/
production.yml
160 lines (148 loc) · 4.69 KB
/
production.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
version: '3.9'
volumes:
production_postgres_data: {}
production_postgres_data_backups: {}
new_prod_media: {}
# prod_media:
# external: true
# name: prod_media
services:
django: &django
build:
context: .
dockerfile: ./compose/production/django/Dockerfile
image: app_production_django
depends_on:
- postgres
- redis
env_file:
- ./.envs/.production/.django
- ./.envs/.production/.postgres
command: /start
networks:
- front
- back
restart: unless-stopped
expose:
- 5000
labels:
- "traefik.enable=true"
- "traefik.http.routers.django.priority=10"
# Asociates router with your specific domain or subdomain and websecure (https)
- "traefik.http.routers.django.rule=Host(`${DOMAIN}`) || Host(`www.${DOMAIN}`)"
- "traefik.http.routers.django.entrypoints=websecure"
# Enables tls
- "traefik.http.routers.django.tls=true"
# Asociation with resolver (see static.yml file)
- "traefik.http.routers.django.tls.certresolver=letsencrypt"
# add security middleware
- "traefik.http.routers.django.middlewares=custom-redirect@file,security-headers,gzip"
# Set default options (see dynamic.yaml for this)
- "traefik.http.routers.django.tls.options=default"
# loadbalancer
- "traefik.http.services.django.loadbalancer.server.port=5000"
- "traefik.docker.network=front"
volumes:
# - prod_media:/app/app/media:z
- new_prod_media:/app/app/media:z
# - ./app/media:/app/app/media:z
postgres:
build:
context: .
dockerfile: ./compose/production/postgres/Dockerfile
image: app_production_postgres
volumes:
- production_postgres_data:/var/lib/postgresql/data:Z
- production_postgres_data_backups:/backups:z
env_file:
- ./.envs/.production/.postgres
networks:
- back
restart: unless-stopped
labels:
- traefik.enable=false
redis:
image: redis:5.0
networks:
- back
labels:
- traefik.enable=false
celeryworker:
<<: *django
image: app_production_celeryworker
command: /start-celeryworker
networks:
- back
labels:
- traefik.enable=false
celerybeat:
<<: *django
image: app_production_celerybeat
command: /start-celerybeat
networks:
- back
labels:
- traefik.enable=false
flower:
<<: *django
image: app_production_flower
command: /start-flower
networks:
- front
- back
labels:
- "traefik.enable=true"
# - "traefik.http.routers.flower.priority=20"
# Asociates router with your specific domain or subdomain and websecure (https)
# - "traefik.http.routers.flower.rule=Host(`flower.${DOMAIN}`)"
# - "traefik.http.routers.flower.entrypoints=websecure"
# Asociates flower router with your specific port (https)
- "traefik.http.routers.flower.rule=Host(`${DOMAIN}`)"
- "traefik.http.routers.flower.entrypoints=flower"
# Enables tls
- "traefik.http.routers.flower.tls=true"
# Asociation with resolver (see static.yml file)
- "traefik.http.routers.flower.tls.certresolver=letsencrypt"
# add security middleware
- "traefik.http.routers.flower.middlewares=security-headers"
# Set default options (see dynamic.yaml for this)
- "traefik.http.routers.flower.tls.options=default"
# loadbalancer
- "traefik.http.services.flower.loadbalancer.server.port=5555"
- "traefik.docker.network=front"
expose:
- 5555
nginx:
image: nginx:1.20-alpine
container_name: prod_media_nginx
volumes:
# - prod_media:/usr/share/nginx/media:z
- new_prod_media:/usr/share/nginx/media
# - ./app/media:/usr/share/nginx/media
- ./compose/production/nginx:/etc/nginx/conf.d
# - ./log/nginx:/var/log/nginx
expose:
- 80
labels:
- "traefik.enable=true"
- "traefik.docker.network=front"
- "traefik.http.routers.nginx.priority=70"
- "traefik.http.routers.nginx.rule=(Host(`${DOMAIN}`) || Host(`www.${DOMAIN}`)) && PathPrefix(`/media`)"
# - "traefik.http.routers.nginx.rule=PathPrefix(`/media`)"
- "traefik.http.routers.nginx.entrypoints=websecure"
- "traefik.http.routers.nginx.tls=true"
- "traefik.http.routers.nginx.tls.certresolver=letsencrypt"
- "traefik.http.routers.nginx.middlewares=custom-redirect@file,security-headers,gzip"
- "traefik.http.routers.nginx.tls.options=default"
- "traefik.http.services.nginx.loadbalancer.server.port=80"
restart: unless-stopped
depends_on:
- django
networks:
- front
networks:
front:
external:
name: front
back:
name: back