-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
104 lines (104 loc) · 3.97 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
version: "3.9"
services:
api:
build:
context: api
environment:
- POSTGRES_URL=postgres://app:${POSTGRES_PASSWORD}@postgres:5432/app?sslmode=disable
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.pass-client-cert.passtlsclientcert.pem=false"
- "traefik.http.middlewares.pass-client-cert.passtlsclientcert.info.subject.commonname=true"
- "traefik.http.routers.api.entrypoints=https"
- "traefik.http.routers.api.middlewares=pass-client-cert"
- "traefik.http.routers.api.rule=Host(`${DOMAIN:-stash.localhost}`) && (PathPrefix(`/api`) || PathPrefix(`/graph`))"
- "traefik.http.routers.api.tls=true"
- "traefik.http.services.api.loadbalancer.server.scheme=https"
restart: unless-stopped
volumes:
- ./db:/db
apps-messages:
build:
context: apps/messages
labels:
- "traefik.enable=true"
- "traefik.http.routers.messages.entrypoints=https"
- "traefik.http.routers.messages.rule=Host(`${DOMAIN:-stash.localhost}`) && PathPrefix(`/apps/messages/`)"
- "traefik.http.routers.messages.tls=true"
apps-register:
build:
args:
DOMAIN: ${DOMAIN:-stash.localhost}
context: apps/register
labels:
- "traefik.enable=true"
- "traefik.http.routers.register.entrypoints=https"
- "traefik.http.routers.register.rule=Host(`register.${DOMAIN:-stash.localhost}`)"
- "traefik.http.routers.register.tls=true"
- "traefik.http.routers.register.tls.options=register@file"
domains-mail:
build:
context: domains/mail
labels:
- "traefik.enable=true"
- "traefik.http.routers.mail.entrypoints=https"
- "traefik.http.routers.mail.middlewares=pass-client-cert"
- "traefik.http.routers.mail.rule=Host(`${DOMAIN:-stash.localhost}`) && PathPrefix(`/domains/mail/`)"
- "traefik.http.routers.mail.tls=true"
- "traefik.http.services.mail.loadbalancer.server.port=4000"
- "traefik.http.services.mail.loadbalancer.server.scheme=https"
- "traefik.tcp.routers.mail.entrypoints=smtp"
- "traefik.tcp.routers.mail.rule=HostSNI(`*`)"
- "traefik.tcp.services.mail.loadbalancer.server.port=2525"
restart: unless-stopped
postgres:
environment:
- POSTGRES_DB=app
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:?}
- POSTGRES_USER=app
image: postgres:15
restart: unless-stopped
volumes:
- postgres:/var/lib/postgresql/data
router:
build:
context: router
environment:
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_HOSTED_ZONE_ID
command:
# - "--accesslog"
- "--api.insecure"
- "--certificatesresolvers.letsencrypt.acme.email=root@epiphyte.xyz"
- "--certificatesresolvers.letsencrypt.acme.storage=/db/acme/acme.json"
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=route53"
- "--entrypoints.smtp.address=:25"
- "--entrypoints.http.address=:80"
- "--entrypoints.http.http.redirections.entrypoint.to=https"
- "--entrypoints.http.http.redirections.entrypoint.scheme=https"
- "--entrypoints.https.address=:443"
- "--entrypoints.https.http.tls=true"
- "--entrypoints.https.http.tls.certresolver=${CERT_RESOLVER:-}"
- "--entrypoints.https.http.tls.domains[0].main=${DOMAIN:-stash.localhost}"
- "--entrypoints.https.http.tls.domains[0].sans=*.${DOMAIN:-stash.localhost}"
- "--log.level=${LOG_LEVEL:-INFO}"
- "--providers.docker"
- "--providers.docker.exposedbydefault=false"
- "--providers.file.filename=/etc/traefik/dynamic/config.yml"
- "--providers.file.watch=true"
- "--serverstransport.insecureskipverify=true"
labels:
- "traefik.http.routers.router.entrypoints=https"
ports:
- "25:25"
- "80:80"
- "443:443"
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./db/acme:/db/acme
- ./db/certs/public:/db/certs/public
volumes:
postgres:
driver: local