umap/compose.yml at master · hotosm/umap · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
services:
  db:
    container_name: hotumap-db
    healthcheck:
        test: [ "CMD-SHELL", "pg_isready -U postgres" ]
        interval: 2s
    image: postgis/postgis:14-3.5-alpine
    environment:
      - POSTGRES_DB=${UMAP_DB_NAME:-postgres}
      - POSTGRES_USER=${UMAP_DB_USER:-postgres}
      - POSTGRES_PASSWORD=${UMAP_DB_PASSWORD:-123456}
    volumes:
      - umap_db_volume:/var/lib/postgresql/data

  app:
    image: ghcr.io/hotosm/hotosm-umap:latest
    deploy:
      replicas: ${APP_REPLICAS:-4}
      resources:
        limits:
          cpus: ${APP_CPUS:-0.8}
          memory: ${APP_MEM:-3072M}
        reservations:
          cpus: "0.1"
          memory: ${APP_MEM_RES:-512M}
    environment:
      - UMAP_SITE_URL=${UMAP_SITE_URL:-http://127.0.0.1:8001/}
      - UMAP_SETTINGS=/app/settings.py
      - UMAP_SECRET_KEY=${UMAP_SECRET_KEY:-somelonghash}
      - UMAP_DB_HOST=${UMAP_DB_HOST:-db}
      - UMAP_DB_NAME=${UMAP_DB_NAME:-postgres}
      - UMAP_DB_USER=${UMAP_DB_USER:-postgres}
      - UMAP_DB_PASSWORD=${UMAP_DB_PASSWORD:-123456}
      - PGPASSWORD=${UMAP_DB_PASSWORD:-123456}
      - UMAP_OSM_KEY=${UMAP_OSM_KEY}
      - DEBUG=${DEBUG:-true}
      - UMAP_OSM_SECRET=${UMAP_OSM_SECRET}
      - UMAP_SOCIAL_AUTH_REDIRECT_IS_HTTPS=${UMAP_SOCIAL_AUTH_REDIRECT_IS_HTTPS:-False}
      - S3_ACCESS_KEY=${S3_ACCESS_KEY}
      - S3_SECRET_KEY=${S3_SECRET_KEY}
      - S3_SECURITY_TOKEN=${S3_SECURITY_TOKEN:-}
      - S3_BUCKET_NAME=${S3_BUCKET_NAME:-}
      - S3_ENDPOINT_URL=${S3_ENDPOINT_URL:-}
      - ENABLE_S3_STORAGE=${ENABLE_S3_STORAGE:-False}
      - ALLOWED_HOSTS=${ALLOWED_HOSTS:-localhost,127.0.0.1,52.20.59.8}
      - SITE_DOMAIN=${SITE_DOMAIN:-localhost,127.0.0.1}
      - CSRF_TRUSTED_ORIGINS=${CSRF_TRUSTED_ORIGINS:-http://localhost,http://127.0.0.1}
      - REALTIME_ENABLED=${REALTIME_ENABLED:-False}
      # Hanko SSO
      - AUTH_PROVIDER=${AUTH_PROVIDER:-legacy}
      - HANKO_API_URL=${HANKO_API_URL:-https://login.hotosm.org}
      - JWT_ISSUER=${JWT_ISSUER:-https://login.hotosm.org}
      - LOGIN_URL=${LOGIN_URL:-https://login.hotosm.org}
      - COOKIE_SECRET=${COOKIE_SECRET}
      - COOKIE_DOMAIN=${COOKIE_DOMAIN:-.hotosm.org}
      - COOKIE_SECURE=${COOKIE_SECURE:-true}
      - ADMIN_EMAILS=${ADMIN_EMAILS:-}
    volumes:
      - ./data:/app/umap/var/data
      - static_volume:/app/static
      - icons_volume:/app/custom/icons
    restart: always
    depends_on:
      db:
          condition: service_healthy

  nginx:
      image: nginx:latest
      restart: always
      ports:
        - "80:80"
        - "443:443"
      volumes:
        - ./nginx/conf.d:/etc/nginx/conf.d
        - ./certbot/www:/var/www/certbot
        - ./certbot/conf:/etc/letsencrypt
        - static_volume:/app/static
        - icons_volume:/app/custom/icons/
      depends_on:
        - app

volumes:
  umap_db_volume:
  static_volume:
  icons_volume: