-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcompose.prod.yaml
108 lines (98 loc) · 3.49 KB
/
compose.prod.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
services:
traefik:
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
- "--entryPoints.web.http.redirections.entryPoint.to=websecure"
- "--entryPoints.web.http.redirections.entryPoint.scheme=https"
ports:
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "traefik-certificates:/letsencrypt"
restart: always
labels:
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
postgresdb:
restart: always
falak:
image: ghcr.io/jadwalapp/symmetrical-spoon/falak:main
restart: always
labels:
- "traefik.enable=true"
- "traefik.docker.network=symmetrical-spoon_web"
- "traefik.http.routers.falak.rule=Host(`${FALAK_HOST}`)"
- "traefik.http.routers.falak.entrypoints=websecure"
- "traefik.http.routers.falak.tls.certresolver=myresolver"
- "traefik.http.services.falak.loadbalancer.server.port=${FALAK_PORT}"
- "traefik.http.services.falak.loadbalancer.server.scheme=h2c"
website:
image: ghcr.io/jadwalapp/symmetrical-spoon/website:main
restart: always
labels:
- "traefik.enable=true"
- "traefik.http.routers.website.rule=Host(`${WEBSITE_HOST}`)"
- "traefik.http.routers.website.entrypoints=websecure"
- "traefik.http.routers.website.tls.certresolver=myresolver"
- "traefik.http.services.website.loadbalancer.server.port=8080"
grafana:
restart: always
labels:
- "traefik.enable=true"
- "traefik.docker.network=symmetrical-spoon_web"
- "traefik.http.routers.grafana.rule=Host(`${GRAFANA_HOST}`)"
- "traefik.http.routers.grafana.entrypoints=websecure"
- "traefik.http.routers.grafana.tls.certresolver=myresolver"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
baikal:
restart: always
labels:
- "traefik.enable=true"
- "traefik.docker.network=symmetrical-spoon_web"
- "traefik.http.routers.baikal.rule=Host(`${BAIKAL_HOST}`)"
- "traefik.http.routers.baikal.entrypoints=websecure"
- "traefik.http.routers.baikal.tls.certresolver=myresolver"
- "traefik.http.services.baikal.loadbalancer.server.port=80"
wasapp:
image: ghcr.io/jadwalapp/symmetrical-spoon/wasapp:main
restart: always
rabbitmq:
restart: always
tailscale:
image: tailscale/tailscale:latest
restart: always
hostname: batata
networks:
- web
- internal
environment:
- TS_AUTHKEY=${TS_AUTHKEY}?ephemeral=false
- TS_EXTRA_ARGS=--advertise-tags=tag:container
- TS_STATE_DIR=/var/lib/tailscale
- TS_USERSPACE=false
- TS_ROUTES=10.98.0.0/16,10.99.0.0/16
volumes:
- tailscale-state:/var/lib/tailscale
- /dev/net/tun:/dev/net/tun
cap_add:
- net_admin
volumes:
traefik-certificates:
tailscale-state:
networks:
web:
ipam:
config:
- subnet: 10.98.0.0/16
internal:
ipam:
config:
- subnet: 10.99.0.0/16