-
Notifications
You must be signed in to change notification settings - Fork 20
/
stack.yml
136 lines (128 loc) · 3.51 KB
/
stack.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
version: "3.4"
services:
postgres:
image: postgres:13.1
networks:
- main
environment:
- POSTGRES_PASSWORD
volumes:
- osdpgdata:/var/lib/postgresql/data
redis:
image: redis:6.0.9-alpine
volumes:
- osdredisdata:/data
networks:
- main
traefik:
image: traefik:v2.3.4
ports:
- "80:80"
- "443:443"
command:
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.swarmMode=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=traefik-public"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencryptresolver.acme.email=your@email.com"
- "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
volumes:
- osdletsencrypt:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik-public
deploy:
placement:
constraints:
- node.role == manager
labels:
- "traefik.enable=true"
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web,websecure"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
- "traefik.http.routers.http-catchall.service=redirect-service"
- "traefik.http.services.redirect-service.loadbalancer.server.port=80"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
backend: &backend
image: ${CI_REGISTRY_IMAGE}/backend:${CI_COMMIT_SHORT_SHA}
networks:
- main
command:
- "gunicorn"
- "-t"
- "1000"
- "-b"
- "0.0.0.0:8000"
- "--log-level"
- "info"
- "backend.wsgi"
environment:
- DJANGO_SETTINGS_MODULE=backend.settings.production
- POSTGRES_PASSWORD
- SECRET_KEY
- DEBUG
- DOMAIN_NAME
- DJANGO_SUPERUSER_EMAIL
- DJANGO_SUPERUSER_PASSWORD
- DJANGO_SUPERUSER_USERNAME
volumes:
- osdbackendassets:/code/assets
depends_on:
- postgres
- redis
- web
celery:
<<: *backend
command:
- "celery"
- "--app=backend.celery_app:app"
- "worker"
- "-Q"
- "default"
- "--concurrency=1"
- "--loglevel=INFO"
ports: []
web:
image: ${CI_REGISTRY_IMAGE}/nginx:${CI_COMMIT_SHORT_SHA}
networks:
- traefik-public
- main
volumes:
- osdbackendassets:/usr/src/app/assets
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.nginx-web.rule=Host(`${DOMAIN_NAME}`)"
- "traefik.http.routers.nginx-web.entrypoints=websecure"
- "traefik.http.routers.nginx-web.tls.certresolver=letsencryptresolver"
- "traefik.http.services.nginx-web.loadbalancer.server.port=80"
networks:
traefik-public:
external: true
main:
driver: overlay
volumes:
osdletsencrypt:
name: osdletsencrypt
driver: rexray/dobs
driver_opts:
size: 1
osdbackendassets:
name: osdbackendassets
driver: rexray/dobs
driver_opts:
size: 20
osdredisdata:
name: osdredisdata
driver: rexray/dobs
driver_opts:
size: 1
osdpgdata:
name: osdpgdata
driver: rexray/dobs
driver_opts:
size: 20