-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathdocker-compose.prod.yml
138 lines (122 loc) · 5.8 KB
/
docker-compose.prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
version: "3.3"
services:
proxy:
ports:
- "80:80"
- "443:443"
volumes:
- ./acme.json:/certificates/acme.json
command:
- --providers.docker
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --certificatesresolvers.le.acme.email=${NS_ECOTEKA_PROXY_CERTIFICATESRESOLVERS_LE_ACME_EMAIL}
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
- --accesslog
- --log
labels:
# Global redirection: http to https
- traefik.http.routers.web-catchall.rule=HostRegexp(`{host:(www\.)?.+}`)
- traefik.http.routers.web-catchall.entrypoints=web
- traefik.http.routers.web-catchall.middlewares=wwwtohttps
# Global redirection: https (www.) to https
- traefik.http.routers.wwwsecure-catchall.rule=HostRegexp(`{host:(www\.).+}`)
- traefik.http.routers.wwwsecure-catchall.entrypoints=websecure
- traefik.http.routers.wwwsecure-catchall.tls=true
- traefik.http.routers.wwwsecure-catchall.middlewares=wwwtohttps
# Redirection ecoteka.natural-solutions.eu to ecoteka.org
- traefik.http.routers.natural-solutions.rule=Host(`ecoteka.natural-solutions.eu`)
- traefik.http.routers.natural-solutions.entrypoints=websecure
- traefik.http.routers.natural-solutions.tls=true
- traefik.http.routers.natural-solutions.middlewares=nstoecoteka
# Middleware: http(s)://(www.) to https://
- traefik.http.middlewares.wwwtohttps.redirectregex.regex=^https?://(?:www\.)?(.+)
- traefik.http.middlewares.wwwtohttps.redirectregex.replacement=https://$${1}
- traefik.http.middlewares.wwwtohttps.redirectregex.permanent=true
# Middlewate: http(s)://ecoteka.natural-solutions.eu to https://
- traefik.http.middlewares.nstoecoteka.redirectregex.regex=^https?://(?:www\.)?(.+)
- traefik.http.middlewares.nstoecoteka.redirectregex.replacement=https://${NS_ECOTEKA_DOMAIN_NAME}
- traefik.http.middlewares.nstoecoteka.redirectregex.permanent=true
# Let's Encrypt
- traefik.http.services.proxy.loadbalancer.server.port=80
- traefik.http.routers.wwwsecure.tls.domains[0].main=${NS_ECOTEKA_DOMAIN_NAME}
- traefik.http.routers.wwwsecure.tls.domains[0].sans=www.${NS_ECOTEKA_DOMAIN_NAME}
- traefik.http.routers.wwwsecure.tls.domains[1].main=ecoteka.natural-solutions.eu
- traefik.http.routers.wwwsecure.tls.domains[2].main=${NS_ECOTEKA_STUDIO_DOMAIN_NAME}
- traefik.http.routers.wwwsecure.tls.certresolver=le
db_backups:
image: prodrigestivill/postgres-backup-local
restart: always
networks:
- traefik
volumes:
- ${NS_ECOTEKA_DB_BACKUPS_VOLUME_PATH}:/backups
environment:
- POSTGRES_HOST=db
- POSTGRES_DB=${NS_ECOTEKA_DB_NAME}
- POSTGRES_USER=${NS_ECOTEKA_DB_USER}
- POSTGRES_PASSWORD=${NS_ECOTEKA_DB_PASSWORD}
- POSTGRES_EXTRA_OPTS=-Z9 --schema=public --blobs
- SCHEDULE=${NS_ECOTEKA_DB_BACKUPS_SCHEDULE}
- BACKUP_KEEP_DAYS=${NS_ECOTEKA_DB_BACKUPS_BACKUP_KEEP_DAYS}
- BACKUP_KEEP_WEEKS=${NS_ECOTEKA_DB_BACKUPS_BACKUP_KEEP_WEEKS}
- BACKUP_KEEP_MONTHS=${NS_ECOTEKA_DB_BACKUPS_BACKUP_KEEP_MONTHS}
- HEALTHCHECK_PORT=${NS_ECOTEKA_DB_BACKUPS_HEALTHCHECK_PORT}
files_backups:
image: registry.gitlab.com/natural-solutions/docker-duplicity
restart: always
networks:
- traefik
volumes:
- ${NS_ECOTEKA_FILES_BACKUPS_SRC}:/home/duplicity/src
- ${NS_ECOTEKA_FILES_BACKUPS_TARGET}:/home/duplicity/backup
- ./scripts/files_backup.sh:/backup.sh
environment:
- HEALTHCHECK_PORT=${NS_ECOTEKA_DB_BACKUPS_HEALTHCHECK_PORT}
backend:
image: ${NS_ECOTEKA_BACKEND_IMAGE}
labels:
- traefik.http.routers.backend.entrypoints=websecure
- traefik.http.routers.backend.tls=true
- traefik.http.routers.backend.rule=Host(`${NS_ECOTEKA_STUDIO_DOMAIN_NAME}`) && PathPrefix(`${NS_ECOTEKA_BACKEND_BASE_PATH}`)
celery_worker:
image: ${NS_ECOTEKA_BACKEND_IMAGE}
frontend:
image: ${NS_ECOTEKA_FRONTEND_IMAGE}
labels:
- traefik.http.routers.frontend.entrypoints=websecure
- traefik.http.routers.frontend.tls=true
- traefik.http.routers.frontend.rule=Host(`${NS_ECOTEKA_STUDIO_DOMAIN_NAME}`) && PathPrefix(`/`)
- traefik.http.services.frontend.loadbalancer.server.port=3000
osm_thumbnails:
image: ${NS_ECOTEKA_OSM_THUMBNAILS_IMAGE}
labels:
- traefik.http.routers.osm_thumbnails.entrypoints=websecure
- traefik.http.routers.osm_thumbnails.tls=true
- traefik.http.routers.osm_thumbnails.rule=Host(`${NS_ECOTEKA_STUDIO_DOMAIN_NAME}`) && PathPrefix(`/osm_thumbnails`)
- traefik.http.services.osm_thumbnails.loadbalancer.server.port=3000
tile_server:
labels:
- traefik.http.routers.tile_server.entrypoints=websecure
- traefik.http.routers.tile_server.tls=true
- traefik.http.routers.tile_server.rule=Host(`${NS_ECOTEKA_STUDIO_DOMAIN_NAME}`) && PathPrefix(`/tiles`)
meilisearch:
labels:
- traefik.http.routers.meilisearch.entrypoints=websecure
- traefik.http.routers.meilisearch.tls=true
- traefik.http.routers.meilisearch.rule=Host(`${NS_ECOTEKA_STUDIO_DOMAIN_NAME}`) && PathPrefix(`/meilisearch`)
environment:
- MEILI_ENV=production
- MEILI_MASTER_KEY=${NS_ECOTEKA_MEILISEARCH_MASTER_KEY}
osm:
image: ${NS_ECOTEKA_OSM_IMAGE}
volumes:
- ${NS_ECOTEKA_TILE_SERVER_PUBLIC_FOLDER}:/data
landing_page:
labels:
- traefik.http.routers.landing_page.entrypoints=websecure
- traefik.http.routers.landing_page.tls=true
- traefik.http.services.landing_page.loadbalancer.server.port=3000
- traefik.http.routers.landing_page.rule=Host(`${NS_ECOTEKA_DOMAIN_NAME}`) && PathPrefix(`/`)