-
Notifications
You must be signed in to change notification settings - Fork 2
/
docker-compose.prod.yml
124 lines (105 loc) · 5.52 KB
/
docker-compose.prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
version: "3.4"
services:
traefik:
restart: unless-stopped
command:
- "--api=true"
- "--api.dashboard=true"
- "--api.insecure=false"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.http.address=:80"
# HTTPS Config
- "--entrypoints.https.address=:443"
- "--certificatesresolvers.webappresolver.acme.tlschallenge=true"
- "--certificatesresolvers.webappresolver.acme.storage=/letsencrypt/acme.json"
# Use Let's encrypt staging server
# - "--certificatesresolvers.webappresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
ports:
# The HTTPS port
- "443:443"
volumes:
# So that Traefik can persist the TLS certificate
- ./letsencrypt:/letsencrypt
labels:
# Tell traefik that this container should be exposed to the public
- "traefik.enable=true"
# Add http entrypoint (Tell where the service should be available)
- "traefik.http.routers.api.rule=Host(`traefik.minitwit.tk`)"
- "traefik.http.routers.api.entrypoints=http"
# Redirect http to https
- "traefik.http.routers.api.middlewares=redirect-https@docker"
- "traefik.http.middlewares.redirect-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.redirect-https.redirectscheme.permanent=true"
# Add https entrypoint
- "traefik.http.routers.api-secure.rule=Host(`traefik.minitwit.tk`)"
- "traefik.http.routers.api-secure.entrypoints=https"
- "traefik.http.routers.api-secure.tls.certresolver=webappresolver"
# Add authentication
- "traefik.http.routers.api-secure.service=api@internal"
- "traefik.http.routers.api-secure.middlewares=auth"
# Generate new user and password with `echo $(htpasswd -nb admin admin) | sed -e s/\\$/\\$\\$/g`
- "traefik.http.middlewares.auth.basicauth.users=admin:$$apr1$$vVJRD/Hd$$pzWF/71kOPnIfPqS6/t0D."
webapp:
restart: unless-stopped
build:
target: production
cache_from:
- jlndk/devoops:latest
environment:
- "ASPNETCORE_ENVIRONMENT=Production"
labels:
# Add http entrypoint (Tell where the service should be available)
- "traefik.http.routers.webapp.rule=Host(`minitwit.tk`)"
- "traefik.http.routers.webapp.entrypoints=http"
# Redirect http to https
- "traefik.http.routers.webapp.middlewares=redirect-https@docker"
- "traefik.http.middlewares.redirect-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.redirect-https.redirectscheme.permanent=true"
# Add https entrypoint
- "traefik.http.routers.webapp-secure.rule=Host(`minitwit.tk`)"
- "traefik.http.routers.webapp-secure.entrypoints=https"
- "traefik.http.routers.webapp-secure.tls.certresolver=webappresolver"
database:
restart: unless-stopped
prometheus:
restart: unless-stopped
grafana:
restart: unless-stopped
labels:
# Tell traefik that this container should be exposed to the public
- "traefik.enable=true"
# Tell traefik which port our container listens on
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
# Add http entrypoint (Tell where the service should be available)
- "traefik.http.routers.grafana.rule=Host(`grafana.minitwit.tk`)"
- "traefik.http.routers.grafana.entrypoints=http"
# Redirect http to https
- "traefik.http.routers.grafana.middlewares=redirect-https@docker"
- "traefik.http.middlewares.redirect-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.redirect-https.redirectscheme.permanent=true"
# Add https entrypoint
- "traefik.http.routers.grafana-secure.rule=Host(`grafana.minitwit.tk`)"
- "traefik.http.routers.grafana-secure.entrypoints=https"
- "traefik.http.routers.grafana-secure.tls.certresolver=webappresolver"
elasticsearch:
restart: unless-stopped
kibana:
restart: unless-stopped
labels:
# Tell traefik that this container should be exposed to the public
- "traefik.enable=true"
# Tell traefik which port our container listens on
- "traefik.http.services.kibana.loadbalancer.server.port=5601"
# Add http entrypoint (Tell where the service should be available)
- "traefik.http.routers.kibana.rule=Host(`kibana.minitwit.tk`)"
- "traefik.http.routers.kibana.entrypoints=http"
# Redirect http to https
- "traefik.http.routers.kibana.middlewares=redirect-https@docker"
- "traefik.http.middlewares.redirect-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.redirect-https.redirectscheme.permanent=true"
# Add https entrypoint
- "traefik.http.routers.kibana-secure.rule=Host(`kibana.minitwit.tk`)"
- "traefik.http.routers.kibana-secure.entrypoints=https"
- "traefik.http.routers.kibana-secure.tls.certresolver=webappresolver"