Production-ready Docker Compose stacks, published as OCI artifacts.
BeeCompose provides curated Docker Compose configurations for 30+ self-hosted services. Each service is published as an OCI artifact to GitHub Container Registry, enabling one-command deployment without cloning repositories.
Note: This README appears on all package pages because GitHub Container Registry doesn't support per-package READMEs. For detailed documentation, see the service-specific README linked in the table below.
Click on a service name to view its detailed README with configuration options, environment variables, and deployment instructions.
| Service | Description | OCI Artifact |
|---|---|---|
| bitwarden | Self-hosted password manager (Vaultwarden) | ghcr.io/beevelop/bitwarden |
| cabot | Monitoring and alerting platform | ghcr.io/beevelop/cabot |
| cloudflared | Cloudflare Tunnel for zero-trust access | ghcr.io/beevelop/cloudflared |
| confluence | Atlassian team collaboration and wiki | ghcr.io/beevelop/confluence |
| crowd | Atlassian SSO and identity management | ghcr.io/beevelop/crowd |
| dependency-track | OWASP component analysis platform | ghcr.io/beevelop/dependency-track |
| directus | Headless CMS and REST/GraphQL API | ghcr.io/beevelop/directus |
| duckling | NLP text parser for structured data | ghcr.io/beevelop/duckling |
| gitlab | Complete DevOps platform with CI/CD | ghcr.io/beevelop/gitlab |
| graylog | Centralized log management | ghcr.io/beevelop/graylog |
| huginn | Self-hosted IFTTT/Zapier alternative | ghcr.io/beevelop/huginn |
| jira | Atlassian issue tracking and projects | ghcr.io/beevelop/jira |
| keycloak | Identity and access management | ghcr.io/beevelop/keycloak |
| metabase | Business intelligence and analytics | ghcr.io/beevelop/metabase |
| minio | S3-compatible object storage | ghcr.io/beevelop/minio |
| monica | Personal relationship management | ghcr.io/beevelop/monica |
| mysql | MySQL database server | ghcr.io/beevelop/mysql |
| nexus | Sonatype artifact repository manager | ghcr.io/beevelop/nexus |
| openvpn | VPN server (UDP and TCP) | ghcr.io/beevelop/openvpn |
| phpmyadmin | MySQL web administration | ghcr.io/beevelop/phpmyadmin |
| redash | Data visualization and dashboards | ghcr.io/beevelop/redash |
| registry | Private Docker registry | ghcr.io/beevelop/registry |
| rundeck | Job scheduler and runbook automation | ghcr.io/beevelop/rundeck |
| sentry | Error tracking and performance monitoring | ghcr.io/beevelop/sentry |
| shields | Self-hosted badge generation | ghcr.io/beevelop/shields |
| sonarqube | Code quality inspection | ghcr.io/beevelop/sonarqube |
| statping | Status page and uptime monitoring | ghcr.io/beevelop/statping |
| traefik | Reverse proxy with automatic HTTPS | ghcr.io/beevelop/traefik |
| tus | Resumable file upload server | ghcr.io/beevelop/tus |
| weblate | Continuous localization platform | ghcr.io/beevelop/weblate |
| zabbix | Enterprise monitoring solution | ghcr.io/beevelop/zabbix |
Deploy any service directly from GitHub Container Registry without cloning the repository:
# 1. Create your environment file (check service README for required variables)
cat > .env << 'EOF'
COMPOSE_PROJECT_NAME=gitlab
SERVICE_DOMAIN=gitlab.example.com
DB_PASS=your-secure-password
# ... see service README for all options
EOF
# 2. Deploy from OCI artifact
docker compose -f oci://ghcr.io/beevelop/gitlab:latest --env-file .env up -d
# 3. Check status
docker compose -f oci://ghcr.io/beevelop/gitlab:latest --env-file .env psFor customization or development:
git clone https://github.com/beevelop/beecompose.git
cd beecompose/services/gitlab
# Configure environment
cp .env.example .env.production
# Edit .env.production with your settings
# Deploy
docker compose --env-file .env.production up -d| Requirement | Minimum Version | Notes |
|---|---|---|
| Docker | 25.0+ | Required for OCI artifact support |
| Docker Compose | v2.24+ | Bundled with Docker Desktop |
Optional: CloudFlare account for DNS-01 Let's Encrypt challenge (used by Traefik).
Note: OCI artifact deployment (
docker compose -f oci://...) requires Docker 25.0 or later. For older Docker versions, use the "Clone and Customize" method.
| Task | Command |
|---|---|
| Start service | docker compose --env-file .env up -d |
| Stop service | docker compose --env-file .env down |
| View logs | docker compose --env-file .env logs -f |
| Check status | docker compose --env-file .env ps |
| Update images | docker compose --env-file .env pull && docker compose --env-file .env up -d |
When deploying from GHCR, include the OCI URL in each command:
# Define convenience alias
alias dc="docker compose -f oci://ghcr.io/beevelop/gitlab:latest --env-file .env"
# Now use it for all operations
dc up -d
dc logs -f
dc ps
dc downAll services are pre-configured for:
- Traefik v3 reverse proxy with automatic Let's Encrypt SSL (DNS-01 via CloudFlare)
- Named volumes for data persistence (no bind mounts for OCI compatibility)
- Health checks for container monitoring
- JSON logging with size limits (500k max, 50 files)
- Restart policy
unless-stoppedfor reliability
Deploy Traefik first, then other services automatically connect via the traefik_default network:
# Deploy Traefik
docker compose -f oci://ghcr.io/beevelop/traefik:latest --env-file .env.traefik up -d
# Then deploy other services
docker compose -f oci://ghcr.io/beevelop/gitlab:latest --env-file .env.gitlab up -dFor enhanced security, deploy services behind Cloudflare Tunnel to avoid exposing ports to the public internet:
# 1. Deploy Traefik in tunnel-only mode (no public ports)
docker compose -f oci://ghcr.io/beevelop/traefik:latest \
-f oci://ghcr.io/beevelop/traefik-tunnel:latest \
--env-file .env.traefik up -d
# 2. Deploy cloudflared (configure tunnel token in .env)
docker compose -f oci://ghcr.io/beevelop/cloudflared:latest --env-file .env.cloudflared up -d
# 3. Deploy services as normal
docker compose -f oci://ghcr.io/beevelop/gitlab:latest --env-file .env.gitlab up -dTraffic flows: Internet → Cloudflare Edge → cloudflared → Traefik → Services
See cloudflared README for complete setup instructions.
beecompose/
├── services/
│ └── <service>/
│ ├── docker-compose.yml # Compose configuration
│ ├── README.md # Service documentation (START HERE)
│ ├── .env # Version tags (committed)
│ ├── .env.example # Example configuration (committed)
│ └── .env.<environ> # Your secrets (gitignored)
├── docs/
│ ├── BACKUP.md # Backup and restore procedures
│ ├── DEPLOYMENT.md # Deployment guide
│ └── ...
└── .github/
└── workflows/
└── publish-oci.yml # OCI artifact publishing
| Document | Description |
|---|---|
| Deployment Guide | Complete deployment walkthrough |
| Backup Guide | Backup and restore procedures |
| Migration Guide | Migrate from legacy bee scripts |
| Testing Guide | Testing procedures and validation |
| CI/CD Pipeline | Pipeline architecture and usage |
The repository includes GitHub Actions pipelines that:
- Lint - Validates all docker-compose.yml files with DCLint
- Validate OCI - Ensures all services are OCI-compatible (no bind mounts)
- CVE Scan - Scans images for vulnerabilities using Trivy
- Test - Validates each service starts correctly
- Publish - Publishes OCI artifacts to GHCR on main branch
Pull requests are welcome! Please:
- Follow existing docker-compose patterns
- Include
.env.examplewith placeholder values - Use named volumes (no bind mounts for OCI compatibility)
- Include native Docker healthcheck directives
- Add a comprehensive README.md for your service
- Run DCLint before submitting
- Placeholder Values: Examples use
example.com,bee(username), andSwordfish(password) - OCI artifacts are compose files, not container images - they define how to deploy services
- Service READMEs contain all configuration details - always check them before deploying