fix: docke swarm stack

This commit is contained in:
Urko. 2023-12-25 10:00:11 +01:00
parent 16af429a64
commit f1e55131d9
1 changed files with 52 additions and 90 deletions

View File

@ -1,109 +1,71 @@
---
version: "3.7" version: "3.7"
services: services:
traefik: traefik:
image: traefik:v2.9.1 image: traefik:v2.9.1
networks: networks:
ocis-net: - web
aliases:
- ${OCIS_DOMAIN:-ocis.owncloud.test}
command: command:
- "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}" - --log.level=INFO
# letsencrypt configuration - --api.dashboard=true
- "--certificatesResolvers.http.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}" - --api.insecure=false
- "--certificatesResolvers.http.acme.storage=/certs/acme.json" - --providers.docker=true
- "--certificatesResolvers.http.acme.httpChallenge.entryPoint=http" - --providers.docker.swarmMode=true
# enable dashboard - --providers.docker.exposedByDefault=false
- "--api.dashboard=true" - --entrypoints.web.address=:80
# define entrypoints - --entrypoints.websecure.address=:443
- "--entryPoints.http.address=:80" - --certificatesresolvers.mytlschallenge.acme.tlschallenge=true
- "--entryPoints.http.http.redirections.entryPoint.to=https" - --certificatesresolvers.mytlschallenge.acme.email=${TRAEFIK_ACME_MAIL}
- "--entryPoints.http.http.redirections.entryPoint.scheme=https" - --certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json
- "--entryPoints.https.address=:443"
# docker provider (get configuration from container labels)
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedByDefault=false"
# access log
- "--accessLog=true"
- "--accessLog.format=json"
- "--accessLog.fields.headers.names.X-Request-Id=keep"
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
volumes: volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro" - /var/run/docker.sock:/var/run/docker.sock:ro
- "certs:/certs" - traefik_certs:/letsencrypt
deploy:
labels: labels:
- "traefik.enable=${TRAEFIK_DASHBOARD:-false}" - traefik.enable=true
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin - traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN}`)
- "traefik.http.routers.traefik.entrypoints=https" - traefik.http.routers.traefik.service=api@internal
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)" - traefik.http.routers.traefik.entrypoints=websecure
- "traefik.http.routers.traefik.middlewares=traefik-auth" - traefik.http.routers.traefik.tls.certresolver=mytlschallenge
- "traefik.http.routers.traefik.tls.certresolver=http" placement:
- "traefik.http.routers.traefik.service=api@internal" constraints:
logging: - node.role==manager
driver: "local" restart_policy:
restart: always condition: on-failure
ocis: ocis:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} image: owncloud/ocis:${OCIS_DOCKER_TAG}
networks: networks:
ocis-net: - web
entrypoint:
- /bin/sh
# run ocis init to initialize a configuration file with random secrets
# it will fail on subsequent runs, because the config file already exists
# therefore we ignore the error and then start the ocis server
command: ["-c", "ocis init || true; ocis server"]
environment: environment:
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_URL: https://${OCIS_DOMAIN}
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL}
OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_LOG_COLOR: ${OCIS_LOG_COLOR}
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS PROXY_TLS: "false"
# make settings service available to oCIS Hello
SETTINGS_GRPC_ADDR: 0.0.0.0:9191 SETTINGS_GRPC_ADDR: 0.0.0.0:9191
# INSECURE: needed if oCIS / Traefik is using self generated certificates OCIS_INSECURE: ${OCIS_INSECURE}
OCIS_INSECURE: "${INSECURE:-false}" PROXY_ENABLE_BASIC_AUTH: ${PROXY_ENABLE_BASIC_AUTH}
# basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect) IDM_ADMIN_PASSWORD: ${ADMIN_PASSWORD}
PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" IDM_CREATE_DEMO_USERS: ${DEMO_USERS}
# admin user password
IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file
# demo users
IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
# password policies
OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt"
volumes: volumes:
- ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt - ./config/ocis:/etc/ocis
- ./config/ocis/proxy.yaml:/etc/ocis/proxy.yaml - ocis_data:/var/lib/ocis
- ./config/ocis/web.yaml:/etc/ocis/web.yaml deploy:
- ocis-config:/etc/ocis
- ocis-data:/var/lib/ocis
labels: labels:
- "traefik.enable=true" - traefik.enable=true
- "traefik.http.routers.ocis.entrypoints=https" - traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN}`)
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`)" - traefik.http.routers.ocis.entrypoints=websecure
- "traefik.http.routers.ocis.tls.certresolver=http" - traefik.http.routers.ocis.tls.certresolver=mytlschallenge
- "traefik.http.routers.ocis.service=ocis" restart_policy:
- "traefik.http.services.ocis.loadbalancer.server.port=9200" condition: on-failure
logging:
driver: "local"
restart: always
ocis-hello:
image: owncloud/ocis-hello:${OCIS_HELLO_DOCKER_TAG:-latest}
networks: networks:
ocis-net: web:
environment: external: true
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-info}
logging:
driver: "local"
restart: always
volumes: volumes:
certs: traefik_certs:
ocis-config: ocis_data:
ocis-data:
networks:
ocis-net: