-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
176 lines (168 loc) · 4.43 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
# https://docs.docker.com/compose/overview/
# https://docs.docker.com/compose/compose-file/
# https://dev.to/domysee/setting-up-a-reverse-proxy-with-nginx-and-docker-compose-29jg
version: "3.6"
services:
bd-redis:
build: ./better-dating-caching
image: skivol/better-dating-cache:latest
container_name: "bd-prod-redis"
volumes:
- better-dating-cache-volume:/data
deploy:
resources:
limits:
cpus: "0.75"
memory: 200M
reservations:
cpus: "0.10"
memory: 150M
restart_policy:
condition: any
delay: 5s
max_attempts: 2
window: 120s
bd-postgres:
build: ./better-dating-database
image: skivol/better-dating-database:latest
container_name: "bd-prod-postgres"
volumes:
- better-dating-data-volume:/pgdata
- better-dating-postgres-shm-volume:/dev/shm
environment:
POSTGRES_DB: "${BD_DB:?No BD_DB (database name) specified}"
POSTGRES_USER: "${BD_DB_USER:?No BD_DB_USER (database user name) specified}"
POSTGRES_PASSWORD_FILE: "/run/secrets/db_password"
PGDATA: /pgdata
deploy:
resources:
limits:
cpus: "0.75"
memory: 256M
reservations:
cpus: "0.25"
memory: 128M
restart_policy:
condition: any
delay: 5s
max_attempts: 2
window: 120s
secrets:
- db_password
bd-backend:
build: ./better-dating-backend
image: skivol/better-dating-backend:latest
container_name: "bd-prod-backend"
environment:
DB_USER: "${BD_DB_USER}"
DB_PASSWORD_FILE: "/run/secrets/db_password"
DB_HOST: "better-dating_bd-postgres"
DB_NAME: "${BD_DB}"
MAIL_USER: "${BD_MAIL_USER}"
MAIL_PASSWORD_FILE: "/run/secrets/mail_password"
FACEBOOK_CLIENT_ID: "${FACEBOOK_CLIENT_ID}"
FACEBOOK_CLIENT_SECRET: "${FACEBOOK_CLIENT_SECRET}"
VK_CLIENT_ID: "${VK_CLIENT_ID}"
VK_CLIENT_SECRET: "${VK_CLIENT_SECRET}"
MAPBOX_ACCESS_TOKEN_PUBLIC: "${MAPBOX_ACCESS_TOKEN_PUBLIC}"
MAPBOX_ACCESS_TOKEN_PRIVATE: "${MAPBOX_ACCESS_TOKEN_PRIVATE}"
GOOGLE_ACCESS_TOKEN: "${GOOGLE_ACCESS_TOKEN}"
# DEBUG: "${DEBUG}"
dns: 8.8.8.8
depends_on:
- bd-postgres
volumes:
- better-dating-backend-logs-volume:/logs
deploy:
resources:
limits:
cpus: "0.75"
memory: 300M
reservations:
cpus: "0.25"
memory: 250M
restart_policy:
condition: any
delay: 10s
max_attempts: 2
window: 120s
secrets:
- db_password
- mail_password
# https://docs.docker.com/compose/compose-file/#healthcheck
# https://stackoverflow.com/questions/47520941/healthcheck-dockerfile-vs-docker-compose-yml
bd-frontend:
build: ./better-dating-frontend
image: skivol/better-dating-ui:latest
container_name: "bd-prod-frontend"
deploy:
resources:
limits:
cpus: "0.75"
memory: 250M
reservations:
cpus: "0.25"
memory: 150M
restart_policy:
condition: any
delay: 10s
max_attempts: 2
window: 120s
bd-reverse-proxy:
build: ./better-dating-proxy
image: skivol/better-dating-proxy:latest
container_name: "bd-prod-reverse-proxy"
ports:
- "80:80"
- "443:443"
volumes:
- better-dating-reverse-proxy-logs-volume:/logs
depends_on:
- bd-backend
- bd-frontend
deploy:
resources:
limits:
cpus: "0.75"
memory: 50M
reservations:
cpus: "0.10"
memory: 20M
restart_policy:
condition: any
delay: 10s
max_attempts: 2
window: 120s
secrets:
- source: ssl_certificate
# https://ru.wikipedia.org/wiki/Chmod
mode: 0644
- source: ssl_certificate_key
mode: 0600
- source: dhparam
mode: 0644
volumes:
better-dating-cache-volume:
better-dating-data-volume:
better-dating-postgres-shm-volume:
driver_opts:
type: tmpfs
device: tmpfs
o: "size=256m"
better-dating-reverse-proxy-logs-volume:
better-dating-backend-logs-volume:
secrets:
ssl_certificate:
external: true
ssl_certificate_key:
external: true
dhparam:
external: true
db_password:
external: true
mail_password:
external: true
networks:
default:
driver: overlay
attachable: true