| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274 |
- version: '3.8'
-
- networks:
- web-net:
- attachable: true
- driver: overlay
- db-net:
- attachable: true
- driver: overlay
- portainer-net:
- attachable: true
- driver: overlay
-
- volumes:
- web-data:
- driver: glusterfs
- name: "data/traefik"
- db-data:
- driver: glusterfs
- name: "data/mysql"
- portainer-data:
- driver: glusterfs
- name: "data/portainer"
-
- secrets:
- traefik-users:
- external: true
-
- services:
- proxy:
- image: "traefik:v2.2"
- command:
- #- "--log.level=DEBUG"
- - "--api"
- - "--api.dashboard=true"
- - "--certificatesresolvers.le.acme.httpchallenge=true"
- - "--certificatesresolvers.le.acme.httpchallenge.entrypoint=http"
- - "--entrypoints.http.address=:80"
- - "--entrypoints.https.address=:443"
- - "--certificatesresolvers.le.acme.email=daniel.huebleitner@gmail.com"
- - "--certificatesresolvers.le.acme.storage=/etc/letsencrypt/acme.json"
- # - "--certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- - "--providers.docker=true"
- - "--providers.docker.exposedbydefault=false"
- - "--providers.docker.swarmMode=true"
- - "--global.sendanonymoususage=false"
- secrets:
- - traefik-users
- ports:
- - "80:80"
- - "443:443"
- networks:
- - web-net
- volumes:
- - "web-data:/etc/letsencrypt"
- - "/var/run/docker.sock:/var/run/docker.sock:ro"
- deploy:
- mode: replicated
- replicas: 1
- update_config:
- failure_action: rollback
- order: start-first
- monitor: 60s
- rollback_config:
- failure_action: pause
- order: start-first
- monitor: 60s
- placement:
- constraints:
- - node.role==manager
- resources:
- limits:
- cpus: '0.9'
- memory: 1G
- reservations:
- cpus: '0.5'
- memory: 500M
- restart_policy:
- condition: any
- delay: 5s
- max_attempts: 10
- window: 50s
- labels:
- - traefik.enable=true
- - traefik.docker.network=armory_web-net
- - traefik.http.middlewares.admin-auth.basicauth.usersfile=/run/secrets/traefik-users
- - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- - traefik.http.routers.traefik-api-http.rule=Host(`traefik.theclassicarmory.com`)
- - traefik.http.routers.traefik-api-http.entrypoints=http
- - traefik.http.routers.traefik-api-http.middlewares=https-redirect
- - traefik.http.routers.traefik-api-https.rule=Host(`traefik.theclassicarmory.com`)
- - traefik.http.routers.traefik-api-https.entrypoints=https
- - traefik.http.routers.traefik-api-https.tls=true
- - traefik.http.routers.traefik-api-https.service=api@internal
- - traefik.http.routers.traefik-api-https.tls.certresolver=le
- - traefik.http.routers.traefik-api-https.middlewares=admin-auth
- - traefik.http.services.traefik-api.loadbalancer.server.port=8080
-
- app:
- image: hub.monkey.software/theclassicarmory.com/app:latest
- networks:
- - web-net
- - db-net
- depends_on:
- - db
- deploy:
- mode: replicated
- replicas: 1
- update_config:
- failure_action: rollback
- order: start-first
- monitor: 60s
- rollback_config:
- parallelism: 0
- failure_action: continue
- delay: 0s
- order: start-first
- monitor: 60s
- placement:
- constraints:
- - node.role==worker
- resources:
- limits:
- cpus: '1'
- memory: 1G
- reservations:
- cpus: '0.5'
- memory: 300M
- restart_policy:
- delay: 5s
- max_attempts: 10
- window: 50s
- labels:
- - traefik.enable=true
- - traefik.docker.network=armory_web-net
- - traefik.http.middlewares.armory-https-redirect.redirectscheme.scheme=https
- - traefik.http.middlewares.armory-https-redirect.redirectscheme.permanent=true
- - traefik.http.routers.armory-app-http.rule=Host(`www.theclassicarmory.com`)
- - traefik.http.routers.armory-app-http.entrypoints=http
- - traefik.http.routers.armory-app-http.middlewares=armory-https-redirect
- - traefik.http.routers.armory-app-https.rule=Host(`www.theclassicarmory.com`)
- - traefik.http.routers.armory-app-https.entrypoints=https
- - traefik.http.routers.armory-app-https.tls=true
- - traefik.http.routers.armory-app-https.tls.certresolver=le
- - traefik.http.services.armory-app.loadbalancer.server.port=8080
-
- db:
- image: mariadb:10.5.5
- environment:
- - MYSQL_ROOT_PASSWORD=evenmuchmoresecreter
- - MYSQL_PASSWORD=muchsecretwow
- - MYSQL_DATABASE=armory
- - MYSQL_USER=armory-app
- networks:
- - db-net
- volumes:
- - db-data:/var/lib/mysql
- stop_grace_period: 60s
- deploy:
- mode: replicated
- replicas: 1
- update_config:
- failure_action: rollback
- order: stop-first
- monitor: 60s
- rollback_config:
- order: start-first
- monitor: 60s
- placement:
- constraints:
- - node.role==worker
- resources:
- limits:
- cpus: '1.5'
- memory: 1.5G
- reservations:
- cpus: '0.5'
- memory: 500M
- restart_policy:
- delay: 5s
- max_attempts: 30
- window: 150s
-
- portainer-agent:
- image: portainer/agent:linux-amd64-2.0.0-alpine
- volumes:
- - "/var/run/docker.sock:/var/run/docker.sock"
- - "/var/lib/docker/volumes:/var/lib/docker/volumes"
- environment:
- AGENT_CLUSTER_ADDR: "tasks.portainer-agent"
- networks:
- - portainer-net
- deploy:
- mode: global
- update_config:
- parallelism: 1
- failure_action: rollback
- delay: 30s
- order: stop-first
- monitor: 60s
- rollback_config:
- parallelism: 0
- failure_action: continue
- delay: 0s
- order: stop-first
- monitor: 15s
- placement:
- max_replicas_per_node: 1
- constraints:
- - "node.platform.os==linux"
- - "node.platform.arch==x86_64"
- resources:
- limits:
- cpus: '0.3'
- memory: 100M
- reservations:
- cpus: '0.1'
- memory: 50M
- restart_policy:
- condition: any
- delay: 5s
- max_attempts: 10
- window: 50s
-
- portainer-server:
- image: portainer/portainer-ce:alpine
- command: -H tcp://tasks.portainer-agent:9001 --tlsskipverify
- volumes:
- - "/var/run/docker.sock:/var/run/docker.sock"
- - "portainer-data:/data"
- networks:
- - web-net
- - portainer-net
- deploy:
- mode: replicated
- replicas: 1
- update_config:
- failure_action: rollback
- order: start-first
- monitor: 60s
- rollback_config:
- parallelism: 0
- failure_action: continue
- delay: 0s
- order: start-first
- monitor: 60s
- placement:
- constraints:
- - node.role==manager
- resources:
- limits:
- cpus: '0.4'
- memory: 300M
- reservations:
- cpus: '0.2'
- memory: 100M
- restart_policy:
- delay: 5s
- max_attempts: 10
- window: 50s
- labels:
- - traefik.enable=true
- - traefik.docker.network=armory_web-net
- - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- - traefik.http.routers.portainer-app-http.rule=Host(`port.theclassicarmory.com`)
- - traefik.http.routers.portainer-app-http.entrypoints=http
- - traefik.http.routers.portainer-app-http.middlewares=https-redirect
- - traefik.http.routers.portainer-app-https.rule=Host(`port.theclassicarmory.com`)
- - traefik.http.routers.portainer-app-https.entrypoints=https
- - traefik.http.routers.portainer-app-https.tls=true
- - traefik.http.routers.portainer-app-https.tls.certresolver=le
- - traefik.http.services.portainer-app.loadbalancer.server.port=9000
|
