forked from studentinovisad/indexomator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.prod.yml
93 lines (93 loc) · 3.19 KB
/
docker-compose.prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
services:
crowdsec:
image: docker.io/crowdsecurity/crowdsec:v1.6.4
environment:
COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules
CUSTOM_HOSTNAME: crowdsec
BOUNCER_KEY_TRAEFIK: ${BOUNCER_KEY_TRAEFIK}
volumes:
- './acquis.yaml:/etc/crowdsec/acquis.yaml:ro,z'
- 'traefik-logs-vol:/var/log/traefik:ro,z'
- 'crowdsec-db-vol:/var/lib/crowdsec/data:Z'
- 'crowdsec-conf-vol:/etc/crowdsec:Z'
labels:
- 'traefik.enable=false'
networks:
- internal
restart: unless-stopped
traefik:
depends_on:
- crowdsec
image: docker.io/library/traefik:v3.2.2
command:
- '--accesslog'
- '--accesslog.filepath=/var/log/traefik/access.log'
- '--providers.docker=true'
- '--providers.docker.exposedbydefault=false'
- '--entrypoints.web.address=:80'
- '--entrypoints.web.http.redirections.entrypoint.to=websecure'
- '--entrypoints.web.http.redirections.entrypoint.scheme=https'
- '--entrypoints.websecure.address=:443'
- '--certificatesresolvers.letsencrypt.acme.email=cert@${DOMAIN}'
- '--certificatesresolvers.letsencrypt.acme.storage=acme/acme.json'
- '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web'
- '--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin'
- '--experimental.plugins.bouncer.version=v1.3.5'
ports:
- '80:80'
- '443:443'
volumes:
- '/var/run/docker.sock:/var/run/docker.sock:ro,z'
- 'traefik-logs-vol:/var/log/traefik:z'
- 'traefik-acme-vol:/acme:Z'
networks:
- internal
restart: unless-stopped
app:
depends_on:
- postgres
build:
context: .
dockerfile: docker/node.Dockerfile
environment:
ORIGIN: ${ORIGIN}
DATABASE_URL: ${DATABASE_URL}
SECRET: ${SECRET}
PUBLIC_INDEX_REGEX: ${PUBLIC_INDEX_REGEX}
networks:
- internal
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.app.rule=Host(`${DOMAIN}`)'
- 'traefik.http.routers.app.middlewares=crowdsec@docker'
- 'traefik.http.middlewares.crowdsec.plugin.bouncer.enabled=true'
- 'traefik.http.middlewares.crowdsec.plugin.bouncer.crowdsecmode=stream'
- 'traefik.http.middlewares.crowdsec.plugin.bouncer.crowdseclapikey=${BOUNCER_KEY_TRAEFIK}'
- 'traefik.http.middlewares.crowdsec.plugin.bouncer.crowdsecappsecenabled=true'
- 'traefik.http.routers.app.entrypoints=websecure'
- 'traefik.http.routers.app.tls=true'
- 'traefik.http.routers.app.tls.certresolver=letsencrypt'
- 'traefik.http.services.app.loadbalancer.server.port=3000'
restart: unless-stopped
postgres:
build:
context: .
dockerfile: docker/postgres.Dockerfile
ports:
- 5432:5432
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
volumes:
- './database:/var/lib/postgresql/data:z'
networks:
- internal
restart: unless-stopped
networks:
internal:
volumes:
crowdsec-db-vol:
crowdsec-conf-vol:
traefik-logs-vol:
traefik-acme-vol: