**Purpose**: User friendly web interface for executing Ansible playbooks, Terraform, OpenTofu code and Bash scripts. It is designed to make your automation tasks easier and more enjoyable.

[Website Details](https://semaphoreui.com/)

!!! info "Standalone VM Assumption"
    It is assumed that you are deploying Semaphore UI in its own standalone virtual machine.  These instructions dont accomodate MACVLAN docker networking, and assume that Semaphore UI and its PostgreSQL database backend share their IP address with the VM they are running on.

## Docker Configuration
```yaml title="docker-compose.yml"
services:
    semaphore-ui:
        ports:
            - 3000:3000
        image: public.ecr.aws/semaphore/pro/server:v2.13.12
        privileged: true
        environment:
            SEMAPHORE_DB_DIALECT: postgres
            SEMAPHORE_DB_HOST: postgres
            SEMAPHORE_DB_NAME: semaphore
            SEMAPHORE_DB_USER: root
            SEMAPHORE_DB_PASS: SuperSecretDBPassword
            SEMAPHORE_ADMIN: nicole
            SEMAPHORE_ADMIN_PASSWORD: SuperSecretPassword
            SEMAPHORE_ADMIN_NAME: Nicole Rappe
            SEMAPHORE_ADMIN_EMAIL: infrastructure@bunny-lab.io
            SEMAPHORE_EMAIL_SENDER: "noreply@bunny-lab.io"
            SEMAPHORE_EMAIL_HOST: "mail.bunny-lab.io"
            SEMAPHORE_EMAIL_PORT: "587"
            SEMAPHORE_EMAIL_USERNAME: "noreply@bunny-lab.io"
            SEMAPHORE_EMAIL_PASSWORD: "SuperSecretSMTPPassword"
            ANSIBLE_HOST_KEY_CHECKING: "False"
        volumes:
            - /srv/containers/semaphore-ui/data:/var/lib/semaphore
            - /srv/containers/semaphore-ui/config:/etc/semaphore
            - /srv/containers/semaphore-ui/tmp:/tmp/semaphore
        depends_on:
          - postgres
          
    postgres:
      image: postgres:12-alpine
      ports:
        - 5432:5432
      volumes:
        - /srv/containers/semaphore-ui/db:/var/lib/postgresql/data
      environment:
        - POSTGRES_DB=semaphore
        - POSTGRES_USER=root
        - POSTGRES_PASSWORD=SuperSecretDBPassword
        - TZ=America/Denver
      restart: always
```

```jsx title=".env"
N/A - Will be cleaned up later.
```

## Traefik Reverse Proxy Configuration
If the container does not run on the same host as Traefik, you will need to manually add configuration to Traefik's dynamic config file, outlined below.
``` yaml
http:
  routers:
    semaphore:
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt
      http2:
      service: semaphore
      rule: Host(`semaphore.bunny-lab.io`)

  services:
    semaphore:
      loadBalancer:
        servers:
          - url: http://192.168.3.51:3000
        passHostHeader: true
```