This repository has been archived by the owner on Oct 10, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
docker-compose.yaml
144 lines (142 loc) · 4.05 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
version: "3.0"
services:
proxy:
image: traefik:v2.10
command:
# Entrypoints configuration
- --entrypoints.mariadb.address=:3306
# Docker provider configuration
- --providers.docker=true
# Makes sure that services have to explicitly direct Traefik to expose them
- --providers.docker.exposedbydefault=false
# Logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
- --log.level=debug
# Enable the ping entrypoint in order to have healthcheck
- --ping
# Enable accesslog and use the correct timezone
- --accesslog=true
- --accesslog.fields.names.StartUTC=drop
ports:
- 3306:3306
environment:
- TZ=Europe/Athens
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
urescom_network:
ipv4_address: 172.16.238.5
healthcheck:
test: wget -q -O - http://localhost:8080/ping|grep -q OK || exit 1
interval: 10s
timeout: 3s
retries: 2
start_period: 3s
restart: unless-stopped
urescom:
image: ghcr.io/gunet/urescom-base:latest
restart: unless-stopped
ports:
- 80:80
- 443:443
depends_on:
db:
condition: service_healthy
env_file:
- variables.env
logging:
driver: "json-file"
options:
max-size: "25m"
max-file: "2"
volumes:
- ./institution/config/_config.php:/var/www/urescom/_config.php:ro
- ./institution/certs/privkey.pem:/etc/ssl/private/privkey.pem:ro
- ./institution/certs/server.crt:/etc/ssl/certs/server.crt:ro
- ./institution/config/acl.conf:/etc/apache2/acl.conf:ro
networks:
urescom_network:
ipv4_address: 172.16.238.10
urescom-cron:
image: ghcr.io/gunet/urescom-base:latest
restart: unless-stopped
depends_on:
db:
condition: service_healthy
env_file:
- variables.env
entrypoint: /usr/local/bin/urescom_cron.sh
healthcheck:
test: pgrep -u root urescom_cron || exit 1
interval: 10s
timeout: 3s
retries: 10
start_period: 10s
logging:
driver: "json-file"
options:
max-size: "25m"
max-file: "2"
volumes:
- ./institution/config/_config.php:/var/www/urescom/_config.php:ro
networks:
urescom_network:
ipv4_address: 172.16.238.11
db:
image: ghcr.io/gunet/urescom-mariadb:latest
restart: unless-stopped
logging:
driver: "json-file"
options:
max-size: "25m"
max-file: "2"
labels:
- traefik.enable=true
- traefik.tcp.routers.db.entrypoints=mariadb
# Allow connections from:
# * idm-gw IPs
# * GUNet main network
- traefik.tcp.routers.db.rule=ClientIP(`83.212.6.5`, `83.212.6.166`, `195.134.100.24/24`)
- traefik.tcp.services.db.loadbalancer.server.port=3306
- traefik.tcp.services.db.loadbalancer.proxyProtocol.version=2
volumes:
- db_data:/var/lib/mysql
- ./institution/certs:/certs:ro
env_file:
- variables.env
environment:
- URESCOM_IPADDR=172.16.238.10
- URESCOM_CRON_IPADDR=172.16.238.11
- TZ=Europe/Athens
command:
- --innodb-buffer-pool-size=120M
- --innodb_flush_log_at_trx_commit=2
- --wait-timeout=86400
- --max_allowed_packet=67108864
# The IP of the MariaDB proxy
# We enable the Proxy2 protocol to be able to receive
# the real client IP
- --proxy-protocol-networks=172.16.238.5
# Enable TLS
- --ssl_cert=/certs/server.crt
- --ssl_key=/certs/privkey.pem
- --ssl_ca=/certs/server.crt
healthcheck:
test: mysql --user=root --password=$$MYSQL_ROOT_PASSWORD -e 'show databases;' | grep -q $$MYSQL_DATABASE || exit 1
interval: 10s
timeout: 3s
retries: 10
start_period: 10s
depends_on:
proxy:
condition: service_healthy
networks:
urescom_network:
ipv4_address: 172.16.238.12
volumes:
db_data:
networks:
urescom_network:
ipam:
driver: default
config:
- subnet: 172.16.238.0/24