swarm-pocadec.yml

version: "3.8"

services:
  caddy:
    image: lucaslorentz/caddy-docker-proxy:ci-alpine
    # image: cdp-custom:2.7.5-alpine
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
    networks:
      - caddy-public
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      # this volume is needed to keep the certificates
      # otherwise, new ones will be re-issued upon restart
      - caddy_data:/data
    environment:
      CADDY_INGRESS_NETWORKS: caddy-public
    deploy:
      placement:
        constraints:
          - node.role == manager
      mode: replicated
      replicas: 1
      restart_policy:
        condition: any
      resources:
        reservations:
          cpus: "0.1"
          memory: 200M
      labels: # Global options
        caddy.email: ${ACME_USER_EMAIL}
        # While using the custom image with cache plugin, we need to uncomment the following labels
        # caddy.order: cache before rewrite
        # caddy.cache:


  agent:
    image: portainer/agent:latest
    environment:
      # Per Doco:"Should be equal to the service name prefixed by "tasks." when deployed inside an overlay network"
      AGENT_CLUSTER_ADDR: tasks.agent
      # AGENT_PORT: 9001
      # AGENT_SECRET: ${PORTAINER_SECRET}
      # LOG_LEVEL: debug
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    networks:
      - agent_network
    deploy:
      restart_policy:
        condition: any
      mode: global
      placement:
        constraints: 
          - node.platform.os == linux


  portainer:
    image: portainer/portainer-ce:latest
    command: -H tcp://tasks.agent:9001 --tlsskipverify --http-disabled
    #environment:
      # AGENT_SECRET: ${PORTAINER_SECRET}
      # VIRTUAL_HOST: ${PORTAINER_DOMAIN}
      # VIRTUAL_PORT: 9443
    volumes:
      - portainer_data:/data
    networks:
      - caddy-public
      - agent_network
    deploy:
      restart_policy:
        condition: any
      mode: replicated
      replicas: 1
      placement:
        constraints: 
          - ${NODE_PLACEMENT}
      labels:
        caddy_01: ${PORTAINER_DOMAIN}
        caddy_01.reverse_proxy: "{{upstreams 9443}}"
        caddy_01.reverse_proxy.transport: "http"
        caddy_01.reverse_proxy.transport.tls_insecure_skip_verify:
        # Edge
        caddy_02: http://${EDGE_DOMAIN}
        caddy_02.reverse_proxy: "{{upstreams 8000}}"


volumes:
  caddy_data:
  portainer_data:

networks:
  caddy-public:
    #driver: overlay
    external: true
  agent_network:
    #driver: overlay
    external: true