/
plone.org.yml
97 lines (93 loc) · 4.74 KB
/
plone.org.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
version: '3.3'
services:
frontend:
image: ghcr.io/plone/ploneorg-frontend:latest
environment:
RAZZLE_INTERNAL_API_PATH: http://backend:8080/Plone
depends_on:
- backend
networks:
- public
- ploneorg
deploy:
replicas: 2
placement:
constraints:
- node.labels.type == app
labels:
- traefik.enable=true
- traefik.docker.network=public
- traefik.constraint-label=public
# Services
- traefik.http.services.ploneorg-frontend.loadbalancer.server.port=3000
# Routers
- traefik.http.routers.ploneorg-frontend.rule=Host(`plone.org`,`beta.plone.org`)
- traefik.http.routers.ploneorg-frontend.entrypoints=https
- traefik.http.routers.ploneorg-frontend.tls=true
- traefik.http.routers.ploneorg-frontend.tls.certresolver=le
- traefik.http.routers.ploneorg-frontend.service=ploneorg-frontend
- traefik.http.routers.ploneorg-frontend.middlewares=gzip
backend:
image: ghcr.io/plone/ploneorg-backend:latest
environment:
RELSTORAGE_DSN: "dbname='${DB_NAME:-plone}' user='${DB_USER:-plone}' host='${DB_HOST:-db}' password='${DB_PASSWORD:-plone}'"
depends_on:
- db
networks:
- public
- ploneorg
deploy:
replicas: 2
placement:
constraints:
- node.labels.type == app
labels:
- traefik.enable=true
- traefik.docker.network=public
- traefik.constraint-label=public
# Services
- traefik.http.services.ploneorg-backend.loadbalancer.server.port=8080
# Middlewares
### Authentication
- traefik.http.middlewares.ploneorg-backend-auth.basicauth.users=ploneorg:$$apr1$$SAOhBRqM$$HqoYLlr//h7PfUWidoFg//
### Plone.org
- "traefik.http.middlewares.ploneorg-vhm.replacepathregex.regex=^/\\+\\+api\\+\\+($$|/.*)"
- "traefik.http.middlewares.ploneorg-vhm.replacepathregex.replacement=/VirtualHostBase/https/plone.org/Plone/++api++/VirtualHostRoot/$$1"
- "traefik.http.middlewares.ploneorg-vhm-classic.replacepathregex.regex=^/ClassicUI($$|/.*)"
- "traefik.http.middlewares.ploneorg-vhm-classic.replacepathregex.replacement=/VirtualHostBase/https/plone.org/Plone/VirtualHostRoot/_vh_ClassicUI/$$1"
### Beta.Plone.org
- "traefik.http.middlewares.betaploneorg-vhm.replacepathregex.regex=^/\\+\\+api\\+\\+($$|/.*)"
- "traefik.http.middlewares.betaploneorg-vhm.replacepathregex.replacement=/VirtualHostBase/https/beta.plone.org/Plone/++api++/VirtualHostRoot/$$1"
- "traefik.http.middlewares.betaploneorg-vhm-classic.replacepathregex.regex=^/ClassicUI($$|/.*)"
- "traefik.http.middlewares.betaploneorg-vhm-classic.replacepathregex.replacement=/VirtualHostBase/https/beta.plone.org/Plone/VirtualHostRoot/_vh_ClassicUI/$$1"
# Routers
## Plone.org
- traefik.http.routers.ploneorg-backend.rule=Host(`plone.org`) && (PathPrefix(`/++api++`))
- traefik.http.routers.ploneorg-backend.entrypoints=https
- traefik.http.routers.ploneorg-backend.tls=true
- traefik.http.routers.ploneorg-backend.service=ploneorg-backend
- traefik.http.routers.ploneorg-backend.middlewares=gzip,ploneorg-vhm
### Plone.org /ClassicUI - protected with basic auth (prevent SEOs from crawl it)
- traefik.http.routers.ploneorg-classicui.rule=Host(`plone.org`) && (PathPrefix(`/ClassicUI`))
- traefik.http.routers.ploneorg-classicui.entrypoints=https
- traefik.http.routers.ploneorg-classicui.tls=true
- traefik.http.routers.ploneorg-classicui.service=ploneorg-backend
- traefik.http.routers.ploneorg-classicui.middlewares=gzip,ploneorg-backend-auth,ploneorg-vhm-classic
## Beta.Plone.org
- traefik.http.routers.betaploneorg-backend.rule=Host(`beta.plone.org`) && (PathPrefix(`/++api++`))
- traefik.http.routers.betaploneorg-backend.entrypoints=https
- traefik.http.routers.betaploneorg-backend.tls=true
- traefik.http.routers.betaploneorg-backend.service=ploneorg-backend
- traefik.http.routers.betaploneorg-backend.middlewares=gzip,betaploneorg-vhm
### Beta.Plone.org /ClassicUI - protected with basic auth (prevent SEOs from crawl it)
- traefik.http.routers.betaploneorg-classicui.rule=Host(`beta.plone.org`) && (PathPrefix(`/ClassicUI`))
- traefik.http.routers.betaploneorg-classicui.entrypoints=https
- traefik.http.routers.betaploneorg-classicui.tls=true
- traefik.http.routers.betaploneorg-classicui.service=ploneorg-backend
- traefik.http.routers.betaploneorg-classicui.middlewares=gzip,ploneorg-backend-auth,betaploneorg-vhm-classic
networks:
public:
external: true
driver: overlay
ploneorg:
driver: overlay