-
Notifications
You must be signed in to change notification settings - Fork 8
/
docker-compose-remote.yaml
248 lines (232 loc) · 8.05 KB
/
docker-compose-remote.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
# This file is used to run your application on remote servers with
# Docker Compose. It is not needed if you use Kubernetes or cloud services
# instead.
version: '3.9'
x-logging: &default-logging
options:
max-size: '100m'
max-file: '10'
driver: json-file
x-healthcheck: &default-healthcheck
test: wget -O/dev/null --tries=1 http://localhost:8080/healthz
interval: 20s
retries: 4
start_period: 20s
timeout: 10s
services:
full-stack-template-${taito_env}-ingress:
container_name: full-stack-template-${taito_env}-ingress
labels:
full-stack-template-${taito_env}-autoheal: "true"
image: nginx:stable-alpine
restart: unless-stopped
healthcheck:
<< : *default-healthcheck
test: wget -O/dev/null --tries=1 --server-response http://localhost:80/ingress-healthz 2>&1 | grep "401 Unauthorized\|200 OK"
logging: *default-logging
networks:
- default
ports:
# WARNING: Do not ever remove the 127.0.0.1 as on some systems Docker host ports are exposed outside the Firewall!
- "127.0.0.1:_PORT_:80"
secrets:
- BASIC_AUTH_HTPASSWD
volumes:
- "./docker-nginx.conf:/etc/nginx/nginx.conf:delegated"
full-stack-template-${taito_env}-admin:
container_name: full-stack-template-${taito_env}-admin
labels:
full-stack-template-${taito_env}-autoheal: "true"
image: ${taito_container_registry}/admin:${taito_build_image_tag}
deploy:
replicas: 1
restart: unless-stopped
healthcheck: *default-healthcheck
logging: *default-logging
networks:
- default
ports:
- "8080"
environment:
# Paths
REPLACE_BASE_PATH: /admin
REPLACE_ASSETS_PATH: ${taito_cdn_project_path}/${taito_build_image_tag}/admin
REPLACE_ASSETS_DOMAIN: '${taito_cdn_domain}'
# Common variables
COMMON_COMPANY: companyname
COMMON_PROJECT: full-stack-template
full-stack-template-${taito_env}-client:
container_name: full-stack-template-${taito_env}-client
labels:
full-stack-template-${taito_env}-autoheal: "true"
image: ${taito_container_registry}/client:${taito_build_image_tag}
deploy:
replicas: 1
restart: unless-stopped
healthcheck: *default-healthcheck
logging: *default-logging
networks:
- default
ports:
- "8080"
environment:
# Paths
REPLACE_BASE_PATH: ''
REPLACE_ASSETS_PATH: ${taito_cdn_project_path}/${taito_build_image_tag}/client
REPLACE_ASSETS_DOMAIN: '${taito_cdn_domain}'
# Common variables
COMMON_COMPANY: companyname
COMMON_PROJECT: full-stack-template
full-stack-template-${taito_env}-server:
container_name: full-stack-template-${taito_env}-server
labels:
full-stack-template-${taito_env}-autoheal: "true"
image: ${taito_container_registry}/server:${taito_build_image_tag}
deploy:
replicas: 1
restart: unless-stopped
healthcheck: *default-healthcheck
logging: *default-logging
networks:
- default
ports:
- "8080"
secrets:
- DATABASE_PASSWORD
- REDIS_PASSWORD
- BUCKET_KEY_SECRET
- EXAMPLE_SECRET
environment:
# Paths and bind
BASE_PATH: /api
API_PORT: 8080
API_BINDADDR: 0.0.0.0
# Common variables
COMMON_COMPANY: companyname
COMMON_PROJECT: full-stack-template
COMMON_DEBUG: 'false'
COMMON_LOG_FORMAT: text
COMMON_LOG_LEVEL: info # trace, debug, info, warn, error, fatal
COMMON_ENV: local
# Services
SENTRY_DSN: #sentryDSN
DATABASE_HOST: 172.17.0.1 # For docker db: full-stack-template-${taito_env}-database
DATABASE_NAME: ${db_database_name}
DATABASE_USER: ${db_database_app_username}
DATABASE_POOL_MIN: '1'
DATABASE_POOL_MAX: '10'
REDIS_HOST: full-stack-template-${taito_env}-redis
REDIS_PORT: 6379
BUCKET_ENDPOINT: http://full-stack-template-${taito_env}-storage:9000/
BUCKET_REGION: milkyway
BUCKET_BUCKET: bucket
BUCKET_KEY_ID: minio
BUCKET_FORCE_PATH_STYLE: 'true'
full-stack-template-${taito_env}-www:
container_name: full-stack-template-${taito_env}-www
labels:
full-stack-template-${taito_env}-autoheal: "true"
image: ${taito_container_registry}/www:${taito_build_image_tag}
deploy:
replicas: 1
restart: unless-stopped
healthcheck: *default-healthcheck
logging: *default-logging
networks:
- default
ports:
- "8080"
environment:
# Paths
REPLACE_BASE_PATH: /docs
REPLACE_ASSETS_PATH: ${taito_cdn_project_path}/${taito_build_image_tag}/www
REPLACE_ASSETS_DOMAIN: '${taito_cdn_domain}'
full-stack-template-${taito_env}-redis:
container_name: full-stack-template-${taito_env}-redis
labels:
full-stack-template-${taito_env}-autoheal: "true"
image: bitnami/redis:6.0
restart: unless-stopped
healthcheck:
<< : *default-healthcheck
test: redis-cli ping
logging: *default-logging
networks:
- default
ports:
- "6379"
secrets:
- REDIS_PASSWORD
environment:
REDIS_PASSWORD_FILE: '/run/secrets/REDIS_PASSWORD'
REDIS_AOF_ENABLED: 'no'
# "EXTERNAL RESOURCES"
# Uncomment these if you want to run them in Docker Compose instead
# NOTE: If you use full-stack-template-${taito_env}-database instead of external database,
# do the following:
# - Uncomment the full-stack-template-${taito_env}-database in this file.
# - Modify the following settings in taito-config.sh:
# db_database_mgr_username="$db_database_app_username"
# db_database_mgr_secret="$db_database_app_secret"
# - In local-ci.sh, move 'db-deploy' step to be executed after the
# 'deployment-deploy' step, since database must be running during db deploy.
# - Answer 'no' to the database creation step during 'taito env apply:ENV'.
# full-stack-template-${taito_env}-database:
# container_name: full-stack-template-${taito_env}-database
# labels:
# full-stack-template-${taito_env}-autoheal: "true"
# image: postgres:14
# restart: unless-stopped
# # TODO healthcheck
# logging: *default-logging
# networks:
# - default
# ports:
# # WARNING: Do not ever remove the 127.0.0.1 as on some systems Docker host ports are exposed outside the Firewall!
# - "127.0.0.1:5432:5432"
# secrets:
# - DATABASE_PASSWORD
# - DATABASE_MGR_PASSWORD
# environment:
# POSTGRES_DB: ${db_database_name}
# POSTGRES_USER: ${db_database_app_username}
# POSTGRES_PASSWORD_FILE: /run/secrets/DATABASE_PASSWORD
# MYSQL_ROOT_PASSWORD_FILE /run/secrets/DATABASE_MGR_PASSWORD
# volumes:
# - "./database:/docker-entrypoint-initdb.d:delegated"
# - "./database-db/mount:/var/lib/postgresql/data"
# "INFRASTRUCTURE"
# watchtower:
# image: index.docker.io/v2tec/watchtower
# restart: unless-stopped
# logging: *default-logging
# volumes:
# - /var/run/docker.sock:/var/run/docker.sock
# - ./watchtower-config.json:/config.json
# command: --interval 60
full-stack-template-${taito_env}-autoheal:
container_name: full-stack-template-${taito_env}-autoheal
image: ghcr.io/taitounited/autoheal:20230227
restart: always
tty: true
volumes:
- '/var/run/docker.sock:/var/run/docker.sock'
environment:
AUTOHEAL_CONTAINER_LABEL: full-stack-template-${taito_env}-autoheal
secrets:
DATABASE_PASSWORD:
file: ./secrets/${taito_env}/${db_database_app_secret}
DATABASE_MGR_PASSWORD:
file: ./secrets/${taito_env}/${db_database_mgr_secret}
REDIS_PASSWORD:
file: ./secrets/${taito_env}/${taito_project}-${taito_env}-redis.password
BUCKET_KEY_SECRET:
file: ./secrets/${taito_env}/${taito_project}-${taito_env}-storage.secretKey
EXAMPLE_SECRET:
file: ./secrets/${taito_env}/${taito_project}-${taito_env}-example.secret
SESSION_SECRET:
file: ./secrets/${taito_env}/${taito_project}-${taito_env}-session.secret
BASIC_AUTH_HTPASSWD:
file: ./secrets/${taito_env}/${taito_project}-${taito_env}-basic-auth.auth
networks:
default: