generated from Nixius/template
82 lines
2.9 KiB
YAML
82 lines
2.9 KiB
YAML
networks:
|
|
traefik:
|
|
external: true
|
|
default:
|
|
|
|
services:
|
|
template:
|
|
image: git.nixc.us/colin/template:staging
|
|
deploy:
|
|
replicas: 1
|
|
restart_policy:
|
|
condition: on-failure
|
|
max_attempts: 3
|
|
update_config:
|
|
parallelism: 1
|
|
delay: 10s
|
|
order: start-first
|
|
rollback_config:
|
|
parallelism: 1
|
|
delay: 10s
|
|
order: stop-first
|
|
networks:
|
|
- traefik
|
|
labels:
|
|
traefik.enable: true
|
|
traefik.http.routers.staging_template.rule: Host(`staging.template.nixc.us`)
|
|
traefik.http.routers.staging_template.entrypoints: websecure
|
|
traefik.http.routers.staging_template.tls: true
|
|
traefik.http.routers.staging_template.tls.certresolver: letsencryptresolver
|
|
traefik.http.services.staging_template.loadbalancer.server.port: 3000
|
|
# traefik.http.services.staging_template.loadbalancer.healthcheck.path: /health
|
|
# traefik.http.services.staging_template.loadbalancer.healthcheck.interval: 30s
|
|
# traefik.http.services.staging_template.loadbalancer.healthcheck.timeout: 5s
|
|
|
|
n8n:
|
|
image: git.nixc.us/colin/n8n:staging
|
|
deploy:
|
|
replicas: 1
|
|
restart_policy:
|
|
condition: on-failure
|
|
max_attempts: 3
|
|
update_config:
|
|
parallelism: 1
|
|
delay: 10s
|
|
order: start-first
|
|
rollback_config:
|
|
parallelism: 1
|
|
delay: 10s
|
|
order: stop-first
|
|
networks:
|
|
- traefik
|
|
environment:
|
|
N8N_HOST: ${N8N_HOST:-staging-n8n.nixc.us}
|
|
N8N_PORT: 5678
|
|
N8N_PROTOCOL: ${N8N_PROTOCOL:-https}
|
|
NODE_ENV: production
|
|
volumes:
|
|
- n8n_data:/home/node/.n8n
|
|
labels:
|
|
traefik.enable: true
|
|
traefik.http.routers.staging_n8n.rule: Host(`staging-n8n.nixc.us`)
|
|
traefik.http.routers.staging_n8n.entrypoints: websecure
|
|
traefik.http.routers.staging_n8n.tls: true
|
|
traefik.http.routers.staging_n8n.tls.certresolver: letsencryptresolver
|
|
traefik.http.services.staging_n8n.loadbalancer.server.port: 5678
|
|
traefik.http.routers.staging_n8n.middlewares: secure-headers
|
|
traefik.docker.network: traefik
|
|
# Security headers middleware
|
|
traefik.http.middlewares.secure-headers.headers.stsSeconds: 63072000
|
|
traefik.http.middlewares.secure-headers.headers.stsIncludeSubdomains: true
|
|
traefik.http.middlewares.secure-headers.headers.stsPreload: true
|
|
traefik.http.middlewares.secure-headers.headers.forceSTSHeader: true
|
|
traefik.http.middlewares.secure-headers.headers.frameDeny: true
|
|
traefik.http.middlewares.secure-headers.headers.contentTypeNosniff: true
|
|
traefik.http.middlewares.secure-headers.headers.browserXssFilter: true
|
|
traefik.http.middlewares.secure-headers.headers.referrerPolicy: no-referrer
|
|
traefik.http.middlewares.secure-headers.headers.featurePolicy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none'
|
|
|
|
volumes:
|
|
n8n_data:
|
|
driver: local
|