-per-node---replicas-max-per-node">limit the number of replicas</a> that can run on a node at any time.</p> <p>When there are more tasks requested than running nodes, an error <code class="language-plaintext highlighter-rouge">no suitable node (max replicas per node limit exceed)</code> is raised.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  worker:
    image: dockersamples/examplevotingapp_worker
    networks:
      - frontend
      - backend
    deploy:
      mode: replicated
      replicas: 6
      placement:
        max_replicas_per_node: 1
</pre></div> <h4 id="replicas">replicas</h4> <p>If the service is <code class="language-plaintext highlighter-rouge">replicated</code> (which is the default), specify the number of containers that should be running at any given time.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  worker:
    image: dockersamples/examplevotingapp_worker
    networks:
      - frontend
      - backend
    deploy:
      mode: replicated
      replicas: 6
</pre></div> <h4 id="resources">resources</h4> <p>Configures resource constraints.</p> <blockquote> <p>Changed in compose-file version 3</p> <p>The <code class="language-plaintext highlighter-rouge">resources</code> section replaces the <a href="../compose-file-v2/index#cpu-and-other-resources">older resource constraint options</a> in Compose files prior to version 3 (<code class="language-plaintext highlighter-rouge">cpu_shares</code>, <code class="language-plaintext highlighter-rouge">cpu_quota</code>, <code class="language-plaintext highlighter-rouge">cpuset</code>, <code class="language-plaintext highlighter-rouge">mem_limit</code>, <code class="language-plaintext highlighter-rouge">memswap_limit</code>, <code class="language-plaintext highlighter-rouge">mem_swappiness</code>). Refer to <a href="../compose-versioning/index#upgrading">Upgrading version 2.x to 3.x</a> to learn about differences between version 2 and 3 of the compose-file format.</p> </blockquote> <p>Each of these is a single value, analogous to its <a href="../../../engine/reference/commandline/service_create/index">docker service create</a> counterpart.</p> <p>In this general example, the <code class="language-plaintext highlighter-rouge">redis</code> service is constrained to use no more than 50M of memory and <code class="language-plaintext highlighter-rouge">0.50</code> (50% of a single core) of available processing time (CPU), and has <code class="language-plaintext highlighter-rouge">20M</code> of memory and <code class="language-plaintext highlighter-rouge">0.25</code> CPU time reserved (as always available to it).</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  redis:
    image: redis:alpine
    deploy:
      resources:
        limits:
          cpus: '0.50'
          memory: 50M
        reservations:
          cpus: '0.25'
          memory: 20M
</pre></div> <p>The topics below describe available options to set resource constraints on services or containers in a swarm.</p> <blockquote class="important"> <p>Looking for options to set resources on non swarm mode containers?</p> <p>The options described here are specific to the <code class="language-plaintext highlighter-rouge">deploy</code> key and swarm mode. If you want to set resource constraints on non swarm deployments, use <a href="../compose-file-v2/index#cpu-and-other-resources">Compose file format version 2 CPU, memory, and other resource options</a>. If you have further questions, refer to the discussion on the GitHub issue <a href="https://github.com/docker/compose/issues/4513" target="_blank" rel="noopener" class="_">docker/compose/4513</a>.</p> </blockquote> <h5 id="out-of-memory-exceptions-oome">Out Of Memory Exceptions (OOME)</h5> <p>If your services or containers attempt to use more memory than the system has available, you may experience an Out Of Memory Exception (OOME) and a container, or the Docker daemon, might be killed by the kernel OOM killer. To prevent this from happening, ensure that your application runs on hosts with adequate memory and see <a href="https://docs.docker.com/config/containers/resource_constraints/#understand-the-risks-of-running-out-of-memory">Understand the risks of running out of memory</a>.</p> <h4 id="restart_policy">restart_policy</h4> <p>Configures if and how to restart containers when they exit. Replaces <a href="../compose-file-v2/index#orig-resources"><code class="language-plaintext highlighter-rouge">restart</code></a>.</p> <ul> <li>
<code class="language-plaintext highlighter-rouge">condition</code>: One of <code class="language-plaintext highlighter-rouge">none</code>, <code class="language-plaintext highlighter-rouge">on-failure</code> or <code class="language-plaintext highlighter-rouge">any</code> (default: <code class="language-plaintext highlighter-rouge">any</code>).</li> <li>
<code class="language-plaintext highlighter-rouge">delay</code>: How long to wait between restart attempts, specified as a <a href="#specifying-durations">duration</a> (default: 5s).</li> <li>
<code class="language-plaintext highlighter-rouge">max_attempts</code>: How many times to attempt to restart a container before giving up (default: never give up). If the restart does not succeed within the configured <code class="language-plaintext highlighter-rouge">window</code>, this attempt doesn’t count toward the configured <code class="language-plaintext highlighter-rouge">max_attempts</code> value. For example, if <code class="language-plaintext highlighter-rouge">max_attempts</code> is set to ‘2’, and the restart fails on the first attempt, more than two restarts may be attempted.</li> <li>
<code class="language-plaintext highlighter-rouge">window</code>: How long to wait before deciding if a restart has succeeded, specified as a <a href="#specifying-durations">duration</a> (default: decide immediately).</li> </ul> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  redis:
    image: redis:alpine
    deploy:
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
        window: 120s
</pre></div> <h4 id="rollback_config">rollback_config</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-37">version 3.7</a> file format.</p> </blockquote> <p>Configures how the service should be rollbacked in case of a failing update.</p> <ul> <li>
<code class="language-plaintext highlighter-rouge">parallelism</code>: The number of containers to rollback at a time. If set to 0, all containers rollback simultaneously.</li> <li>
<code class="language-plaintext highlighter-rouge">delay</code>: The time to wait between each container group’s rollback (default 0s).</li> <li>
<code class="language-plaintext highlighter-rouge">failure_action</code>: What to do if a rollback fails. One of <code class="language-plaintext highlighter-rouge">continue</code> or <code class="language-plaintext highlighter-rouge">pause</code> (default <code class="language-plaintext highlighter-rouge">pause</code>)</li> <li>
<code class="language-plaintext highlighter-rouge">monitor</code>: Duration after each task update to monitor for failure <code class="language-plaintext highlighter-rouge">(ns|us|ms|s|m|h)</code> (default 5s) <strong>Note</strong>: Setting to 0 will use the default 5s.</li> <li>
<code class="language-plaintext highlighter-rouge">max_failure_ratio</code>: Failure rate to tolerate during a rollback (default 0).</li> <li>
<code class="language-plaintext highlighter-rouge">order</code>: Order of operations during rollbacks. One of <code class="language-plaintext highlighter-rouge">stop-first</code> (old task is stopped before starting new one), or <code class="language-plaintext highlighter-rouge">start-first</code> (new task is started first, and the running tasks briefly overlap) (default <code class="language-plaintext highlighter-rouge">stop-first</code>).</li> </ul> <h4 id="update_config">update_config</h4> <p>Configures how the service should be updated. Useful for configuring rolling updates.</p> <ul> <li>
<code class="language-plaintext highlighter-rouge">parallelism</code>: The number of containers to update at a time.</li> <li>
<code class="language-plaintext highlighter-rouge">delay</code>: The time to wait between updating a group of containers.</li> <li>
<code class="language-plaintext highlighter-rouge">failure_action</code>: What to do if an update fails. One of <code class="language-plaintext highlighter-rouge">continue</code>, <code class="language-plaintext highlighter-rouge">rollback</code>, or <code class="language-plaintext highlighter-rouge">pause</code> (default: <code class="language-plaintext highlighter-rouge">pause</code>).</li> <li>
<code class="language-plaintext highlighter-rouge">monitor</code>: Duration after each task update to monitor for failure <code class="language-plaintext highlighter-rouge">(ns|us|ms|s|m|h)</code> (default 5s) <strong>Note</strong>: Setting to 0 will use the default 5s.</li> <li>
<code class="language-plaintext highlighter-rouge">max_failure_ratio</code>: Failure rate to tolerate during an update.</li> <li>
<code class="language-plaintext highlighter-rouge">order</code>: Order of operations during updates. One of <code class="language-plaintext highlighter-rouge">stop-first</code> (old task is stopped before starting new one), or <code class="language-plaintext highlighter-rouge">start-first</code> (new task is started first, and the running tasks briefly overlap) (default <code class="language-plaintext highlighter-rouge">stop-first</code>) <strong>Note</strong>: Only supported for v3.4 and higher.</li> </ul> <blockquote> <p>Added in <a href="../compose-versioning/index#version-34">version 3.4</a> file format.</p> <p>The <code class="language-plaintext highlighter-rouge">order</code> option is only supported by v3.4 and higher of the compose file format.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  vote:
    image: dockersamples/examplevotingapp_vote:before
    depends_on:
      - redis
    deploy:
      replicas: 2
      update_config:
        parallelism: 2
        delay: 10s
        order: stop-first
</pre></div> <h4 id="not-supported-for-docker-stack-deploy">Not supported for <code class="language-plaintext highlighter-rouge">docker stack deploy</code>
</h4> <p>The following sub-options (supported for <code class="language-plaintext highlighter-rouge">docker-compose up</code> and <code class="language-plaintext highlighter-rouge">docker-compose run</code>) are <em>not supported</em> for <code class="language-plaintext highlighter-rouge">docker stack deploy</code> or the <code class="language-plaintext highlighter-rouge">deploy</code> key.</p> <ul> <li><a href="#build">build</a></li> <li><a href="#cgroup_parent">cgroup_parent</a></li> <li><a href="#container_name">container_name</a></li> <li><a href="#devices">devices</a></li> <li><a href="#tmpfs">tmpfs</a></li> <li><a href="#external_links">external_links</a></li> <li><a href="#links">links</a></li> <li><a href="#network_mode">network_mode</a></li> <li><a href="#restart">restart</a></li> <li><a href="#security_opt">security_opt</a></li> <li><a href="#userns_mode">userns_mode</a></li> </ul> <blockquote> <p>Tip</p> <p>See the section on <a href="#volumes-for-services-swarms-and-stack-files">how to configure volumes for services, swarms, and docker-stack.yml files</a>. Volumes <em>are</em> supported but to work with swarms and services, they must be configured as named volumes or associated with services that are constrained to nodes with access to the requisite volumes.</p> </blockquote> <h3 id="devices">devices</h3> <p>List of device mappings. Uses the same format as the <code class="language-plaintext highlighter-rouge">--device</code> docker client create option.</p> <div class="highlight"><pre class="highlight" data-language="">devices:
  - "/dev/ttyUSB0:/dev/ttyUSB0"
</pre></div> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">devices</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a></p> </blockquote> <h3 id="dns">dns</h3> <p>Custom DNS servers. Can be a single value or a list.</p> <div class="highlight"><pre class="highlight" data-language="">dns: 8.8.8.8
</pre></div> <div class="highlight"><pre class="highlight" data-language="">dns:
  - 8.8.8.8
  - 9.9.9.9
</pre></div> <h3 id="dns_search">dns_search</h3> <p>Custom DNS search domains. Can be a single value or a list.</p> <div class="highlight"><pre class="highlight" data-language="">dns_search: example.com
</pre></div> <div class="highlight"><pre class="highlight" data-language="">dns_search:
  - dc1.example.com
  - dc2.example.com
</pre></div> <h3 id="entrypoint">entrypoint</h3> <p>Override the default entrypoint.</p> <div class="highlight"><pre class="highlight" data-language="">entrypoint: /code/entrypoint.sh
</pre></div> <p>The entrypoint can also be a list, in a manner similar to <a href="../../../engine/reference/builder/index#entrypoint">dockerfile</a>:</p> <div class="highlight"><pre class="highlight" data-language="">entrypoint: ["php", "-d", "memory_limit=-1", "vendor/bin/phpunit"]
</pre></div> <blockquote> <p><strong>Note</strong></p> <p>Setting <code class="language-plaintext highlighter-rouge">entrypoint</code> both overrides any default entrypoint set on the service’s image with the <code class="language-plaintext highlighter-rouge">ENTRYPOINT</code> Dockerfile instruction, <em>and</em> clears out any default command on the image - meaning that if there’s a <code class="language-plaintext highlighter-rouge">CMD</code> instruction in the Dockerfile, it is ignored.</p> </blockquote> <h3 id="env_file">env_file</h3> <p>Add environment variables from a file. Can be a single value or a list.</p> <p>If you have specified a Compose file with <code class="language-plaintext highlighter-rouge">docker-compose -f FILE</code>, paths in <code class="language-plaintext highlighter-rouge">env_file</code> are relative to the directory that file is in.</p> <p>Environment variables declared in the <a href="#environment">environment</a> section <em>override</em> these values – this holds true even if those values are empty or undefined.</p> <div class="highlight"><pre class="highlight" data-language="">env_file: .env
</pre></div> <div class="highlight"><pre class="highlight" data-language="">env_file:
  - ./common.env
  - ./apps/web.env
  - /opt/runtime_opts.env
</pre></div> <p>Compose expects each line in an env file to be in <code class="language-plaintext highlighter-rouge">VAR=VAL</code> format. Lines beginning with <code class="language-plaintext highlighter-rouge">#</code> are treated as comments and are ignored. Blank lines are also ignored.</p> <div class="highlight"><pre class="highlight" data-language=""># Set Rails/Rack environment
RACK_ENV=development
</pre></div> <p>Compose also recognizes inline comments, like in:</p> <div class="highlight"><pre class="highlight" data-language="">MY_VAR = value # this is a comment
</pre></div> <p>To avoid interpreting “#” as an inline comment, use the quotation marks:</p> <div class="highlight"><pre class="highlight" data-language="">MY_VAR = "All the # inside are taken as part of the value"
</pre></div> <blockquote> <p><strong>Note</strong></p> <p>If your service specifies a <a href="#build">build</a> option, variables defined in environment files are <em>not</em> automatically visible during the build. Use the <a href="#args">args</a> sub-option of <code class="language-plaintext highlighter-rouge">build</code> to define build-time environment variables.</p> </blockquote> <p>The value of <code class="language-plaintext highlighter-rouge">VAL</code> is used as is and not modified at all. For example if the value is surrounded by quotes (as is often the case of shell variables), the quotes are included in the value passed to Compose.</p> <p>Keep in mind that <em>the order of files in the list is significant in determining the value assigned to a variable that shows up more than once</em>. The files in the list are processed from the top down. For the same variable specified in file <code class="language-plaintext highlighter-rouge">a.env</code> and assigned a different value in file <code class="language-plaintext highlighter-rouge">b.env</code>, if <code class="language-plaintext highlighter-rouge">b.env</code> is listed below (after), then the value from <code class="language-plaintext highlighter-rouge">b.env</code> stands. For example, given the following declaration in <code class="language-plaintext highlighter-rouge">docker-compose.yml</code>:</p> <div class="highlight"><pre class="highlight" data-language="">services:
  some-service:
    env_file:
      - a.env
      - b.env
</pre></div> <p>And the following files:</p> <div class="highlight"><pre class="highlight" data-language=""># a.env
VAR=1
</pre></div> <p>and</p> <div class="highlight"><pre class="highlight" data-language=""># b.env
VAR=hello
</pre></div> <p><code class="language-plaintext highlighter-rouge">$VAR</code> is <code class="language-plaintext highlighter-rouge">hello</code>.</p> <h3 id="environment">environment</h3> <p>Add environment variables. You can use either an array or a dictionary. Any boolean values (true, false, yes, no) need to be enclosed in quotes to ensure they are not converted to True or False by the YML parser.</p> <p>Environment variables with only a key are resolved to their values on the machine Compose is running on, which can be helpful for secret or host-specific values.</p> <div class="highlight"><pre class="highlight" data-language="">environment:
  RACK_ENV: development
  SHOW: 'true'
  SESSION_SECRET:
</pre></div> <div class="highlight"><pre class="highlight" data-language="">environment:
  - RACK_ENV=development
  - SHOW=true
  - SESSION_SECRET
</pre></div> <blockquote> <p><strong>Note</strong></p> <p>If your service specifies a <a href="#build">build</a> option, variables defined in <code class="language-plaintext highlighter-rouge">environment</code> are <em>not</em> automatically visible during the build. Use the <a href="#args">args</a> sub-option of <code class="language-plaintext highlighter-rouge">build</code> to define build-time environment variables.</p> </blockquote> <h3 id="expose">expose</h3> <p>Expose ports without publishing them to the host machine - they’ll only be accessible to linked services. Only the internal port can be specified.</p> <div class="highlight"><pre class="highlight" data-language="">expose:
  - "3000"
  - "8000"
</pre></div> <h3 id="external_links">external_links</h3> <p>Link to containers started outside this <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> or even outside of Compose, especially for containers that provide shared or common services. <code class="language-plaintext highlighter-rouge">external_links</code> follow semantics similar to the legacy option <code class="language-plaintext highlighter-rouge">links</code> when specifying both the container name and the link alias (<code class="language-plaintext highlighter-rouge">CONTAINER:ALIAS</code>).</p> <div class="highlight"><pre class="highlight" data-language="">external_links:
  - redis_1
  - project_db_1:mysql
  - project_db_1:postgresql
</pre></div> <blockquote> <p><strong>Note</strong></p> <p>The externally-created containers must be connected to at least one of the same networks as the service that is linking to them. <a href="../compose-file-v2/index#links">Links</a> are a legacy option. We recommend using <a href="#networks">networks</a> instead.</p> </blockquote> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">external_links</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a></p> </blockquote> <h3 id="extra_hosts">extra_hosts</h3> <p>Add hostname mappings. Use the same values as the docker client <code class="language-plaintext highlighter-rouge">--add-host</code> parameter.</p> <div class="highlight"><pre class="highlight" data-language="">extra_hosts:
  - "somehost:162.242.195.82"
  - "otherhost:50.31.209.229"
</pre></div> <p>An entry with the ip address and hostname is created in <code class="language-plaintext highlighter-rouge">/etc/hosts</code> inside containers for this service, e.g:</p> <div class="highlight"><pre class="highlight" data-language="">162.242.195.82  somehost
50.31.209.229   otherhost
</pre></div> <h3 id="healthcheck">healthcheck</h3> <p>Configure a check that’s run to determine whether or not containers for this service are “healthy”. See the docs for the <a href="../../../engine/reference/builder/index#healthcheck">HEALTHCHECK Dockerfile instruction</a> for details on how healthchecks work.</p> <div class="highlight"><pre class="highlight" data-language="">healthcheck:
  test: ["CMD", "curl", "-f", "http://localhost"]
  interval: 1m30s
  timeout: 10s
  retries: 3
  start_period: 40s
</pre></div> <p><code class="language-plaintext highlighter-rouge">interval</code>, <code class="language-plaintext highlighter-rouge">timeout</code> and <code class="language-plaintext highlighter-rouge">start_period</code> are specified as <a href="#specifying-durations">durations</a>.</p> <blockquote> <p>Added in <a href="../compose-versioning/index#version-34">version 3.4</a> file format.</p> <p>The <code class="language-plaintext highlighter-rouge">start_period</code> option was added in file format 3.4.</p> </blockquote> <p><code class="language-plaintext highlighter-rouge">test</code> must be either a string or a list. If it’s a list, the first item must be either <code class="language-plaintext highlighter-rouge">NONE</code>, <code class="language-plaintext highlighter-rouge">CMD</code> or <code class="language-plaintext highlighter-rouge">CMD-SHELL</code>. If it’s a string, it’s equivalent to specifying <code class="language-plaintext highlighter-rouge">CMD-SHELL</code> followed by that string.</p> <div class="highlight"><pre class="highlight" data-language=""># Hit the local web app
test: ["CMD", "curl", "-f", "http://localhost"]
</pre></div> <p>As above, but wrapped in <code class="language-plaintext highlighter-rouge">/bin/sh</code>. Both forms below are equivalent.</p> <div class="highlight"><pre class="highlight" data-language="">test: ["CMD-SHELL", "curl -f http://localhost || exit 1"]
</pre></div> <div class="highlight"><pre class="highlight" data-language="">test: curl -f https://localhost || exit 1
</pre></div> <p>To disable any default healthcheck set by the image, you can use <code class="language-plaintext highlighter-rouge">disable: true</code>. This is equivalent to specifying <code class="language-plaintext highlighter-rouge">test: ["NONE"]</code>.</p> <div class="highlight"><pre class="highlight" data-language="">healthcheck:
  disable: true
</pre></div> <h3 id="image">image</h3> <p>Specify the image to start the container from. Can either be a repository/tag or a partial image ID.</p> <div class="highlight"><pre class="highlight" data-language="">image: redis
</pre></div> <div class="highlight"><pre class="highlight" data-language="">image: ubuntu:18.04
</pre></div> <div class="highlight"><pre class="highlight" data-language="">image: tutum/influxdb
</pre></div> <div class="highlight"><pre class="highlight" data-language="">image: example-registry.com:4000/postgresql
</pre></div> <div class="highlight"><pre class="highlight" data-language="">image: a4bc65fd
</pre></div> <p>If the image does not exist, Compose attempts to pull it, unless you have also specified <a href="#build">build</a>, in which case it builds it using the specified options and tags it with the specified tag.</p> <h3 id="init">init</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-37">version 3.7</a> file format.</p> </blockquote> <p>Run an init inside the container that forwards signals and reaps processes. Set this option to <code class="language-plaintext highlighter-rouge">true</code> to enable this feature for the service.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  web:
    image: alpine:latest
    init: true
</pre></div> <blockquote> <p>The default init binary that is used is <a href="https://github.com/krallin/tini">Tini</a>, and is installed in <code class="language-plaintext highlighter-rouge">/usr/libexec/docker-init</code> on the daemon host. You can configure the daemon to use a custom init binary through the <a href="../../../engine/reference/commandline/dockerd/index#daemon-configuration-file"><code class="language-plaintext highlighter-rouge">init-path</code> configuration option</a>.</p> </blockquote> <h3 id="isolation">isolation</h3> <p>Specify a container’s isolation technology. On Linux, the only supported value is <code class="language-plaintext highlighter-rouge">default</code>. On Windows, acceptable values are <code class="language-plaintext highlighter-rouge">default</code>, <code class="language-plaintext highlighter-rouge">process</code> and <code class="language-plaintext highlighter-rouge">hyperv</code>. Refer to the <a href="../../../engine/reference/commandline/run/index#specify-isolation-technology-for-container---isolation">Docker Engine docs</a> for details.</p> <h3 id="labels-2">labels</h3> <p>Add metadata to containers using <a href="https://docs.docker.com/config/labels-custom-metadata/">Docker labels</a>. You can use either an array or a dictionary.</p> <p>It’s recommended that you use reverse-DNS notation to prevent your labels from conflicting with those used by other software.</p> <div class="highlight"><pre class="highlight" data-language="">labels:
  com.example.description: "Accounting webapp"
  com.example.department: "Finance"
  com.example.label-with-empty-value: ""
</pre></div> <div class="highlight"><pre class="highlight" data-language="">labels:
  - "com.example.description=Accounting webapp"
  - "com.example.department=Finance"
  - "com.example.label-with-empty-value"
</pre></div> <h3 id="links">links</h3> <blockquote class="warning"> <p><strong>Warning</strong></p> <p>The <code class="language-plaintext highlighter-rouge">--link</code> flag is a legacy feature of Docker. It may eventually be removed. Unless you absolutely need to continue using it, we recommend that you use <a href="../../networking/index">user-defined networks</a> to facilitate communication between two containers instead of using <code class="language-plaintext highlighter-rouge">--link</code>.</p> <p>One feature that user-defined networks do not support that you can do with <code class="language-plaintext highlighter-rouge">--link</code> is sharing environmental variables between containers. However, you can use other mechanisms such as volumes to share environment variables between containers in a more controlled way.</p> </blockquote> <p>Link to containers in another service. Either specify both the service name and a link alias (<code class="language-plaintext highlighter-rouge">"SERVICE:ALIAS"</code>), or just the service name.</p> <div class="highlight"><pre class="highlight" data-language="">web:
  links:
    - "db"
    - "db:database"
    - "redis"
</pre></div> <p>Containers for the linked service are reachable at a hostname identical to the alias, or the service name if no alias was specified.</p> <p>Links are not required to enable services to communicate - by default, any service can reach any other service at that service’s name. (See also, the <a href="../../networking/index#links">Links topic in Networking in Compose</a>.)</p> <p>Links also express dependency between services in the same way as <a href="#depends_on">depends_on</a>, so they determine the order of service startup.</p> <blockquote> <p><strong>Note</strong></p> <p>If you define both links and <a href="#networks">networks</a>, services with links between them must share at least one network in common to communicate.</p> </blockquote> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">links</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a></p> </blockquote> <h3 id="logging">logging</h3> <p>Logging configuration for the service.</p> <div class="highlight"><pre class="highlight" data-language="">logging:
  driver: syslog
  options:
    syslog-address: "tcp://192.168.0.42:123"
</pre></div> <p>The <code class="language-plaintext highlighter-rouge">driver</code> name specifies a logging driver for the service’s containers, as with the <code class="language-plaintext highlighter-rouge">--log-driver</code> option for docker run (<a href="https://docs.docker.com/config/containers/logging/configure/">documented here</a>).</p> <p>The default value is json-file.</p> <div class="highlight"><pre class="highlight" data-language="">driver: "json-file"
</pre></div> <div class="highlight"><pre class="highlight" data-language="">driver: "syslog"
</pre></div> <div class="highlight"><pre class="highlight" data-language="">driver: "none"
</pre></div> <blockquote> <p><strong>Note</strong></p> <p>Only the <code class="language-plaintext highlighter-rouge">json-file</code> and <code class="language-plaintext highlighter-rouge">journald</code> drivers make the logs available directly from <code class="language-plaintext highlighter-rouge">docker-compose up</code> and <code class="language-plaintext highlighter-rouge">docker-compose logs</code>. Using any other driver does not print any logs.</p> </blockquote> <p>Specify logging options for the logging driver with the <code class="language-plaintext highlighter-rouge">options</code> key, as with the <code class="language-plaintext highlighter-rouge">--log-opt</code> option for <code class="language-plaintext highlighter-rouge">docker run</code>.</p> <p>Logging options are key-value pairs. An example of <code class="language-plaintext highlighter-rouge">syslog</code> options:</p> <div class="highlight"><pre class="highlight" data-language="">driver: "syslog"
options:
  syslog-address: "tcp://192.168.0.42:123"
</pre></div> <p>The default driver <a href="https://docs.docker.com/config/containers/logging/json-file/">json-file</a>, has options to limit the amount of logs stored. To do this, use a key-value pair for maximum storage size and maximum number of files:</p> <div class="highlight"><pre class="highlight" data-language="">options:
  max-size: "200k"
  max-file: "10"
</pre></div> <p>The example shown above would store log files until they reach a <code class="language-plaintext highlighter-rouge">max-size</code> of 200kB, and then rotate them. The amount of individual log files stored is specified by the <code class="language-plaintext highlighter-rouge">max-file</code> value. As logs grow beyond the max limits, older log files are removed to allow storage of new logs.</p> <p>Here is an example <code class="language-plaintext highlighter-rouge">docker-compose.yml</code> file that limits logging storage:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  some-service:
    image: some-service
    logging:
      driver: "json-file"
      options:
        max-size: "200k"
        max-file: "10"
</pre></div> <blockquote> <p>Logging options available depend on which logging driver you use</p> <p>The above example for controlling log files and sizes uses options specific to the <a href="https://docs.docker.com/config/containers/logging/json-file/">json-file driver</a>. These particular options are not available on other logging drivers. For a full list of supported logging drivers and their options, refer to the <a href="https://docs.docker.com/config/containers/logging/configure/">logging drivers</a> documentation.</p> </blockquote> <h3 id="network_mode">network_mode</h3> <p>Network mode. Use the same values as the docker client <code class="language-plaintext highlighter-rouge">--network</code> parameter, plus the special form <code class="language-plaintext highlighter-rouge">service:[service name]</code>.</p> <div class="highlight"><pre class="highlight" data-language="">network_mode: "bridge"
</pre></div> <div class="highlight"><pre class="highlight" data-language="">network_mode: "host"
</pre></div> <div class="highlight"><pre class="highlight" data-language="">network_mode: "none"
</pre></div> <div class="highlight"><pre class="highlight" data-language="">network_mode: "service:[service name]"
</pre></div> <div class="highlight"><pre class="highlight" data-language="">network_mode: "container:[container name/id]"
</pre></div> <blockquote class="important"> <p><strong>Note</strong></p> <ul> <li>This option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a>.</li> <li>
<code class="language-plaintext highlighter-rouge">network_mode: "host"</code> cannot be mixed with <a href="#links">links</a>.</li> </ul> </blockquote> <h3 id="networks">networks</h3> <p>Networks to join, referencing entries under the <a href="#network-configuration-reference">top-level <code class="language-plaintext highlighter-rouge">networks</code> key</a>.</p> <div class="highlight"><pre class="highlight" data-language="">services:
  some-service:
    networks:
     - some-network
     - other-network
</pre></div> <h4 id="aliases">aliases</h4> <p>Aliases (alternative hostnames) for this service on the network. Other containers on the same network can use either the service name or this alias to connect to one of the service’s containers.</p> <p>Since <code class="language-plaintext highlighter-rouge">aliases</code> is network-scoped, the same service can have different aliases on different networks.</p> <blockquote> <p><strong>Note</strong></p> <p>A network-wide alias can be shared by multiple containers, and even by multiple services. If it is, then exactly which container the name resolves to is not guaranteed.</p> </blockquote> <p>The general format is shown here.</p> <div class="highlight"><pre class="highlight" data-language="">services:
  some-service:
    networks:
      some-network:
        aliases:
          - alias1
          - alias3
      other-network:
        aliases:
          - alias2
</pre></div> <p>In the example below, three services are provided (<code class="language-plaintext highlighter-rouge">web</code>, <code class="language-plaintext highlighter-rouge">worker</code>, and <code class="language-plaintext highlighter-rouge">db</code>), along with two networks (<code class="language-plaintext highlighter-rouge">new</code> and <code class="language-plaintext highlighter-rouge">legacy</code>). The <code class="language-plaintext highlighter-rouge">db</code> service is reachable at the hostname <code class="language-plaintext highlighter-rouge">db</code> or <code class="language-plaintext highlighter-rouge">database</code> on the <code class="language-plaintext highlighter-rouge">new</code> network, and at <code class="language-plaintext highlighter-rouge">db</code> or <code class="language-plaintext highlighter-rouge">mysql</code> on the <code class="language-plaintext highlighter-rouge">legacy</code> network.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"

services:
  web:
    image: "nginx:alpine"
    networks:
      - new

  worker:
    image: "my-worker-image:latest"
    networks:
      - legacy

  db:
    image: mysql
    networks:
      new:
        aliases:
          - database
      legacy:
        aliases:
          - mysql

networks:
  new:
  legacy:
</pre></div> <h4 id="ipv4_address-ipv6_address">ipv4_address, ipv6_address</h4> <p>Specify a static IP address for containers for this service when joining the network.</p> <p>The corresponding network configuration in the <a href="#network-configuration-reference">top-level networks section</a> must have an <code class="language-plaintext highlighter-rouge">ipam</code> block with subnet configurations covering each static address.</p> <p>If you’d like to use IPv6, you must first ensure that the Docker daemon is configured to support IPv6. See <a href="https://docs.docker.com/config/daemon/ipv6/">Enable IPv6</a> for detailed instructions. You can then access IPv6 addressing in a version 3.x Compose file by editing the <code class="language-plaintext highlighter-rouge">/etc/docker/daemon.json</code> to contain: <code class="language-plaintext highlighter-rouge">{"ipv6": true, "fixed-cidr-v6": "2001:db8:1::/64"}</code></p> <p>Then, reload the docker daemon and edit docker-compose.yml to contain the following under the service:</p> <div class="highlight"><pre class="highlight" data-language="">    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
</pre></div> <blockquote> <p>The <a href="../compose-file-v2/index#enable_ipv6"><code class="language-plaintext highlighter-rouge">enable_ipv6</code></a> option is only available in a <a href="../compose-file-v2/index#ipv4_address-ipv6_address">version 2.x Compose file</a>. <em>IPv6 options do not currently work in swarm mode</em>.</p> </blockquote> <p>An example:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"

services:
  app:
    image: nginx:alpine
    networks:
      app_net:
        ipv4_address: 172.16.238.10
        ipv6_address: 2001:3984:3989::10

networks:
  app_net:
    ipam:
      driver: default
      config:
        - subnet: "172.16.238.0/24"
        - subnet: "2001:3984:3989::/64"
</pre></div> <h3 id="pid">pid</h3> <div class="highlight"><pre class="highlight" data-language="">pid: "host"
</pre></div> <p>Sets the PID mode to the host PID mode. This turns on sharing between container and the host operating system the PID address space. Containers launched with this flag can access and manipulate other containers in the bare-metal machine’s namespace and vice versa.</p> <h3 id="ports">ports</h3> <p>Expose ports.</p> <blockquote> <p><strong>Note</strong></p> <p>Port mapping is incompatible with <code class="language-plaintext highlighter-rouge">network_mode: host</code></p> </blockquote> <blockquote> <p><strong>Note</strong></p> <p><code class="language-plaintext highlighter-rouge">docker-compose run</code> ignores <code class="language-plaintext highlighter-rouge">ports</code> unless you include <code class="language-plaintext highlighter-rouge">--service-ports</code>.</p> </blockquote> <h4 id="short-syntax-1">Short syntax</h4> <p>There are three options:</p> <ul> <li>Specify both ports (<code class="language-plaintext highlighter-rouge">HOST:CONTAINER</code>)</li> <li>Specify just the container port (an ephemeral host port is chosen for the host port).</li> <li>Specify the host IP address to bind to AND both ports (the default is 0.0.0.0, meaning all interfaces): (<code class="language-plaintext highlighter-rouge">IPADDR:HOSTPORT:CONTAINERPORT</code>). If HOSTPORT is empty (for example <code class="language-plaintext highlighter-rouge">127.0.0.1::80</code>), an ephemeral port is chosen to bind to on the host.</li> </ul> <blockquote> <p><strong>Note</strong></p> <p>When mapping ports in the <code class="language-plaintext highlighter-rouge">HOST:CONTAINER</code> format, you may experience erroneous results when using a container port lower than 60, because YAML parses numbers in the format <code class="language-plaintext highlighter-rouge">xx:yy</code> as a base-60 value. For this reason, we recommend always explicitly specifying your port mappings as strings.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">ports:
  - "3000"
  - "3000-3005"
  - "8000:8000"
  - "9090-9091:8080-8081"
  - "49100:22"
  - "127.0.0.1:8001:8001"
  - "127.0.0.1:5000-5010:5000-5010"
  - "127.0.0.1::5000"
  - "6060:6060/udp"
  - "12400-12500:1240"
</pre></div> <h4 id="long-syntax-1">Long syntax</h4> <p>The long form syntax allows the configuration of additional fields that can’t be expressed in the short form.</p> <ul> <li>
<code class="language-plaintext highlighter-rouge">target</code>: the port inside the container</li> <li>
<code class="language-plaintext highlighter-rouge">published</code>: the publicly exposed port</li> <li>
<code class="language-plaintext highlighter-rouge">protocol</code>: the port protocol (<code class="language-plaintext highlighter-rouge">tcp</code> or <code class="language-plaintext highlighter-rouge">udp</code>)</li> <li>
<code class="language-plaintext highlighter-rouge">mode</code>: <code class="language-plaintext highlighter-rouge">host</code> for publishing a host port on each node, or <code class="language-plaintext highlighter-rouge">ingress</code> for a swarm mode port to be load balanced.</li> </ul> <div class="highlight"><pre class="highlight" data-language="">ports:
  - target: 80
    published: 8080
    protocol: tcp
    mode: host
</pre></div> <blockquote> <p>Added in <a href="../compose-versioning/index#version-32">version 3.2</a> file format.</p> <p>The long syntax is new in the v3.2 file format.</p> </blockquote> <h3 id="profiles">profiles</h3> <div class="highlight"><pre class="highlight" data-language="">profiles: ["frontend", "debug"]
profiles:
  - frontend
  - debug
</pre></div> <p><code class="language-plaintext highlighter-rouge">profiles</code> defines a list of named profiles for the service to be enabled under. When not set, the service is <em>always</em> enabled. For the services that make up your core application you should omit <code class="language-plaintext highlighter-rouge">profiles</code> so they will always be started.</p> <p>Valid profile names follow the regex format <code class="language-plaintext highlighter-rouge">[a-zA-Z0-9][a-zA-Z0-9_.-]+</code>.</p> <p>See also <a href="../../profiles/index"><em>Using profiles with Compose</em></a> to learn more about profiles.</p> <h3 id="restart">restart</h3> <p><code class="language-plaintext highlighter-rouge">no</code> is the default <a href="https://docs.docker.com/config/containers/start-containers-automatically/#use-a-restart-policy">restart policy</a>, and it does not restart a container under any circumstance. When <code class="language-plaintext highlighter-rouge">always</code> is specified, the container always restarts. The <code class="language-plaintext highlighter-rouge">on-failure</code> policy restarts a container if the exit code indicates an on-failure error. <code class="language-plaintext highlighter-rouge">unless-stopped</code> always restarts a container, except when the container is stopped (manually or otherwise).</p> <div class="highlight"><pre class="highlight" data-language="">restart: "no"
restart: always
restart: on-failure
restart: unless-stopped
</pre></div> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">restart</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a>.</p> </blockquote> <h3 id="secrets">secrets</h3> <p>Grant access to secrets on a per-service basis using the per-service <code class="language-plaintext highlighter-rouge">secrets</code> configuration. Two different syntax variants are supported.</p> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The secret must already exist or be <a href="#secrets-configuration-reference">defined in the top-level <code class="language-plaintext highlighter-rouge">secrets</code> configuration</a> of the compose file, or stack deployment fails.</p> </blockquote> <p>For more information on secrets, see <a href="../../../engine/swarm/secrets/index">secrets</a>.</p> <h4 id="short-syntax-2">Short syntax</h4> <p>The short syntax variant only specifies the secret name. This grants the container access to the secret and mounts it at <code class="language-plaintext highlighter-rouge">/run/secrets/&lt;secret_name&gt;</code> within the container. The source name and destination mountpoint are both set to the secret name.</p> <p>The following example uses the short syntax to grant the <code class="language-plaintext highlighter-rouge">redis</code> service access to the <code class="language-plaintext highlighter-rouge">my_secret</code> and <code class="language-plaintext highlighter-rouge">my_other_secret</code> secrets. The value of <code class="language-plaintext highlighter-rouge">my_secret</code> is set to the contents of the file <code class="language-plaintext highlighter-rouge">./my_secret.txt</code>, and <code class="language-plaintext highlighter-rouge">my_other_secret</code> is defined as an external resource, which means that it has already been defined in Docker, either by running the <code class="language-plaintext highlighter-rouge">docker secret create</code> command or by another stack deployment. If the external secret does not exist, the stack deployment fails with a <code class="language-plaintext highlighter-rouge">secret not found</code> error.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  redis:
    image: redis:latest
    deploy:
      replicas: 1
    secrets:
      - my_secret
      - my_other_secret
secrets:
  my_secret:
    file: ./my_secret.txt
  my_other_secret:
    external: true
</pre></div> <h4 id="long-syntax-2">Long syntax</h4> <p>The long syntax provides more granularity in how the secret is created within the service’s task containers.</p> <ul> <li>
<code class="language-plaintext highlighter-rouge">source</code>: The identifier of the secret as it is defined in this configuration.</li> <li>
<code class="language-plaintext highlighter-rouge">target</code>: The name of the file to be mounted in <code class="language-plaintext highlighter-rouge">/run/secrets/</code> in the service’s task containers. Defaults to <code class="language-plaintext highlighter-rouge">source</code> if not specified.</li> <li>
<code class="language-plaintext highlighter-rouge">uid</code> and <code class="language-plaintext highlighter-rouge">gid</code>: The numeric UID or GID that owns the file within <code class="language-plaintext highlighter-rouge">/run/secrets/</code> in the service’s task containers. Both default to <code class="language-plaintext highlighter-rouge">0</code> if not specified.</li> <li>
<code class="language-plaintext highlighter-rouge">mode</code>: The permissions for the file to be mounted in <code class="language-plaintext highlighter-rouge">/run/secrets/</code> in the service’s task containers, in octal notation. For instance, <code class="language-plaintext highlighter-rouge">0444</code> represents world-readable. The default in Docker 1.13.1 is <code class="language-plaintext highlighter-rouge">0000</code>, but it is <code class="language-plaintext highlighter-rouge">0444</code> in newer versions. Secrets cannot be writable because they are mounted in a temporary filesystem, so if you set the writable bit, it is ignored. The executable bit can be set. If you aren’t familiar with UNIX file permission modes, you may find this <a href="http://permissions-calculator.org/" target="_blank" rel="noopener" class="_">permissions calculator</a> useful.</li> </ul> <p>The following example sets name of the <code class="language-plaintext highlighter-rouge">my_secret</code> to <code class="language-plaintext highlighter-rouge">redis_secret</code> within the container, sets the mode to <code class="language-plaintext highlighter-rouge">0440</code> (group-readable) and sets the user and group to <code class="language-plaintext highlighter-rouge">103</code>. The <code class="language-plaintext highlighter-rouge">redis</code> service does not have access to the <code class="language-plaintext highlighter-rouge">my_other_secret</code> secret.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  redis:
    image: redis:latest
    deploy:
      replicas: 1
    secrets:
      - source: my_secret
        target: redis_secret
        uid: '103'
        gid: '103'
        mode: 0440
secrets:
  my_secret:
    file: ./my_secret.txt
  my_other_secret:
    external: true
</pre></div> <p>You can grant a service access to multiple secrets and you can mix long and short syntax. Defining a secret does not imply granting a service access to it.</p> <h3 id="security_opt">security_opt</h3> <p>Override the default labeling scheme for each container.</p> <div class="highlight"><pre class="highlight" data-language="">security_opt:
  - label:user:USER
  - label:role:ROLE
</pre></div> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">security_opt</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a>.</p> </blockquote> <h3 id="stop_grace_period">stop_grace_period</h3> <p>Specify how long to wait when attempting to stop a container if it doesn’t handle SIGTERM (or whatever stop signal has been specified with <a href="#stop_signal"><code class="language-plaintext highlighter-rouge">stop_signal</code></a>), before sending SIGKILL. Specified as a <a href="#specifying-durations">duration</a>.</p> <div class="highlight"><pre class="highlight" data-language="">stop_grace_period: 1s
</pre></div> <div class="highlight"><pre class="highlight" data-language="">stop_grace_period: 1m30s
</pre></div> <p>By default, <code class="language-plaintext highlighter-rouge">stop</code> waits 10 seconds for the container to exit before sending SIGKILL.</p> <h3 id="stop_signal">stop_signal</h3> <p>Sets an alternative signal to stop the container. By default <code class="language-plaintext highlighter-rouge">stop</code> uses SIGTERM. Setting an alternative signal using <code class="language-plaintext highlighter-rouge">stop_signal</code> causes <code class="language-plaintext highlighter-rouge">stop</code> to send that signal instead.</p> <div class="highlight"><pre class="highlight" data-language="">stop_signal: SIGUSR1
</pre></div> <h3 id="sysctls">sysctls</h3> <p>Kernel parameters to set in the container. You can use either an array or a dictionary.</p> <div class="highlight"><pre class="highlight" data-language="">sysctls:
  net.core.somaxconn: 1024
  net.ipv4.tcp_syncookies: 0
</pre></div> <div class="highlight"><pre class="highlight" data-language="">sysctls:
  - net.core.somaxconn=1024
  - net.ipv4.tcp_syncookies=0
</pre></div> <p>You can only use sysctls that are namespaced in the kernel. Docker does not support changing sysctls inside a container that also modify the host system. For an overview of supported sysctls, refer to <a href="../../../engine/reference/commandline/run/index#configure-namespaced-kernel-parameters-sysctls-at-runtime">configure namespaced kernel parameters (sysctls) at runtime</a>.</p> <blockquote> <p>Note when using docker stack deploy</p> <p>This option requires Docker Engine 19.03 or up when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a>.</p> </blockquote> <h3 id="tmpfs">tmpfs</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-36">version 3.6</a> file format.</p> </blockquote> <p>Mount a temporary file system inside the container. Can be a single value or a list.</p> <div class="highlight"><pre class="highlight" data-language="">tmpfs: /run
</pre></div> <div class="highlight"><pre class="highlight" data-language="">tmpfs:
  - /run
  - /tmp
</pre></div> <blockquote> <p>Note when using docker stack deploy</p> <p>This option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a> with a (version 3-3.5) Compose file.</p> </blockquote> <p>Mount a temporary file system inside the container. Size parameter specifies the size of the tmpfs mount in bytes. Unlimited by default.</p> <div class="highlight"><pre class="highlight" data-language="">- type: tmpfs
  target: /app
  tmpfs:
    size: 1000
</pre></div> <h3 id="ulimits">ulimits</h3> <p>Override the default ulimits for a container. You can either specify a single limit as an integer or soft/hard limits as a mapping.</p> <div class="highlight"><pre class="highlight" data-language="">ulimits:
  nproc: 65535
  nofile:
    soft: 20000
    hard: 40000
</pre></div> <h3 id="userns_mode">userns_mode</h3> <div class="highlight"><pre class="highlight" data-language="">userns_mode: "host"
</pre></div> <p>Disables the user namespace for this service, if Docker daemon is configured with user namespaces. See <a href="../../../engine/security/userns-remap/index#disable-namespace-remapping-for-a-container">dockerd</a> for more information.</p> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">userns_mode</code> option is ignored when <a href="../../../engine/reference/commandline/stack_deploy/index">deploying a stack in swarm mode</a>.</p> </blockquote> <h3 id="volumes">volumes</h3> <p>Mount host paths or named volumes, specified as sub-options to a service.</p> <p>You can mount a host path as part of a definition for a single service, and there is no need to define it in the top level <code class="language-plaintext highlighter-rouge">volumes</code> key.</p> <p>But, if you want to reuse a volume across multiple services, then define a named volume in the <a href="#volume-configuration-reference">top-level <code class="language-plaintext highlighter-rouge">volumes</code> key</a>. Use named volumes with <a href="#volumes-for-services-swarms-and-stack-files">services, swarms, and stack files</a>.</p> <blockquote> <p>Changed in <a href="../compose-versioning/index#version-3">version 3</a> file format.</p> <p>The top-level <a href="#volume-configuration-reference">volumes</a> key defines a named volume and references it from each service’s <code class="language-plaintext highlighter-rouge">volumes</code> list. This replaces <code class="language-plaintext highlighter-rouge">volumes_from</code> in earlier versions of the Compose file format.</p> </blockquote> <p>This example shows a named volume (<code class="language-plaintext highlighter-rouge">mydata</code>) being used by the <code class="language-plaintext highlighter-rouge">web</code> service, and a bind mount defined for a single service (first path under <code class="language-plaintext highlighter-rouge">db</code> service <code class="language-plaintext highlighter-rouge">volumes</code>). The <code class="language-plaintext highlighter-rouge">db</code> service also uses a named volume called <code class="language-plaintext highlighter-rouge">dbdata</code> (second path under <code class="language-plaintext highlighter-rouge">db</code> service <code class="language-plaintext highlighter-rouge">volumes</code>), but defines it using the old string format for mounting a named volume. Named volumes must be listed under the top-level <code class="language-plaintext highlighter-rouge">volumes</code> key, as shown.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  web:
    image: nginx:alpine
    volumes:
      - type: volume
        source: mydata
        target: /data
        volume:
          nocopy: true
      - type: bind
        source: ./static
        target: /opt/app/static

  db:
    image: postgres:latest
    volumes:
      - "/var/run/postgres/postgres.sock:/var/run/postgres/postgres.sock"
      - "dbdata:/var/lib/postgresql/data"

volumes:
  mydata:
  dbdata:
</pre></div> <blockquote> <p><strong>Note</strong></p> <p>For general information on volumes, refer to the <a href="https://docs.docker.com/storage/volumes/">use volumes</a> and <a href="../../../engine/extend/plugins_volume/index">volume plugins</a> sections in the documentation.</p> </blockquote> <h4 id="short-syntax-3">Short syntax</h4> <p>The short syntax uses the generic <code class="language-plaintext highlighter-rouge">[SOURCE:]TARGET[:MODE]</code> format, where <code class="language-plaintext highlighter-rouge">SOURCE</code> can be either a host path or volume name. <code class="language-plaintext highlighter-rouge">TARGET</code> is the container path where the volume is mounted. Standard modes are <code class="language-plaintext highlighter-rouge">ro</code> for read-only and <code class="language-plaintext highlighter-rouge">rw</code> for read-write (default).</p> <p>You can mount a relative path on the host, which expands relative to the directory of the Compose configuration file being used. Relative paths should always begin with <code class="language-plaintext highlighter-rouge">.</code> or <code class="language-plaintext highlighter-rouge">..</code>.</p> <div class="highlight"><pre class="highlight" data-language="">volumes:
  # Just specify a path and let the Engine create a volume
  - /var/lib/mysql

  # Specify an absolute path mapping
  - /opt/data:/var/lib/mysql

  # Path on the host, relative to the Compose file
  - ./cache:/tmp/cache

  # User-relative path
  - ~/configs:/etc/configs/:ro

  # Named volume
  - datavolume:/var/lib/mysql
</pre></div> <h4 id="long-syntax-3">Long syntax</h4> <blockquote> <p>Added in <a href="../compose-versioning/index#version-32">version 3.2</a> file format.</p> </blockquote> <p>The long form syntax allows the configuration of additional fields that can’t be expressed in the short form.</p> <ul> <li>
<code class="language-plaintext highlighter-rouge">type</code>: the mount type <code class="language-plaintext highlighter-rouge">volume</code>, <code class="language-plaintext highlighter-rouge">bind</code>, <code class="language-plaintext highlighter-rouge">tmpfs</code> or <code class="language-plaintext highlighter-rouge">npipe</code>
</li> <li>
<code class="language-plaintext highlighter-rouge">source</code>: the source of the mount, a path on the host for a bind mount, or the name of a volume defined in the <a href="#volume-configuration-reference">top-level <code class="language-plaintext highlighter-rouge">volumes</code> key</a>. Not applicable for a tmpfs mount.</li> <li>
<code class="language-plaintext highlighter-rouge">target</code>: the path in the container where the volume is mounted</li> <li>
<code class="language-plaintext highlighter-rouge">read_only</code>: flag to set the volume as read-only</li> <li>
<code class="language-plaintext highlighter-rouge">bind</code>: configure additional bind options <ul> <li>
<code class="language-plaintext highlighter-rouge">propagation</code>: the propagation mode used for the bind</li> </ul> </li> <li>
<code class="language-plaintext highlighter-rouge">volume</code>: configure additional volume options <ul> <li>
<code class="language-plaintext highlighter-rouge">nocopy</code>: flag to disable copying of data from a container when a volume is created</li> </ul> </li> <li>
<code class="language-plaintext highlighter-rouge">tmpfs</code>: configure additional tmpfs options <ul> <li>
<code class="language-plaintext highlighter-rouge">size</code>: the size for the tmpfs mount in bytes</li> </ul> </li> </ul> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  web:
    image: nginx:alpine
    ports:
      - "80:80"
    volumes:
      - type: volume
        source: mydata
        target: /data
        volume:
          nocopy: true
      - type: bind
        source: ./static
        target: /opt/app/static

networks:
  webnet:

volumes:
  mydata:
</pre></div> <blockquote> <p><strong>Note</strong></p> <p>When creating bind mounts, using the long syntax requires the referenced folder to be created beforehand. Using the short syntax creates the folder on the fly if it doesn’t exist. See the <a href="https://docs.docker.com/storage/bind-mounts/#differences-between--v-and---mount-behavior">bind mounts documentation</a> for more information.</p> </blockquote> <h4 id="volumes-for-services-swarms-and-stack-files">Volumes for services, swarms, and stack files</h4> <blockquote> <p>Note when using docker stack deploy</p> <p>When working with services, swarms, and <code class="language-plaintext highlighter-rouge">docker-stack.yml</code> files, keep in mind that the tasks (containers) backing a service can be deployed on any node in a swarm, and this may be a different node each time the service is updated.</p> </blockquote> <p>In the absence of having named volumes with specified sources, Docker creates an anonymous volume for each task backing a service. Anonymous volumes do not persist after the associated containers are removed.</p> <p>If you want your data to persist, use a named volume and a volume driver that is multi-host aware, so that the data is accessible from any node. Or, set constraints on the service so that its tasks are deployed on a node that has the volume present.</p> <p>As an example, the <code class="language-plaintext highlighter-rouge">docker-stack.yml</code> file for the <a href="https://github.com/docker/labs/blob/master/beginner/chapters/votingapp/">votingapp sample in Docker Labs</a> defines a service called <code class="language-plaintext highlighter-rouge">db</code> that runs a <code class="language-plaintext highlighter-rouge">postgres</code> database. It is configured as a named volume to persist the data on the swarm, <em>and</em> is constrained to run only on <code class="language-plaintext highlighter-rouge">manager</code> nodes. Here is the relevant snip-it from that file:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  db:
    image: postgres:9.4
    volumes:
      - db-data:/var/lib/postgresql/data
    networks:
      - backend
    deploy:
      placement:
        constraints: [node.role == manager]
</pre></div> <h3 id="domainname-hostname-ipc-mac_address-privileged-read_only-shm_size-stdin_open-tty-user-working_dir">domainname, hostname, ipc, mac_address, privileged, read_only, shm_size, stdin_open, tty, user, working_dir</h3> <p>Each of these is a single value, analogous to its <a href="../../../engine/reference/run/index">docker run</a> counterpart. Note that <code class="language-plaintext highlighter-rouge">mac_address</code> is a legacy option.</p> <div class="highlight"><pre class="highlight" data-language="">user: postgresql
working_dir: /code

domainname: foo.com
hostname: foo
ipc: host
mac_address: 02:42:ac:11:65:43

privileged: true


read_only: true
shm_size: 64M
stdin_open: true
tty: true
</pre></div> <h2 id="specifying-durations">Specifying durations</h2> <p>Some configuration options, such as the <code class="language-plaintext highlighter-rouge">interval</code> and <code class="language-plaintext highlighter-rouge">timeout</code> sub-options for <a href="#healthcheck"><code class="language-plaintext highlighter-rouge">check</code></a>, accept a duration as a string in a format that looks like this:</p> <div class="highlight"><pre class="highlight" data-language="">2.5s
10s
1m30s
2h32m
5h34m56s
</pre></div> <p>The supported units are <code class="language-plaintext highlighter-rouge">us</code>, <code class="language-plaintext highlighter-rouge">ms</code>, <code class="language-plaintext highlighter-rouge">s</code>, <code class="language-plaintext highlighter-rouge">m</code> and <code class="language-plaintext highlighter-rouge">h</code>.</p> <h2 id="specifying-byte-values">Specifying byte values</h2> <p>Some configuration options, such as the <code class="language-plaintext highlighter-rouge">shm_size</code> sub-option for <a href="#build"><code class="language-plaintext highlighter-rouge">build</code></a>, accept a byte value as a string in a format that looks like this:</p> <div class="highlight"><pre class="highlight" data-language="">2b
1024kb
2048k
300m
1gb
</pre></div> <p>The supported units are <code class="language-plaintext highlighter-rouge">b</code>, <code class="language-plaintext highlighter-rouge">k</code>, <code class="language-plaintext highlighter-rouge">m</code> and <code class="language-plaintext highlighter-rouge">g</code>, and their alternative notation <code class="language-plaintext highlighter-rouge">kb</code>, <code class="language-plaintext highlighter-rouge">mb</code> and <code class="language-plaintext highlighter-rouge">gb</code>. Decimal values are not supported at this time.</p> <h2 id="volume-configuration-reference">Volume configuration reference</h2> <p>While it is possible to declare <a href="#volumes">volumes</a> on the fly as part of the service declaration, this section allows you to create named volumes that can be reused across multiple services (without relying on <code class="language-plaintext highlighter-rouge">volumes_from</code>), and are easily retrieved and inspected using the docker command line or API. See the <a href="../../../engine/reference/commandline/volume_create/index">docker volume</a> subcommand documentation for more information.</p> <p>See <a href="https://docs.docker.com/storage/volumes/">use volumes</a> and <a href="../../../engine/extend/plugins_volume/index">volume plugins</a> for general information on volumes.</p> <p>Here’s an example of a two-service setup where a database’s data directory is shared with another service as a volume so that it can be periodically backed up:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"

services:
  db:
    image: db
    volumes:
      - data-volume:/var/lib/db
  backup:
    image: backup-service
    volumes:
      - data-volume:/var/lib/backup/data

volumes:
  data-volume:
</pre></div> <p>An entry under the top-level <code class="language-plaintext highlighter-rouge">volumes</code> key can be empty, in which case it uses the default driver configured by the Engine (in most cases, this is the <code class="language-plaintext highlighter-rouge">local</code> driver). Optionally, you can configure it with the following keys:</p> <h3 id="driver">driver</h3> <p>Specify which volume driver should be used for this volume. Defaults to whatever driver the Docker Engine has been configured to use, which in most cases is <code class="language-plaintext highlighter-rouge">local</code>. If the driver is not available, the Engine returns an error when <code class="language-plaintext highlighter-rouge">docker-compose up</code> tries to create the volume.</p> <div class="highlight"><pre class="highlight" data-language="">driver: foobar
</pre></div> <h3 id="driver_opts">driver_opts</h3> <p>Specify a list of options as key-value pairs to pass to the driver for this volume. Those options are driver-dependent - consult the driver’s documentation for more information. Optional.</p> <div class="highlight"><pre class="highlight" data-language="">volumes:
  example:
    driver_opts:
      type: "nfs"
      o: "addr=10.40.0.199,nolock,soft,rw"
      device: ":/docker/example"
</pre></div> <h3 id="external">external</h3> <p>If set to <code class="language-plaintext highlighter-rouge">true</code>, specifies that this volume has been created outside of Compose. <code class="language-plaintext highlighter-rouge">docker-compose up</code> does not attempt to create it, and raises an error if it doesn’t exist.</p> <p>For version 3.3 and below of the format, <code class="language-plaintext highlighter-rouge">external</code> cannot be used in conjunction with other volume configuration keys (<code class="language-plaintext highlighter-rouge">driver</code>, <code class="language-plaintext highlighter-rouge">driver_opts</code>, <code class="language-plaintext highlighter-rouge">labels</code>). This limitation no longer exists for <a href="../compose-versioning/index#version-34">version 3.4</a> and above.</p> <p>In the example below, instead of attempting to create a volume called <code class="language-plaintext highlighter-rouge">[projectname]_data</code>, Compose looks for an existing volume simply called <code class="language-plaintext highlighter-rouge">data</code> and mount it into the <code class="language-plaintext highlighter-rouge">db</code> service’s containers.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"

services:
  db:
    image: postgres
    volumes:
      - data:/var/lib/postgresql/data

volumes:
  data:
    external: true
</pre></div> <blockquote class="important"> <p>Deprecated in <a href="../compose-versioning/index#version-34">version 3.4</a> file format.</p> <p>external.name was deprecated in version 3.4 file format use <code class="language-plaintext highlighter-rouge">name</code> instead.</p> </blockquote> <p>You can also specify the name of the volume separately from the name used to refer to it within the Compose file:</p> <div class="highlight"><pre class="highlight" data-language="">volumes:
  data:
    external:
      name: actual-name-of-volume
</pre></div> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>External volumes that do not exist <em>are created</em> if you use <a href="#deploy">docker stack deploy</a> to launch the app in <a href="../../../engine/swarm/index">swarm mode</a> (instead of <a href="../../reference/up/index">docker compose up</a>). In swarm mode, a volume is automatically created when it is defined by a service. As service tasks are scheduled on new nodes, <a href="https://github.com/docker/swarmkit/blob/master/README/">swarmkit</a> creates the volume on the local node. To learn more, see <a href="https://github.com/moby/moby/issues/29976">moby/moby#29976</a>.</p> </blockquote> <h3 id="labels-3">labels</h3> <p>Add metadata to containers using <a href="https://docs.docker.com/config/labels-custom-metadata/">Docker labels</a>. You can use either an array or a dictionary.</p> <p>It’s recommended that you use reverse-DNS notation to prevent your labels from conflicting with those used by other software.</p> <div class="highlight"><pre class="highlight" data-language="">labels:
  com.example.description: "Database volume"
  com.example.department: "IT/Ops"
  com.example.label-with-empty-value: ""
</pre></div> <div class="highlight"><pre class="highlight" data-language="">labels:
  - "com.example.description=Database volume"
  - "com.example.department=IT/Ops"
  - "com.example.label-with-empty-value"
</pre></div> <h3 id="name">name</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-34">version 3.4</a> file format.</p> </blockquote> <p>Set a custom name for this volume. The name field can be used to reference volumes that contain special characters. The name is used as is and will <strong>not</strong> be scoped with the stack name.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
volumes:
  data:
    name: my-app-data
</pre></div> <p>It can also be used in conjunction with the <code class="language-plaintext highlighter-rouge">external</code> property:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
volumes:
  data:
    external: true
    name: my-app-data
</pre></div> <h2 id="network-configuration-reference">Network configuration reference</h2> <p>The top-level <code class="language-plaintext highlighter-rouge">networks</code> key lets you specify networks to be created.</p> <ul> <li>For a full explanation of Compose’s use of Docker networking features and all network driver options, see the <a href="../../networking/index">Networking guide</a>.</li> <li>For <a href="https://github.com/docker/labs/blob/master/README/">Docker Labs</a> tutorials on networking, start with <a href="https://github.com/docker/labs/blob/master/networking/README/">Designing Scalable, Portable Docker Container Networks</a>
</li> </ul> <h3 id="driver-1">driver</h3> <p>Specify which driver should be used for this network.</p> <p>The default driver depends on how the Docker Engine you’re using is configured, but in most instances it is <code class="language-plaintext highlighter-rouge">bridge</code> on a single host and <code class="language-plaintext highlighter-rouge">overlay</code> on a Swarm.</p> <p>The Docker Engine returns an error if the driver is not available.</p> <div class="highlight"><pre class="highlight" data-language="">driver: overlay
</pre></div> <h4 id="bridge">bridge</h4> <p>Docker defaults to using a <code class="language-plaintext highlighter-rouge">bridge</code> network on a single host. For examples of how to work with bridge networks, see the Docker Labs tutorial on <a href="https://github.com/docker/labs/blob/master/networking/A2-bridge-networking/">Bridge networking</a>.</p> <h4 id="overlay">overlay</h4> <p>The <code class="language-plaintext highlighter-rouge">overlay</code> driver creates a named network across multiple nodes in a <a href="../../../engine/swarm/index">swarm</a>.</p> <ul> <li> <p>For a working example of how to build and use an <code class="language-plaintext highlighter-rouge">overlay</code> network with a service in swarm mode, see the Docker Labs tutorial on <a href="https://github.com/docker/labs/blob/master/networking/A3-overlay-networking/">Overlay networking and service discovery</a>.</p> </li> <li> <p>For an in-depth look at how it works under the hood, see the networking concepts lab on the <a href="https://github.com/docker/labs/blob/master/networking/concepts/06-overlay-networks/">Overlay Driver Network Architecture</a>.</p> </li> </ul> <h4 id="host-or-none">host or none</h4> <p>Use the host’s networking stack, or no networking. Equivalent to <code class="language-plaintext highlighter-rouge">docker run --net=host</code> or <code class="language-plaintext highlighter-rouge">docker run --net=none</code>. Only used if you use <code class="language-plaintext highlighter-rouge">docker stack</code> commands. If you use the <code class="language-plaintext highlighter-rouge">docker-compose</code> command, use <a href="#network_mode">network_mode</a> instead.</p> <p>If you want to use a particular network on a common build, use [network] as mentioned in the second yaml file example.</p> <p>The syntax for using built-in networks such as <code class="language-plaintext highlighter-rouge">host</code> and <code class="language-plaintext highlighter-rouge">none</code> is a little different. Define an external network with the name <code class="language-plaintext highlighter-rouge">host</code> or <code class="language-plaintext highlighter-rouge">none</code> (that Docker has already created automatically) and an alias that Compose can use (<code class="language-plaintext highlighter-rouge">hostnet</code> or <code class="language-plaintext highlighter-rouge">nonet</code> in the following examples), then grant the service access to that network using the alias.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
services:
  web:
    networks:
      hostnet: {}

networks:
  hostnet:
    external: true
    name: host
</pre></div> <div class="highlight"><pre class="highlight" data-language="">services:
  web:
    ...
    build:
      ...
      network: host
      context: .
      ...
</pre></div> <div class="highlight"><pre class="highlight" data-language="">services:
  web:
    ...
    networks:
      nonet: {}

networks:
  nonet:
    external: true
    name: none
</pre></div> <h3 id="driver_opts-1">driver_opts</h3> <p>Specify a list of options as key-value pairs to pass to the driver for this network. Those options are driver-dependent - consult the driver’s documentation for more information. Optional.</p> <div class="highlight"><pre class="highlight" data-language="">driver_opts:
  foo: "bar"
  baz: 1
</pre></div> <h3 id="attachable">attachable</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-32">version 3.2</a> file format.</p> </blockquote> <p>Only used when the <code class="language-plaintext highlighter-rouge">driver</code> is set to <code class="language-plaintext highlighter-rouge">overlay</code>. If set to <code class="language-plaintext highlighter-rouge">true</code>, then standalone containers can attach to this network, in addition to services. If a standalone container attaches to an overlay network, it can communicate with services and standalone containers that are also attached to the overlay network from other Docker daemons.</p> <div class="highlight"><pre class="highlight" data-language="">networks:
  mynet1:
    driver: overlay
    attachable: true
</pre></div> <h3 id="enable_ipv6">enable_ipv6</h3> <p>Enable IPv6 networking on this network.</p> <blockquote class="warning"> <p>Not supported in Compose File version 3</p> <p><code class="language-plaintext highlighter-rouge">enable_ipv6</code> requires you to use a version 2 Compose file, as this directive is not yet supported in Swarm mode.</p> </blockquote> <h3 id="ipam">ipam</h3> <p>Specify custom IPAM config. This is an object with several properties, each of which is optional:</p> <ul> <li>
<code class="language-plaintext highlighter-rouge">driver</code>: Custom IPAM driver, instead of the default.</li> <li>
<code class="language-plaintext highlighter-rouge">config</code>: A list with zero or more config blocks, each containing any of the following keys: <ul> <li>
<code class="language-plaintext highlighter-rouge">subnet</code>: Subnet in CIDR format that represents a network segment</li> </ul> </li> </ul> <p>A full example:</p> <div class="highlight"><pre class="highlight" data-language="">ipam:
  driver: default
  config:
    - subnet: 172.28.0.0/16
</pre></div> <blockquote> <p><strong>Note</strong></p> <p>Additional IPAM configurations, such as <code class="language-plaintext highlighter-rouge">gateway</code>, are only honored for version 2 at the moment.</p> </blockquote> <h3 id="internal">internal</h3> <p>By default, Docker also connects a bridge network to it to provide external connectivity. If you want to create an externally isolated overlay network, you can set this option to <code class="language-plaintext highlighter-rouge">true</code>.</p> <h3 id="labels-4">labels</h3> <p>Add metadata to containers using <a href="https://docs.docker.com/config/labels-custom-metadata/">Docker labels</a>. You can use either an array or a dictionary.</p> <p>It’s recommended that you use reverse-DNS notation to prevent your labels from conflicting with those used by other software.</p> <div class="highlight"><pre class="highlight" data-language="">labels:
  com.example.description: "Financial transaction network"
  com.example.department: "Finance"
  com.example.label-with-empty-value: ""
</pre></div> <div class="highlight"><pre class="highlight" data-language="">labels:
  - "com.example.description=Financial transaction network"
  - "com.example.department=Finance"
  - "com.example.label-with-empty-value"
</pre></div> <h3 id="external-1">external</h3> <p>If set to <code class="language-plaintext highlighter-rouge">true</code>, specifies that this network has been created outside of Compose. <code class="language-plaintext highlighter-rouge">docker-compose up</code> does not attempt to create it, and raises an error if it doesn’t exist.</p> <p>For version 3.3 and below of the format, <code class="language-plaintext highlighter-rouge">external</code> cannot be used in conjunction with other network configuration keys (<code class="language-plaintext highlighter-rouge">driver</code>, <code class="language-plaintext highlighter-rouge">driver_opts</code>, <code class="language-plaintext highlighter-rouge">ipam</code>, <code class="language-plaintext highlighter-rouge">internal</code>). This limitation no longer exists for <a href="../compose-versioning/index#version-34">version 3.4</a> and above.</p> <p>In the example below, <code class="language-plaintext highlighter-rouge">proxy</code> is the gateway to the outside world. Instead of attempting to create a network called <code class="language-plaintext highlighter-rouge">[projectname]_outside</code>, Compose looks for an existing network simply called <code class="language-plaintext highlighter-rouge">outside</code> and connect the <code class="language-plaintext highlighter-rouge">proxy</code> service’s containers to it.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"

services:
  proxy:
    build: ./proxy
    networks:
      - outside
      - default
  app:
    build: ./app
    networks:
      - default

networks:
  outside:
    external: true
</pre></div> <blockquote class="important"> <p>Deprecated in <a href="../compose-versioning/index#version-35">version 3.5</a> file format.</p> <p>external.name was deprecated in version 3.5 file format use <code class="language-plaintext highlighter-rouge">name</code> instead.</p> </blockquote> <p>You can also specify the name of the network separately from the name used to refer to it within the Compose file:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
networks:
  outside:
    external:
      name: actual-name-of-network
</pre></div> <h3 id="name-1">name</h3> <blockquote> <p>Added in <a href="../compose-versioning/index#version-35">version 3.5</a> file format.</p> </blockquote> <p>Set a custom name for this network. The name field can be used to reference networks which contain special characters. The name is used as is and will <strong>not</strong> be scoped with the stack name.</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
networks:
  network1:
    name: my-app-net
</pre></div> <p>It can also be used in conjunction with the <code class="language-plaintext highlighter-rouge">external</code> property:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
networks:
  network1:
    external: true
    name: my-app-net
</pre></div> <h2 id="configs-configuration-reference">configs configuration reference</h2> <p>The top-level <code class="language-plaintext highlighter-rouge">configs</code> declaration defines or references <a href="../../../engine/swarm/configs/index">configs</a> that can be granted to the services in this stack. The source of the config is either <code class="language-plaintext highlighter-rouge">file</code> or <code class="language-plaintext highlighter-rouge">external</code>.</p> <ul> <li>
<code class="language-plaintext highlighter-rouge">file</code>: The config is created with the contents of the file at the specified path.</li> <li>
<code class="language-plaintext highlighter-rouge">external</code>: If set to true, specifies that this config has already been created. Docker does not attempt to create it, and if it does not exist, a <code class="language-plaintext highlighter-rouge">config not found</code> error occurs.</li> <li>
<code class="language-plaintext highlighter-rouge">name</code>: The name of the config object in Docker. This field can be used to reference configs that contain special characters. The name is used as is and will <strong>not</strong> be scoped with the stack name. Introduced in version 3.5 file format.</li> <li>
<code class="language-plaintext highlighter-rouge">driver</code> and <code class="language-plaintext highlighter-rouge">driver_opts</code>: The name of a custom secret driver, and driver-specific options passed as key/value pairs. Introduced in version 3.8 file format, and only supported when using <code class="language-plaintext highlighter-rouge">docker stack</code>.</li> <li>
<code class="language-plaintext highlighter-rouge">template_driver</code>: The name of the templating driver to use, which controls whether and how to evaluate the secret payload as a template. If no driver is set, no templating is used. The only driver currently supported is <code class="language-plaintext highlighter-rouge">golang</code>, which uses a <code class="language-plaintext highlighter-rouge">golang</code>. Introduced in version 3.8 file format, and only supported when using <code class="language-plaintext highlighter-rouge">docker stack</code>. Refer to <a href="../../../engine/swarm/configs/index#example-use-a-templated-config">use a templated config</a> for a examples of templated configs.</li> </ul> <p>In this example, <code class="language-plaintext highlighter-rouge">my_first_config</code> is created (as <code class="language-plaintext highlighter-rouge">&lt;stack_name&gt;_my_first_config)</code>when the stack is deployed, and <code class="language-plaintext highlighter-rouge">my_second_config</code> already exists in Docker.</p> <div class="highlight"><pre class="highlight" data-language="">configs:
  my_first_config:
    file: ./config_data
  my_second_config:
    external: true
</pre></div> <p>Another variant for external configs is when the name of the config in Docker is different from the name that exists within the service. The following example modifies the previous one to use the external config called <code class="language-plaintext highlighter-rouge">redis_config</code>.</p> <div class="highlight"><pre class="highlight" data-language="">configs:
  my_first_config:
    file: ./config_data
  my_second_config:
    external:
      name: redis_config
</pre></div> <p>You still need to <a href="#configs">grant access to the config</a> to each service in the stack.</p> <h2 id="secrets-configuration-reference">secrets configuration reference</h2> <p>The top-level <code class="language-plaintext highlighter-rouge">secrets</code> declaration defines or references <a href="../../../engine/swarm/secrets/index">secrets</a> that can be granted to the services in this stack. The source of the secret is either <code class="language-plaintext highlighter-rouge">file</code> or <code class="language-plaintext highlighter-rouge">external</code>.</p> <ul> <li>
<code class="language-plaintext highlighter-rouge">file</code>: The secret is created with the contents of the file at the specified path.</li> <li>
<code class="language-plaintext highlighter-rouge">external</code>: If set to true, specifies that this secret has already been created. Docker does not attempt to create it, and if it does not exist, a <code class="language-plaintext highlighter-rouge">secret not found</code> error occurs.</li> <li>
<code class="language-plaintext highlighter-rouge">name</code>: The name of the secret object in Docker. This field can be used to reference secrets that contain special characters. The name is used as is and will <strong>not</strong> be scoped with the stack name. Introduced in version 3.5 file format.</li> <li>
<code class="language-plaintext highlighter-rouge">template_driver</code>: The name of the templating driver to use, which controls whether and how to evaluate the secret payload as a template. If no driver is set, no templating is used. The only driver currently supported is <code class="language-plaintext highlighter-rouge">golang</code>, which uses a <code class="language-plaintext highlighter-rouge">golang</code>. Introduced in version 3.8 file format, and only supported when using <code class="language-plaintext highlighter-rouge">docker stack</code>.</li> </ul> <p>In this example, <code class="language-plaintext highlighter-rouge">my_first_secret</code> is created as <code class="language-plaintext highlighter-rouge">&lt;stack_name&gt;_my_first_secret</code>when the stack is deployed, and <code class="language-plaintext highlighter-rouge">my_second_secret</code> already exists in Docker.</p> <div class="highlight"><pre class="highlight" data-language="">secrets:
  my_first_secret:
    file: ./secret_data
  my_second_secret:
    external: true
</pre></div> <p>Another variant for external secrets is when the name of the secret in Docker is different from the name that exists within the service. The following example modifies the previous one to use the external secret called <code class="language-plaintext highlighter-rouge">redis_secret</code>.</p> <h3 id="compose-file-v35-and-above">Compose File v3.5 and above</h3> <div class="highlight"><pre class="highlight" data-language="">secrets:
  my_first_secret:
    file: ./secret_data
  my_second_secret:
    external: true
    name: redis_secret
</pre></div> <h3 id="compose-file-v34-and-under">Compose File v3.4 and under</h3> <div class="highlight"><pre class="highlight" data-language="">  my_second_secret:
    external:
      name: redis_secret
</pre></div> <p>You still need to <a href="#secrets">grant access to the secrets</a> to each service in the stack.</p> <h2 id="variable-substitution">Variable substitution</h2> <p>Your configuration options can contain environment variables. Compose uses the variable values from the shell environment in which <code class="language-plaintext highlighter-rouge">docker-compose</code> is run. For example, suppose the shell contains <code class="language-plaintext highlighter-rouge">POSTGRES_VERSION=9.3</code> and you supply this configuration:</p> <div class="highlight"><pre class="highlight" data-language="">db:
  image: "postgres:${POSTGRES_VERSION}"
</pre></div> <p>When you run <code class="language-plaintext highlighter-rouge">docker-compose up</code> with this configuration, Compose looks for the <code class="language-plaintext highlighter-rouge">POSTGRES_VERSION</code> environment variable in the shell and substitutes its value in. For this example, Compose resolves the <code class="language-plaintext highlighter-rouge">image</code> to <code class="language-plaintext highlighter-rouge">postgres:9.3</code> before running the configuration.</p> <p>If an environment variable is not set, Compose substitutes with an empty string. In the example above, if <code class="language-plaintext highlighter-rouge">POSTGRES_VERSION</code> is not set, the value for the <code class="language-plaintext highlighter-rouge">image</code> option is <code class="language-plaintext highlighter-rouge">postgres:</code>.</p> <p>You can set default values for environment variables using a <a href="../../env-file/index"><code class="language-plaintext highlighter-rouge">.env</code> file</a>, which Compose automatically looks for in project directory (parent folder of your Compose file). Values set in the shell environment override those set in the <code class="language-plaintext highlighter-rouge">.env</code> file.</p> <blockquote class="important"> <p>Note when using docker stack deploy</p> <p>The <code class="language-plaintext highlighter-rouge">.env file</code> feature only works when you use the <code class="language-plaintext highlighter-rouge">docker-compose up</code> command and does not work with <code class="language-plaintext highlighter-rouge">docker stack deploy</code>.</p> </blockquote> <p>Both <code class="language-plaintext highlighter-rouge">$VARIABLE</code> and <code class="language-plaintext highlighter-rouge">${VARIABLE}</code> syntax are supported. Additionally when using the <a href="../compose-versioning/index#version-21">2.1 file format</a>, it is possible to provide inline default values using typical shell syntax:</p> <ul> <li>
<code class="language-plaintext highlighter-rouge">${VARIABLE:-default}</code> evaluates to <code class="language-plaintext highlighter-rouge">default</code> if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset or empty in the environment.</li> <li>
<code class="language-plaintext highlighter-rouge">${VARIABLE-default}</code> evaluates to <code class="language-plaintext highlighter-rouge">default</code> only if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset in the environment.</li> </ul> <p>Similarly, the following syntax allows you to specify mandatory variables:</p> <ul> <li>
<code class="language-plaintext highlighter-rouge">${VARIABLE:?err}</code> exits with an error message containing <code class="language-plaintext highlighter-rouge">err</code> if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset or empty in the environment.</li> <li>
<code class="language-plaintext highlighter-rouge">${VARIABLE?err}</code> exits with an error message containing <code class="language-plaintext highlighter-rouge">err</code> if <code class="language-plaintext highlighter-rouge">VARIABLE</code> is unset in the environment.</li> </ul> <p>Other extended shell-style features, such as <code class="language-plaintext highlighter-rouge">${VARIABLE/foo/bar}</code>, are not supported.</p> <p>You can use a <code class="language-plaintext highlighter-rouge">$$</code> (double-dollar sign) when your configuration needs a literal dollar sign. This also prevents Compose from interpolating a value, so a <code class="language-plaintext highlighter-rouge">$$</code> allows you to refer to environment variables that you don’t want processed by Compose.</p> <div class="highlight"><pre class="highlight" data-language="">web:
  build: .
  command: "$$VAR_NOT_INTERPOLATED_BY_COMPOSE"
</pre></div> <p>If you forget and use a single dollar sign (<code class="language-plaintext highlighter-rouge">$</code>), Compose interprets the value as an environment variable and warns you:</p> <div class="highlight"><pre class="highlight" data-language="">The VAR_NOT_INTERPOLATED_BY_COMPOSE is not set. Substituting an empty string.
</pre></div> <h2 id="extension-fields">Extension fields</h2> <blockquote> <p>Added in <a href="../compose-versioning/index#version-34">version 3.4</a> file format.</p> </blockquote> <p>It is possible to re-use configuration fragments using extension fields. Those special fields can be of any format as long as they are located at the root of your Compose file and their name start with the <code class="language-plaintext highlighter-rouge">x-</code> character sequence.</p> <blockquote> <p><strong>Note</strong></p> <p>Starting with the 3.7 format (for the 3.x series) and 2.4 format (for the 2.x series), extension fields are also allowed at the root of service, volume, network, config and secret definitions.</p> </blockquote> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
x-custom:
  items:
    - a
    - b
  options:
    max-size: '12m'
  name: "custom"
</pre></div> <p>The contents of those fields are ignored by Compose, but they can be inserted in your resource definitions using <a href="https://yaml.org/spec/1.2/spec.html#id2765878">YAML anchors</a>. For example, if you want several of your services to use the same logging configuration:</p> <div class="highlight"><pre class="highlight" data-language="">logging:
  options:
    max-size: '12m'
    max-file: '5'
  driver: json-file
</pre></div> <p>You may write your Compose file as follows:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
x-logging:
  &amp;default-logging
  options:
    max-size: '12m'
    max-file: '5'
  driver: json-file

services:
  web:
    image: myapp/web:latest
    logging: *default-logging
  db:
    image: mysql:latest
    logging: *default-logging
</pre></div> <p>It is also possible to partially override values in extension fields using the <a href="https://yaml.org/type/merge.html">YAML merge type</a>. For example:</p> <div class="highlight"><pre class="highlight" data-language="">version: "3.9"
x-volumes:
  &amp;default-volume
  driver: foobar-storage

services:
  web:
    image: myapp/web:latest
    volumes: ["vol1", "vol2", "vol3"]
volumes:
  vol1: *default-volume
  vol2:
    &lt;&lt; : *default-volume
    name: volume02
  vol3:
    &lt;&lt; : *default-volume
    driver: default
    name: volume-local
</pre></div> <h2 id="compose-documentation">Compose documentation</h2> <ul> <li><a href="../../index">User guide</a></li> <li><a href="../../install/index">Installing Compose</a></li> <li><a href="../compose-versioning/index">Compose file versions and upgrading</a></li> <li><a href="../../samples-for-compose/index">Sample apps with Compose</a></li> <li><a href="../../reference/index">Command line reference</a></li> </ul> 
<p><a href="https://docs.docker.com/search/?q=fig">fig</a>, <a href="https://docs.docker.com/search/?q=composition">composition</a>, <a href="https://docs.docker.com/search/?q=compose%20version%203">compose version 3</a>, <a href="https://docs.docker.com/search/?q=docker">docker</a></p>
<div class="_attribution">
  <p class="_attribution-p">
    &copy; 2019 Docker, Inc.<br>Licensed under the Apache License, Version 2.0.<br>Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.<br>Docker, Inc. and other parties may also have trademark rights in other terms used herein.<br>
    <a href="https://docs.docker.com/compose/compose-file/compose-file-v3/" class="_attribution-link">https://docs.docker.com/compose/compose-file/compose-file-v3/</a>
  </p>
</div>