Update stack.production.yml
This commit is contained in:
colin
parent
b30ac45e02
commit
3be5bb26d6
|
|
@ -1,60 +1,14 @@
|
||||||
version: "3.9"
|
version: "3.9"
|
||||||
services:
|
services:
|
||||||
#############
|
netdata:
|
||||||
#############
|
image: git.nixc.us/colin/netdata:production-parent
|
||||||
#############
|
|
||||||
technitium:
|
|
||||||
# container_name: dns-server
|
|
||||||
# hostname: dns-server
|
|
||||||
image: git.nixc.us/nixius/technitium:production
|
|
||||||
# Use "host" network mode for DHCP deployments
|
|
||||||
# network_mode: "host"
|
|
||||||
# ports:
|
|
||||||
# - target: "53"
|
|
||||||
# published: "53"
|
|
||||||
# protocol: "udp"
|
|
||||||
# mode: "host"
|
|
||||||
ports:
|
|
||||||
- published: 53
|
|
||||||
target: 53
|
|
||||||
protocol: udp
|
|
||||||
mode: host
|
|
||||||
- published: 53
|
|
||||||
target: 53
|
|
||||||
protocol: tcp
|
|
||||||
mode: host
|
|
||||||
# - published: 853
|
|
||||||
# target: 853
|
|
||||||
# protocol: both
|
|
||||||
# mode: host
|
|
||||||
# - "5380:5380/tcp" #DNS web console
|
|
||||||
# Re-enable port 53 when theres an obvious place to put this service.
|
|
||||||
# - "53:53/udp" #DNS service
|
|
||||||
# - "53:53/tcp" #DNS service
|
|
||||||
# - "67:67/udp" #DHCP service
|
|
||||||
# - "853:853/tcp" #DNS-over-TLS service
|
|
||||||
# - "443:443/tcp" #DNS-over-HTTPS service
|
|
||||||
# - "80:80/tcp" #DNS-over-HTTPS service certbot certificate renewal
|
|
||||||
# - "8053:8053/tcp" #DNS-over-HTTPS using reverse proxy
|
|
||||||
environment:
|
environment:
|
||||||
- DNS_SERVER_DOMAIN=technitium.nixc.us #The primary domain name used by this DNS Server to identify itself.
|
- VIRTUAL_HOST=netdata.nixc.us
|
||||||
# - DNS_SERVER_ADMIN_PASSWORD=password #DNS web console admin user password.
|
- VIRTUAL_PORT=19999
|
||||||
# - DNS_SERVER_ADMIN_PASSWORD_FILE=password.txt #The path to a file that contains a plain text password for the DNS web console admin user.
|
|
||||||
# - DNS_SERVER_PREFER_IPV6=false #DNS Server will use IPv6 for querying whenever possible with this option enabled.
|
|
||||||
- DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP=false #Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx.
|
|
||||||
- DNS_SERVER_RECURSION=AllowOnlyForPrivateNetworks #Recursion options: Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworks.
|
|
||||||
# - DNS_SERVER_RECURSION_DENIED_NETWORKS=1.1.1.0/24 #Comma separated list of IP addresses or network addresses to deny recursion. Valid only for `UseSpecifiedNetworks` recursion option.
|
|
||||||
- DNS_SERVER_RECURSION_ALLOWED_NETWORKS=127.0.0.1, 192.168.1.0/24, 100.64.0.0/24 #Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworks` recursion option.
|
|
||||||
# - DNS_SERVER_ENABLE_BLOCKING=false #Sets the DNS server to block domain names using Blocked Zone and Block List Zone.
|
|
||||||
# - DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT=false #Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests.
|
|
||||||
- DNS_SERVER_FORWARDERS=1.1.1.1, 8.8.8.8 #Comma separated list of forwarder addresses.
|
|
||||||
# - DNS_SERVER_FORWARDER_PROTOCOL=Tcp #Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson
|
|
||||||
# - DNS_SERVER_LOG_USING_LOCAL_TIME=true #Enable this option to use local time instead of UTC for logging.
|
|
||||||
volumes:
|
volumes:
|
||||||
- /mnt/tank/persist/nixc.us/ns1/production/config:/etc/dns
|
- /proc:/host/proc:ro
|
||||||
# restart: unless-stopped
|
- /sys:/host/sys:ro
|
||||||
# volumes:
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
# config:
|
|
||||||
networks:
|
networks:
|
||||||
- traefik
|
- traefik
|
||||||
dns:
|
dns:
|
||||||
|
|
@ -64,35 +18,15 @@ services:
|
||||||
replicas: 1
|
replicas: 1
|
||||||
placement:
|
placement:
|
||||||
constraints:
|
constraints:
|
||||||
- node.hostname == ingress.nixc.us
|
- node.hostname == macmini7
|
||||||
labels:
|
labels:
|
||||||
# - "us.nixc.autodeploy=true"
|
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.production_technitium.tls=true"
|
- "traefik.http.routers.production-netdata.rule=Host(`netdata.nixc.us`)"
|
||||||
- "traefik.http.services.production_technitium.loadbalancer.server.port=5380"
|
- "traefik.http.services.production-netdata.loadbalancer.server.port=19999"
|
||||||
- "traefik.http.routers.production_technitium.rule=Host(`technitium.nixc.us`)"
|
- "traefik.http.routers.production-netdata.entrypoints=websecure"
|
||||||
- "traefik.http.routers.production_technitium.entrypoints=websecure"
|
- "traefik.http.routers.production-netdata.tls.certresolver=letsencryptresolver"
|
||||||
- "traefik.http.routers.production_technitium.tls.certresolver=letsencryptresolver"
|
- "traefik.http.routers.production-netdata.service=production-netdata"
|
||||||
- "traefik.http.routers.production_technitium.service=production_technitium"
|
|
||||||
- "traefik.docker.network=traefik"
|
- "traefik.docker.network=traefik"
|
||||||
- 'traefik.http.routers.production_technitium.middlewares=authelia_authelia@docker'
|
|
||||||
|
|
||||||
update_config:
|
|
||||||
order: stop-first
|
|
||||||
failure_action: rollback
|
|
||||||
delay: 5s
|
|
||||||
delay: 10s
|
|
||||||
parallelism: 1
|
|
||||||
restart_policy:
|
|
||||||
condition: on-failure
|
|
||||||
logging:
|
|
||||||
driver: "gelf"
|
|
||||||
options:
|
|
||||||
gelf-address: "udp://log.nixc.us:15124"
|
|
||||||
tag: "production_technitium_technitium"
|
|
||||||
networks:
|
networks:
|
||||||
traefik:
|
traefik:
|
||||||
external: true
|
external: true
|
||||||
# default:
|
|
||||||
# external: false
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue