Update stack.production.yml
This commit is contained in:
colin
parent
a792cf8848
commit
9002915a9b
|
|
@ -1,58 +1,87 @@
|
||||||
version: '3.7'
|
version: '3'
|
||||||
|
services:
|
||||||
|
database:
|
||||||
|
image: git.nixc.us/colin/hedgedoc:production-database
|
||||||
|
environment:
|
||||||
|
- POSTGRES_USER=hedgedoc
|
||||||
|
- POSTGRES_PASSWORD=password
|
||||||
|
- POSTGRES_DB=hedgedoc
|
||||||
|
volumes:
|
||||||
|
- /mnt/tank/persist/nixc.us/hedgedoc/production/db:/var/lib/postgresql/data
|
||||||
|
deploy:
|
||||||
|
replicas: 1
|
||||||
|
placement:
|
||||||
|
constraints:
|
||||||
|
## - node.labels.role == db
|
||||||
|
- node.hostname == ingress.nixc.us
|
||||||
|
# - node.labels.mac-rack == true
|
||||||
|
labels:
|
||||||
|
- "us.nixc.autodeploy=true"
|
||||||
|
- "traefik.enable=false"
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
logging:
|
||||||
|
driver: "gelf"
|
||||||
|
options:
|
||||||
|
gelf-address: "udp://log.nixc.us:15124"
|
||||||
|
tag: "hedgedoc_database"
|
||||||
|
hedgedoc:
|
||||||
|
# Make sure to use the latest release from https://hedgedoc.org/latest-release
|
||||||
|
image: git.nixc.us/colin/hedgedoc:production-hedgedoc
|
||||||
|
environment:
|
||||||
|
# CMD_ALLOW_ANONYMOUS: "true"
|
||||||
|
CMD_ALLOW_ANONYMOUS_EDITS: "true"
|
||||||
|
CMD_ALLOW_FREEURL: "true"
|
||||||
|
CMD_DB_URL: "postgres://hedgedoc:password@hedgedoc_database:5432/hedgedoc"
|
||||||
|
CMD_DOMAIN: "hedgedoc.nixc.us"
|
||||||
|
# CMD_URL_ADDPORT: "true"
|
||||||
|
CMD_PROTOCOL_USESSL: "true"
|
||||||
|
CMD_SESSION_SECRET: "kcxFbvEv4gQeeDuXTJJDQ4Vj878C4p2AQFe9Ur33tLeUdQNzGGiQz6NAmEoxjZXH"
|
||||||
|
CMD_DB_USERNAME: "hedgedoc"
|
||||||
|
CMD_DB_PASSWORD: "password"
|
||||||
|
CMD_DB_HOST: "database"
|
||||||
|
CMD_DB_PORT: "5432"
|
||||||
|
# CMD_LDAP_URL: ldap://lldap_lldap:3890
|
||||||
|
# CMD_LDAP_BINDDN: uid=admin,ou=people,dc=nixc,dc=us
|
||||||
|
# CMD_LDAP_BINDCREDENTIALS: ehgJHdnbMvz8vEGVSYqRAC2r3WUisLxTRLnuXuXb72DEvhi8Ayzu4CQj9h2sexpX
|
||||||
|
# CMD_LDAP_SEARCHBASE: ou=people,dc=nixc,dc=us
|
||||||
|
# CMD_LDAP_SEARCHFILTER: '(&(memberOf=cn=hedgedocUsers,ou=groups,dc=nixc,dc=us)(uid={{username}}))'
|
||||||
|
# CMD_LDAP_USERIDFIELD: uid
|
||||||
|
volumes:
|
||||||
|
- /mnt/tank/persist/nixc.us/hedgedoc/production/uploads:/hedgedoc/public/uploads
|
||||||
|
# ports:
|
||||||
|
# - "3000:3000"
|
||||||
|
depends_on:
|
||||||
|
- database
|
||||||
|
deploy:
|
||||||
|
replicas: 1
|
||||||
|
placement:
|
||||||
|
constraints:
|
||||||
|
## - node.labels.role == db
|
||||||
|
- node.hostname == ingress.nixc.us
|
||||||
|
# - node.labels.mac-rack == true
|
||||||
|
labels:
|
||||||
|
- "us.nixc.autodeploy=true"
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.hedgedoc_app.tls=true"
|
||||||
|
- "traefik.http.services.hedgedoc_app.loadbalancer.server.port=3000"
|
||||||
|
- "traefik.http.routers.hedgedoc_app.rule=Host(`hedgedoc.nixc.us`)"
|
||||||
|
- "traefik.http.routers.hedgedoc_app.entrypoints=websecure"
|
||||||
|
- "traefik.http.routers.hedgedoc_app.tls.certresolver=letsencryptresolver"
|
||||||
|
- "traefik.http.routers.hedgedoc_app.service=hedgedoc_app"
|
||||||
|
- "traefik.docker.network=traefik"
|
||||||
|
# - 'traefik.http.routers.hedgedoc_app.middlewares=authelia@docker'
|
||||||
|
networks:
|
||||||
|
- default
|
||||||
|
- traefik
|
||||||
|
logging:
|
||||||
|
driver: "gelf"
|
||||||
|
options:
|
||||||
|
gelf-address: "udp://log.nixc.us:15124"
|
||||||
|
tag: "hedgedoc_app"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
traefik:
|
traefik:
|
||||||
external: true
|
external: true
|
||||||
default:
|
default:
|
||||||
driver: overlay
|
external: false
|
||||||
|
|
||||||
services:
|
|
||||||
redis:
|
|
||||||
# image: docker.io/library/redis:alpine
|
|
||||||
image: git.nixc.us/colin/searxng:production-redis
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- traefik
|
|
||||||
volumes:
|
|
||||||
- /mnt/tank/persist/nixc.us/searxng/redis:/data
|
|
||||||
deploy:
|
|
||||||
replicas: 1
|
|
||||||
placement:
|
|
||||||
constraints:
|
|
||||||
- node.hostname == ingress.nixc.us
|
|
||||||
# logging:
|
|
||||||
# driver: "gelf"
|
|
||||||
# options:
|
|
||||||
# gelf-address: "udp://log.nixc.us:15124"
|
|
||||||
# tag: "redis"
|
|
||||||
|
|
||||||
searxng:
|
|
||||||
# image: searxng/searxng:latest
|
|
||||||
image: git.nixc.us/colin/searxng:production-searxng
|
|
||||||
networks:
|
|
||||||
- default
|
|
||||||
- traefik
|
|
||||||
volumes:
|
|
||||||
- /mnt/tank/persist/nixc.us/searxng/config:/etc/searxng:rw
|
|
||||||
environment:
|
|
||||||
- SEARXNG_BASE_URL=https://searx.nixc.us
|
|
||||||
deploy:
|
|
||||||
replicas: 1
|
|
||||||
placement:
|
|
||||||
constraints:
|
|
||||||
- node.hostname == ingress.nixc.us
|
|
||||||
labels:
|
|
||||||
traefik.docker.network: traefik
|
|
||||||
traefik.enable: "true"
|
|
||||||
traefik.http.routers.production_searxng.entrypoints: websecure
|
|
||||||
traefik.http.routers.production_searxng.rule: Host(`searx.nixc.us`)
|
|
||||||
traefik.http.routers.production_searxng.tls: "true"
|
|
||||||
traefik.http.routers.production_searxng.tls.certresolver: letsencryptresolver
|
|
||||||
traefik.http.services.production_searxng.loadbalancer.server.port: '8080'
|
|
||||||
traefik.http.routers.production_searxng.service: production_searxng
|
|
||||||
traefik.tags: traefik
|
|
||||||
# logging:
|
|
||||||
# driver: "gelf"
|
|
||||||
# options:
|
|
||||||
# gelf-address: "udp://log.nixc.us:15124"
|
|
||||||
# tag: "searxng"
|
|
||||||
Loading…
Reference in New Issue