Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
401 lines (372 sloc) 8.92 KB
version: '3.5'
x-log-options:
&log-options
fluentd-address: 192.168.0.52:24224
fluentd-async-connect: 'true'
fluentd-sub-second-precision: 'true'
x-nfs-volume-opts:
&volume-options
type: nfs4
o: addr=192.168.0.52,rsize=8192,wsize=8192,timeo=15,hard,intr
services:
# Reverse proxy
nginx:
image: nginx:1.13.10
deploy:
replicas: 1
resources:
limits:
memory: 32M
update_config:
parallelism: 1
order: start-first
#labels:
# - routing-extra-hosts=viktoradam.net
labels:
domain.automation.signal: HUP
configs:
- source: nginx-main-config
target: /etc/nginx/nginx.conf
secrets:
- source: nginx-kibana-auth
target: /etc/auth-config/kibana.auth.conf
volumes:
- type: volume
source: nginx-config
target: /etc/nginx/conf.d
read_only: true
volume:
nocopy: true
- type: volume
source: ssl-certs
target: /etc/letsencrypt
read_only: true
volume:
nocopy: true
networks:
- web
ports:
- 80:80
- 443:443
logging:
driver: 'fluentd'
options:
<<: *log-options
tag: app.nginx
# PyGen configuration generator
nginx-pygen:
image: rycus86/docker-pygen
command: >
--template /etc/docker-pygen/templates/nginx.tmpl
--target /etc/nginx/conf.d/default.conf
--signal nginx HUP
--interval 3 10
--swarm-manager
--workers tasks.nginx-pygen-worker
deploy:
replicas: 1
resources:
limits:
memory: 32M
labels:
prometheus-job: pygen-manager-nginx
prometheus-port: 9413
environment:
DOCKER_HOST: tcp://docker-manager:2375
configs:
- source: nginx-pygen-template
target: /etc/docker-pygen/templates/nginx.tmpl
volumes:
- nginx-config:/etc/nginx/conf.d:nocopy
networks:
- default
- monitoring
- docker
logging:
driver: 'fluentd'
options:
<<: *log-options
tag: app.pygen.manager.nginx
nginx-pygen-worker:
image: rycus86/docker-pygen:worker
command: --manager nginx-pygen
read_only: true
deploy:
mode: global
resources:
limits:
memory: 32M
labels:
prometheus-job: pygen-worker-nginx
prometheus-port: 9414
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- default
- monitoring
logging:
driver: 'fluentd'
options:
<<: *log-options
tag: app.pygen.worker.nginx
# Blog
ghost:
image: ghost:1.22.8
deploy:
replicas: 1
resources:
limits:
memory: 170M
update_config:
parallelism: 1
order: start-first
placement:
constraints:
- node.labels.memory == high
labels:
routing-host: blog.viktoradam.net
routing-port: 2368
routing-max-body: 10m
environment:
- url=https://blog.viktoradam.net
- server__host=0.0.0.0
- server__port=2368
volumes:
- ghost-data:/var/lib/ghost/content/data:nocopy
- ghost-images:/var/lib/ghost/content/images:nocopy
- ghost-themes:/var/lib/ghost/content/themes:nocopy
- ghost-apps:/var/lib/ghost/content/apps:nocopy
networks:
- web
logging:
driver: 'fluentd'
options:
<<: *log-options
tag: app.web.blog
# Demo site
demo-site:
image: rycus86/demo-site
read_only: true
deploy:
replicas: 1
resources:
limits:
memory: 48M
update_config:
parallelism: 1
order: start-first
labels:
routing-host: demo.viktoradam.net
routing-port: 5000
prometheus-job: demo-site
prometheus-port: 5000
environment:
- HTTP_HOST=0.0.0.0
networks:
- web
- monitoring
logging:
driver: 'fluentd'
options:
<<: *log-options
tag: app.web.demo
# REST services
github-proxy:
image: rycus86/github-proxy
read_only: true
deploy:
replicas: 1
resources:
limits:
memory: 48M
update_config:
parallelism: 1
order: start-first
labels:
routing-host: api.viktoradam.net
routing-context: /github
routing-port: 5000
prometheus-job: github-proxy
prometheus-port: 5000
secrets:
- source: github-proxy-secrets
target: /var/secrets/secrets.env
environment:
- HTTP_HOST=0.0.0.0
networks:
- web
- monitoring
logging:
driver: 'fluentd'
options:
<<: *log-options
tag: app.github-proxy
dockerhub-proxy:
image: rycus86/dockerhub-proxy
read_only: true
deploy:
replicas: 1
resources:
limits:
memory: 48M
update_config:
parallelism: 1
order: start-first
labels:
routing-host: api.viktoradam.net
routing-context: /docker
routing-port: 5000
prometheus-job: dockerhub-proxy
prometheus-port: 5000
secrets:
- source: dockerhub-proxy-secrets
target: /var/secrets/secrets.env
environment:
- HTTP_HOST=0.0.0.0
networks:
- web
- monitoring
logging:
driver: 'fluentd'
options:
<<: *log-options
tag: app.dockerhub-proxy
# Redirect servers
redirect-server:
image: rycus86/redirect-server
read_only: true
deploy:
replicas: 1
resources:
limits:
memory: 32M
update_config:
parallelism: 1
order: start-first
labels:
routing-host: r.viktoradam.net
routing-port: 5000
prometheus-job: redirect-server
prometheus-port: 5000
secrets:
- source: redirect-server-secrets
target: /var/conf/redir/admin-config.yml
configs:
- source: redirect-server-rules
target: /var/conf/redir/static-rules.yml
environment:
- HTTP_HOST=0.0.0.0
- RULES_DIR=/var/conf/redir
- TARGET_FILE=/var/conf/rules/admin.rules
volumes:
- redirect-rules:/var/conf/rules:nocopy
networks:
- web
- monitoring
logging:
driver: 'fluentd'
options:
<<: *log-options
tag: app.redirect-server.r
# redirect-server-www:
# image: rycus86/redirect-server
# read_only: true
# deploy:
# replicas: 1
# resources:
# limits:
# memory: 32M
# update_config:
# parallelism: 1
# order: start-first
# labels:
# routing-host: www.viktoradam.net
# routing-port: 5000
# prometheus-job: redirect-server-www
# prometheus-port: 5000
# configs:
# - source: redirect-server-www
# target: /var/conf/redir/static-rules.yml
# environment:
# - HTTP_HOST=0.0.0.0
# - RULES_DIR=/var/conf/redir
# networks:
# - web
# - monitoring
# logging:
# driver: 'fluentd'
# options:
# <<: *log-options
# tag: app.redirect-server.www
configs:
nginx-main-config:
name: nginx-main-config-${NGINX_MAIN_CONFIG}
file: ./config/nginx.main.config
nginx-pygen-template:
name: pygen-nginx-${NGINX_PYGEN_TEMPLATE_CONFIG}
file: ./config/nginx.pygen.template.config
redirect-server-rules:
name: redirect-server-rules-${REDIRECT_SERVER_CONFIG}
file: ./config/redirect-server.config
redirect-server-www:
name: redirect-server-www-${REDIRECT_SERVER_WWW_CONFIG}
file: ./config/redirect-server-www.config
secrets:
nginx-kibana-auth:
name: nginx-auth-kibana-${NGINX_KIBANA_AUTH_CONF}
file: ./config/nginx.kibana.auth.conf
github-proxy-secrets:
name: github-proxy-secrets-${GITHUB_PROXY_SECRETS}
file: ./config/github-proxy.secrets
dockerhub-proxy-secrets:
name: dockerhub-proxy-secrets-${DOCKERHUB_PROXY_SECRETS}
file: ./config/dockerhub-proxy.secrets
redirect-server-secrets:
name: redirect-server-secrets-${REDIRECT_SERVER_SECRETS}
file: ./config/redirect-server.secrets
volumes:
nginx-config:
driver: local
driver_opts:
<<: *volume-options
device: :/nginx-config
ssl-certs:
driver: local
driver_opts:
<<: *volume-options
device: :/ssl-certs
ghost-data:
driver: local
driver_opts:
<<: *volume-options
device: :/ghost/data
ghost-images:
driver: local
driver_opts:
<<: *volume-options
device: :/ghost/images
ghost-themes:
driver: local
driver_opts:
<<: *volume-options
device: :/ghost/themes
ghost-apps:
driver: local
driver_opts:
<<: *volume-options
device: :/ghost/apps
redirect-rules:
driver: local
driver_opts:
<<: *volume-options
device: :/redirect-rules
networks:
web:
name: home-web
external: true
monitoring:
name: home-monitoring
external: true
docker:
name: home-docker
external: true