-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdocker-compose.yml
147 lines (140 loc) · 4.95 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
version: '3.8'
services:
watchtower:
image: containrrr/watchtower
command:
- "--label-enable"
- "--interval"
- "30"
- "--rolling-restart"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
reverse-proxy:
image: traefik:v3.1
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--entrypoints.web.address=:80"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=bioit@gen-era.com.tr"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.websecure.transport.respondingTimeouts.readTimeout=1200s"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`traefik.cnvcanvas.com`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.tls.certresolver=myresolver"
ports:
- "80:80"
- "443:443"
volumes:
- letsencrypt:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock
canvas:
image: ghcr.io/gen-era/canvas:latest
command: bash /app/start.sh
environment:
- HOST_NAME=cnvcanvas.com
- SECRET_KEY=django-insecure-ax7b&dz))k(q0x+p=5f6wh0y@3k9nd=uu=!h6tmh&95xm(me@+
- DEBUG=False
- MINIO_STORAGE_USE_HTTPS=False
- MINIO_STORAGE_ENDPOINT=minio:9000
- MINIO_STORAGE_ACCESS_KEY=minio
- MINIO_STORAGE_SECRET_KEY=minio123
- MINIO_STORAGE_STATIC_URL=https://minio.cnvcanvas.com/canvas-static
- MINIO_STORAGE_MEDIA_URL=https://minio.cnvcanvas.com/canvas
- SQL_ENGINE=django.db.backends.postgresql
- SQL_DATABASE=canvasdb
- SQL_USER=canvas
- SQL_PASSWORD=canvaspass
- SQL_HOST=db
- SQL_PORT=5432
labels:
- "traefik.http.routers.canvas.rule=Host(`cnvcanvas.com`)"
- "traefik.enable=true"
- "traefik.http.routers.canvas.entrypoints=websecure"
- "traefik.http.routers.canvas.tls.certresolver=myresolver"
- "com.centurylinklabs.watchtower.enable=true"
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=5000000000" # Set max request body size (5 GB)
- "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=100000000" # Buffer to disk after 100 MB
- "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=5000000000" # Set max response size (5 GB)
- "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=100000000" # Buffer response to disk after 100 MB
- "traefik.http.routers.canvas.middlewares=limit@docker"
deploy:
mode: replicated
replicas: 3
restart: always
expose:
- 8000
depends_on:
db:
condition: service_healthy
minio:
condition: service_healthy
volumes:
- /home/canvas/canvas-keys:/root/.ssh
db:
image: postgres
restart: always
user: postgres
environment:
- POSTGRES_DB=canvasdb
- POSTGRES_USER=canvas
- POSTGRES_PASSWORD=canvaspass
volumes:
- db-data:/var/lib/postgresql/data
expose:
- 5432
healthcheck:
test: [ "CMD", "pg_isready" ]
interval: 10s
timeout: 5s
retries: 5
minio:
image: minio/minio:latest
environment:
- MINIO_ACCESS_KEY_FILE=/run/secrets/minio-access-key
- MINIO_SECRET_KEY_FILE=/run/secrets/minio-secret-key
- MINIO_BROWSER_REDIRECT_URL=https://admin.minio.cnvcanvas.com
command: server /data --console-address ":9001" --address ":9000"
labels:
- "traefik.enable=true"
- "traefik.http.routers.minio.service=minio"
- "traefik.http.routers.minio.rule=Host(`minio.cnvcanvas.com`)"
- "traefik.http.routers.minio.entrypoints=websecure"
- "traefik.http.routers.minio.tls.certresolver=myresolver"
- "traefik.http.services.minio.loadbalancer.server.port=9000"
- "traefik.http.routers.minio-admin.service=minio-admin"
- "traefik.http.routers.minio-admin.rule=Host(`admin.minio.cnvcanvas.com`)"
- "traefik.http.routers.minio-admin.entrypoints=websecure"
- "traefik.http.routers.minio-admin.tls.certresolver=myresolver"
- "traefik.http.services.minio-admin.loadbalancer.server.port=9001"
expose:
- 9000
- 9001
volumes:
- minio-data:/data
secrets:
- minio-access-key
- minio-secret-key
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 10s
retries: 3
volumes:
db-data:
letsencrypt:
minio-data:
secrets:
db-password:
file: db/password.txt
minio-access-key:
file: minio/access-key.txt
minio-secret-key:
file: minio/secret-key.txt