From 19b24d092a68e98a110f55f62ac759dfd638b175 Mon Sep 17 00:00:00 2001 From: colin Date: Thu, 24 Apr 2025 10:13:02 -0400 Subject: [PATCH] Update stack.production.yml --- stack.production.yml | 62 +++++++++----------------------------------- 1 file changed, 12 insertions(+), 50 deletions(-) diff --git a/stack.production.yml b/stack.production.yml index 6f0317d..84a86b2 100644 --- a/stack.production.yml +++ b/stack.production.yml @@ -6,6 +6,17 @@ services: template: image: git.nixc.us/nixius/template:production deploy: + labels: + - traefik.enable=true + - traefik.http.routers.production_template.rule=Host(`template.nixc.us`) + - traefik.http.routers.production_template.entrypoints=websecure + - traefik.http.routers.production_template.tls=true + - traefik.http.routers.production_template.tls.certresolver=letsencryptresolver + - traefik.http.services.production_template.loadbalancer.server.port=3000 + # - traefik.http.services.production_template.loadbalancer.healthcheck.path=/health + # - traefik.http.services.production_template.loadbalancer.healthcheck.interval=30s + # - traefik.http.services.production_template.loadbalancer.healthcheck.timeout=5s + - traefik.http.routers.production_template.middlewares=secure-headers replicas: 1 restart_policy: condition: on-failure @@ -19,53 +30,4 @@ services: delay: 10s order: stop-first networks: - - traefik - labels: - - traefik.enable=true - - traefik.http.routers.production_template.rule=Host(`template.nixc.us`) - - traefik.http.routers.production_template.entrypoints=websecure - - traefik.http.routers.production_template.tls=true - - traefik.http.routers.production_template.tls.certresolver=letsencryptresolver - - traefik.http.services.production_template.loadbalancer.server.port=3000 - # - traefik.http.services.production_template.loadbalancer.healthcheck.path=/health - # - traefik.http.services.production_template.loadbalancer.healthcheck.interval=30s - # - traefik.http.services.production_template.loadbalancer.healthcheck.timeout=5s - - traefik.http.routers.production_template.middlewares=secure-headers - - midtownplaydio: - image: git.nixc.us/nixius/midtownplaydio:production - networks: - - traefik - deploy: - replicas: 1 - placement: - constraints: - - node.hostname == macmini1 - - # update_config: - # delay: 0s - # parallelism: 2 - # order: start-first - labels: - traefik.enable: "true" - traefik.http.routers.production_midtownplaydio.rule: "Host(`midtownplaydio.nixc.us`)" - traefik.http.routers.production_midtownplaydio.entrypoints: "websecure" - traefik.http.routers.production_midtownplaydio.tls: "true" - traefik.http.routers.production_midtownplaydio.tls.certresolver: "letsencryptresolver" - traefik.http.routers.production_midtownplaydio.middlewares: "secure-headers" - traefik.http.services.production_midtownplaydio.loadbalancer.server.port: "3000" - traefik.docker.network: "traefik" - # traefik.http.services.production_midtownplaydio.loadbalancer.healthcheck.path: "/health" - # traefik.http.services.production_midtownplaydio.loadbalancer.healthcheck.interval: "30s" - # traefik.http.services.production_midtownplaydio.loadbalancer.healthcheck.timeout: "5s" - - # Security headers middleware - traefik.http.middlewares.secure-headers.headers.stsSeconds: 63072000 - traefik.http.middlewares.secure-headers.headers.stsIncludeSubdomains: "true" - traefik.http.middlewares.secure-headers.headers.stsPreload: "true" - traefik.http.middlewares.secure-headers.headers.forceSTSHeader: "true" - traefik.http.middlewares.secure-headers.headers.frameDeny: "true" - traefik.http.middlewares.secure-headers.headers.contentTypeNosniff: "true" - traefik.http.middlewares.secure-headers.headers.browserXssFilter: "true" - traefik.http.middlewares.secure-headers.headers.referrerPolicy: "no-referrer" - traefik.http.middlewares.secure-headers.headers.featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none'" + - traefik \ No newline at end of file