Update stack.production.yml
This commit is contained in:
parent
3ee83e344e
commit
19b24d092a
|
|
@ -6,6 +6,17 @@ services:
|
|||
template:
|
||||
image: git.nixc.us/nixius/template:production
|
||||
deploy:
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.production_template.rule=Host(`template.nixc.us`)
|
||||
- traefik.http.routers.production_template.entrypoints=websecure
|
||||
- traefik.http.routers.production_template.tls=true
|
||||
- traefik.http.routers.production_template.tls.certresolver=letsencryptresolver
|
||||
- traefik.http.services.production_template.loadbalancer.server.port=3000
|
||||
# - traefik.http.services.production_template.loadbalancer.healthcheck.path=/health
|
||||
# - traefik.http.services.production_template.loadbalancer.healthcheck.interval=30s
|
||||
# - traefik.http.services.production_template.loadbalancer.healthcheck.timeout=5s
|
||||
- traefik.http.routers.production_template.middlewares=secure-headers
|
||||
replicas: 1
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
|
|
@ -19,53 +30,4 @@ services:
|
|||
delay: 10s
|
||||
order: stop-first
|
||||
networks:
|
||||
- traefik
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.production_template.rule=Host(`template.nixc.us`)
|
||||
- traefik.http.routers.production_template.entrypoints=websecure
|
||||
- traefik.http.routers.production_template.tls=true
|
||||
- traefik.http.routers.production_template.tls.certresolver=letsencryptresolver
|
||||
- traefik.http.services.production_template.loadbalancer.server.port=3000
|
||||
# - traefik.http.services.production_template.loadbalancer.healthcheck.path=/health
|
||||
# - traefik.http.services.production_template.loadbalancer.healthcheck.interval=30s
|
||||
# - traefik.http.services.production_template.loadbalancer.healthcheck.timeout=5s
|
||||
- traefik.http.routers.production_template.middlewares=secure-headers
|
||||
|
||||
midtownplaydio:
|
||||
image: git.nixc.us/nixius/midtownplaydio:production
|
||||
networks:
|
||||
- traefik
|
||||
deploy:
|
||||
replicas: 1
|
||||
placement:
|
||||
constraints:
|
||||
- node.hostname == macmini1
|
||||
|
||||
# update_config:
|
||||
# delay: 0s
|
||||
# parallelism: 2
|
||||
# order: start-first
|
||||
labels:
|
||||
traefik.enable: "true"
|
||||
traefik.http.routers.production_midtownplaydio.rule: "Host(`midtownplaydio.nixc.us`)"
|
||||
traefik.http.routers.production_midtownplaydio.entrypoints: "websecure"
|
||||
traefik.http.routers.production_midtownplaydio.tls: "true"
|
||||
traefik.http.routers.production_midtownplaydio.tls.certresolver: "letsencryptresolver"
|
||||
traefik.http.routers.production_midtownplaydio.middlewares: "secure-headers"
|
||||
traefik.http.services.production_midtownplaydio.loadbalancer.server.port: "3000"
|
||||
traefik.docker.network: "traefik"
|
||||
# traefik.http.services.production_midtownplaydio.loadbalancer.healthcheck.path: "/health"
|
||||
# traefik.http.services.production_midtownplaydio.loadbalancer.healthcheck.interval: "30s"
|
||||
# traefik.http.services.production_midtownplaydio.loadbalancer.healthcheck.timeout: "5s"
|
||||
|
||||
# Security headers middleware
|
||||
traefik.http.middlewares.secure-headers.headers.stsSeconds: 63072000
|
||||
traefik.http.middlewares.secure-headers.headers.stsIncludeSubdomains: "true"
|
||||
traefik.http.middlewares.secure-headers.headers.stsPreload: "true"
|
||||
traefik.http.middlewares.secure-headers.headers.forceSTSHeader: "true"
|
||||
traefik.http.middlewares.secure-headers.headers.frameDeny: "true"
|
||||
traefik.http.middlewares.secure-headers.headers.contentTypeNosniff: "true"
|
||||
traefik.http.middlewares.secure-headers.headers.browserXssFilter: "true"
|
||||
traefik.http.middlewares.secure-headers.headers.referrerPolicy: "no-referrer"
|
||||
traefik.http.middlewares.secure-headers.headers.featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none'"
|
||||
- traefik
|
||||
Loading…
Reference in New Issue