diff --git a/docker/certbot/Dockerfile b/docker/certbot/Dockerfile new file mode 100644 index 0000000..c4dc47f --- /dev/null +++ b/docker/certbot/Dockerfile @@ -0,0 +1,51 @@ +# FROM certbot/certbot:latest as dist +FROM python:3.8-alpine as dist +LABEL maintainer aynic.os +ARG DOCKER_BUILD_DIR + +# RUN pip install \ +RUN apk --no-cache add --virtual .build-deps \ + build-base \ + libffi-dev \ + && pip install \ + certbot \ + certbot-dns-azure \ +# certbot-dns-bunny \ +# certbot-dns-clouddns \ + certbot-dns-cloudflare \ +# certbot-dns-cloudxns \ + certbot-dns-digitalocean \ +# certbot-dns-dnsmadeeasy \ +# certbot-dns-dnsimple \ +# certbot-dns-gehirn \ +# certbot-dns-godaddy \ + certbot-dns-google \ + certbot-dns-infomaniak \ +# certbot-dns-inwx \ + certbot-dns-ispconfig \ +# certbot-dns-lightsail \ + certbot-dns-linode \ +# certbot-dns-luadns \ +# certbot-dns-njalla \ +# certbot-dns-nsone \ + certbot-dns-ovh \ + certbot-dns-rfc2136 \ + certbot-dns-route53 \ +# certbot-dns-sakuracloud \ + certbot-dns-standalone \ +# certbot-dns-yandexcloud \ +# certbot-ext-auth future \ + certbot-plugin-gandi \ + certbot-s3front \ +# certbot_dns_duckdns \ +# certbot_dns_porkbun \ +# letsencrypt-pritunl \ +# letsencrypt-proxmox \ + && apk del .build-deps + +COPY ${DOCKER_BUILD_DIR}/certbot-renew /etc/periodic/daily/ +COPY ${DOCKER_BUILD_DIR}/docker-entrypoint.sh /docker-entrypoint.sh +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["--help"] + +FROM dist as master diff --git a/docker/certbot/certbot-renew b/docker/certbot/certbot-renew new file mode 100755 index 0000000..1b1c550 --- /dev/null +++ b/docker/certbot/certbot-renew @@ -0,0 +1,4 @@ +#!/bin/sh + +mkdir -p /etc/letsencrypt/renewal +/usr/local/bin/certbot renew > /etc/letsencrypt/renewal/letsencrypt.log diff --git a/docker/certbot/docker-entrypoint.sh b/docker/certbot/docker-entrypoint.sh new file mode 100755 index 0000000..4b07039 --- /dev/null +++ b/docker/certbot/docker-entrypoint.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env sh +set -euo errexit + +[ -n "${DEBUG:-}" -a "${DEBUG:-}" != "false" ] && set -x + +case "${1:-start}" in + + start) + exec /usr/sbin/crond -f -L/dev/stdout + ;; + + *) + exec /usr/local/bin/certbot "$@" + ;; + +esac diff --git a/make/apps/def.docker.mk b/make/apps/def.docker.mk index d4c1d9a..bcdf92c 100644 --- a/make/apps/def.docker.mk +++ b/make/apps/def.docker.mk @@ -1,6 +1,6 @@ CMDS += docker-run docker-run-% COMPOSE_ARGS ?= --ansi auto -COMPOSE_FILE ?= $(wildcard docker/docker-compose.yml $(foreach file,$(patsubst docker/docker-compose.%,%,$(basename $(wildcard docker/docker-compose.*.yml))),$(if $(filter true,$(COMPOSE_FILE_$(file)) $(COMPOSE_FILE_$(call UPPERCASE,$(file)))),docker/docker-compose.$(file).yml))) +COMPOSE_FILE ?= $(wildcard docker-compose.yml docker/docker-compose.yml $(foreach file,$(patsubst docker/docker-compose.%,%,$(basename $(wildcard docker/docker-compose.*.yml))),$(if $(filter true,$(COMPOSE_FILE_$(file)) $(COMPOSE_FILE_$(call UPPERCASE,$(file)))),docker/docker-compose.$(file).yml))) COMPOSE_FILE_$(ENV) ?= true COMPOSE_FILE_DEBUG ?= $(if $(DEBUG),true) COMPOSE_FILE_NFS ?= $(MOUNT_NFS) diff --git a/make/def.mk b/make/def.mk index c057592..344c474 100644 --- a/make/def.mk +++ b/make/def.mk @@ -41,6 +41,7 @@ CONFIG_REPOSITORY_URI ?= $(shell printf '$(CONFIG_REPOSITORY_URL)\n' | CONFIG_REPOSITORY_URL ?= $(call pop,$(APP_UPSTREAM_REPOSITORY))/$(notdir $(CONFIG)) CONTEXT ?= ENV $(shell awk 'BEGIN {FS="="}; $$1 !~ /^(\#|$$)/ {print $$1}' .env.dist 2>/dev/null) CONTEXT_DEBUG ?= MAKEFILE_LIST DOCKER_ENV_ARGS ENV_ARGS APPS GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME MAKE_DIR MAKE_SUBDIRS MAKE_CMD_ARGS MAKE_ENV_ARGS UID USER +CERTBOT ?= DEBUG ?= DOCKER ?= $(shell type -p docker) DOMAIN ?= localhost diff --git a/stack/drone/drone.yml b/stack/drone/drone.yml index 87b11de..e596318 100644 --- a/stack/drone/drone.yml +++ b/stack/drone/drone.yml @@ -18,7 +18,7 @@ services: - DRONE_USER_FILTER=${DRONE_USER_FILTER} labels: - SERVICE_80_CHECK_TCP=true - - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-drone:80 + - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-drone-80 - SERVICE_80_TAGS=${DRONE_SERVER_SERVICE_80_TAGS} - SERVICE_443_IGNORE=true networks: diff --git a/stack/elastic/apm-server-oss.yml b/stack/elastic/apm-server-oss.yml index d712090..9f83b18 100644 --- a/stack/elastic/apm-server-oss.yml +++ b/stack/elastic/apm-server-oss.yml @@ -11,7 +11,7 @@ services: command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD} -E apm-server.register.ingest.pipeline.enabled=false labels: - SERVICE_8200_CHECK_HTTP=/ - - SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-oss:8200 + - SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-oss-8200 - SERVICE_8200_TAGS=${APM_SERVER_SERVICE_8200_TAGS} networks: - private diff --git a/stack/elastic/apm-server.yml b/stack/elastic/apm-server.yml index 7810e5b..0e374ac 100644 --- a/stack/elastic/apm-server.yml +++ b/stack/elastic/apm-server.yml @@ -6,7 +6,7 @@ services: command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD} labels: - SERVICE_8200_CHECK_HTTP=/ - - SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server:8200 + - SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-8200 - SERVICE_8200_TAGS=${APM_SERVER_SERVICE_8200_TAGS} networks: private: diff --git a/stack/elastic/elasticsearch.yml b/stack/elastic/elasticsearch.yml index 9a967ca..679b149 100644 --- a/stack/elastic/elasticsearch.yml +++ b/stack/elastic/elasticsearch.yml @@ -18,10 +18,10 @@ services: - http.cors.allow-headers=X-Requested-With,X-Auth-Token,Content-Type,Content-Length labels: - SERVICE_9200_CHECK_HTTP=/ - - SERVICE_9200_NAME=${COMPOSE_SERVICE_NAME}-elasticsearch:9200 + - SERVICE_9200_NAME=${COMPOSE_SERVICE_NAME}-elasticsearch-9200 - SERVICE_9200_TAGS=${ELASTICSEARCH_SERVICE_9200_TAGS} - SERVICE_9300_CHECK_TCP=true - - SERVICE_9300_NAME=${COMPOSE_SERVICE_NAME}-elasticsearch:9300 + - SERVICE_9300_NAME=${COMPOSE_SERVICE_NAME}-elasticsearch-9300 networks: - private - public diff --git a/stack/elastic/kibana-oss.yml b/stack/elastic/kibana-oss.yml index a4baf85..f29f32e 100644 --- a/stack/elastic/kibana-oss.yml +++ b/stack/elastic/kibana-oss.yml @@ -4,7 +4,7 @@ services: kibana-oss: labels: - SERVICE_5601_CHECK_HTTP=/app/kibana - - SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-oss:5601 + - SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-oss-5601 - SERVICE_5601_TAGS=${KIBANA_SERVICE_5601_TAGS} networks: - private diff --git a/stack/elastic/kibana.yml b/stack/elastic/kibana.yml index 4657285..a2ec2f9 100644 --- a/stack/elastic/kibana.yml +++ b/stack/elastic/kibana.yml @@ -4,7 +4,7 @@ services: kibana: labels: - SERVICE_5601_CHECK_HTTP=/app/kibana - - SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana:5601 + - SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-5601 - SERVICE_5601_TAGS=${KIBANA_SERVICE_5601_TAGS} networks: - private diff --git a/stack/grafana/grafana.yml b/stack/grafana/grafana.yml index 1953b86..c791a79 100644 --- a/stack/grafana/grafana.yml +++ b/stack/grafana/grafana.yml @@ -17,7 +17,7 @@ services: image: ${DOCKER_REPOSITORY}/grafana:${DOCKER_IMAGE_TAG} labels: - SERVICE_3000_CHECK_TCP=true - - SERVICE_3000_NAME=${COMPOSE_SERVICE_NAME}-grafana:3000 + - SERVICE_3000_NAME=${COMPOSE_SERVICE_NAME}-grafana-3000 - SERVICE_3000_TAGS=${GRAFANA_SERVICE_3000_TAGS} networks: - private diff --git a/stack/ipfs/ipfs.yml b/stack/ipfs/ipfs.yml index a649c0a..3e8807d 100644 --- a/stack/ipfs/ipfs.yml +++ b/stack/ipfs/ipfs.yml @@ -57,10 +57,10 @@ services: image: ${DOCKER_REPOSITORY}/ipfs:${DOCKER_IMAGE_TAG} labels: - SERVICE_4001_CHECK_TCP=true - - SERVICE_4001_NAME=${COMPOSE_SERVICE_NAME}-ipfs:4001 - - SERVICE_5001_NAME=${COMPOSE_SERVICE_NAME}-ipfs:5001 + - SERVICE_4001_NAME=${COMPOSE_SERVICE_NAME}-ipfs-4001 + - SERVICE_5001_NAME=${COMPOSE_SERVICE_NAME}-ipfs-5001 - SERVICE_8080_CHECK_HTTP=${IPFS_SERVICE_8080_CHECK_TCP} - - SERVICE_8080_NAME=${COMPOSE_SERVICE_NAME}-ipfs:8080 + - SERVICE_8080_NAME=${COMPOSE_SERVICE_NAME}-ipfs-8080 - SERVICE_8080_TAGS=${IPFS_SERVICE_8080_TAGS} - SERVICE_8081_IGNORE=true networks: diff --git a/stack/memcached/memcached.yml b/stack/memcached/memcached.yml index 4590ef7..850e4dc 100644 --- a/stack/memcached/memcached.yml +++ b/stack/memcached/memcached.yml @@ -5,7 +5,7 @@ services: image: memcached:alpine labels: - SERVICE_11211_CHECK_TCP=true - - SERVICE_11211_NAME=${COMPOSE_SERVICE_NAME}-memcached:11211 + - SERVICE_11211_NAME=${COMPOSE_SERVICE_NAME}-memcached-11211 networks: - private ports: diff --git a/stack/mysql/mysql.yml b/stack/mysql/mysql.yml index 8f9c961..c902a4f 100644 --- a/stack/mysql/mysql.yml +++ b/stack/mysql/mysql.yml @@ -5,7 +5,7 @@ services: environment: - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} labels: - - SERVICE_3306_NAME=${COMPOSE_SERVICE_NAME}-mysql:3306 + - SERVICE_3306_NAME=${COMPOSE_SERVICE_NAME}-mysql-3306 - SERVICE_CHECK_SCRIPT=docker-healthcheck $$SERVICE_IP networks: - private diff --git a/stack/newrelic/php-daemon.yml b/stack/newrelic/php-daemon.yml index b462dc4..e1ffef3 100644 --- a/stack/newrelic/php-daemon.yml +++ b/stack/newrelic/php-daemon.yml @@ -6,7 +6,7 @@ services: # command: "/usr/bin/newrelic-daemon --loglevel debug" labels: - SERVICE_31339_CHECK_TCP=true - - SERVICE_31339_NAME=${COMPOSE_SERVICE_NAME}-php-daemon:31339 + - SERVICE_31339_NAME=${COMPOSE_SERVICE_NAME}-php-daemon-31339 networks: - private ports: diff --git a/stack/nginx/static.yml b/stack/nginx/static.yml index 389ff7d..888d920 100644 --- a/stack/nginx/static.yml +++ b/stack/nginx/static.yml @@ -6,7 +6,7 @@ services: command: /bin/sh -c "grep autoindex /etc/nginx/conf.d/default.conf >/dev/null 2>&1 || sed -i 's|index index.html index.htm;|index index.html index.htm;\n autoindex on;|' /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'" labels: - SERVICE_80_CHECK_TCP=true - - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nginx:80 + - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nginx-80 - SERVICE_80_TAGS=${STATIC_SERVICE_80_TAGS} networks: - private diff --git a/stack/node.mk b/stack/node.mk index 2315d38..767ae14 100644 --- a/stack/node.mk +++ b/stack/node.mk @@ -2,9 +2,9 @@ CMDS += node-exec stack-node-exec node-exec:% node-ex node ?= node/node ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET4 DOCKER_INTERNAL_DOCKER_HOST -# target bootstrap-stack-node: Fire node-ssl-certs +# target bootstrap-stack-node: Fire node-certbot node-ssl-certs .PHONY: bootstrap-stack-node -bootstrap-stack-node: docker-network-create-$(DOCKER_NETWORK_PUBLIC) node-ssl-certs +bootstrap-stack-node: docker-network-create-$(DOCKER_NETWORK_PUBLIC) $(if $(CERTBOT),node-certbot) node-ssl-certs # target node: Fire stack-node-up .PHONY: node @@ -14,15 +14,63 @@ node: stack-node-up .PHONY: node-% node-%: stack-node-%; -# target node-ssl-certs: Create ${DOMAIN}.key.pem and ${DOMAIN}.crt.pem files +# target node-ssl-certs: Create invalid ${DOMAIN}/privkey.pem and ${DOMAIN}/cert.pem certificate files .PHONY: node-ssl-certs node-ssl-certs: - docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine [ -f /certs/$(DOMAIN).crt.pem -a -f /certs/$(DOMAIN).key.pem ] \ - || $(RUN) docker run --rm -e DOMAIN=$(DOMAIN) --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine sh -c "\ + docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine \ + [ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \ + || $(RUN) docker run --rm -e DOMAIN=$(DOMAIN) --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine sh -c "\ apk --no-cache add openssl \ - && { [ -f /certs/${DOMAIN}.key.pem ] || openssl genrsa -out /certs/${DOMAIN}.key.pem 2048; } \ - && openssl req -key /certs/${DOMAIN}.key.pem -out /certs/${DOMAIN}.crt.pem \ + && mkdir -p /certs/live/${DOMAIN} \ + && { [ -f /certs/live/${DOMAIN}/privkey.pem ] || openssl genrsa -out /certs/live/${DOMAIN}/privkey.pem 2048; } \ + && openssl req -key /certs/live/${DOMAIN}/privkey.pem -out /certs/live/${DOMAIN}/cert.pem \ -addext extendedKeyUsage=serverAuth \ -addext subjectAltName=DNS:${DOMAIN} \ -subj \"/C=/ST=/L=/O=/CN=${DOMAIN}\" \ -x509 -days 365" + +# target node-certbot: Create letsencrypt ${DOMAIN}/privkey.pem and ${DOMAIN}/cert.pem files +.PHONY: node-certbot +node-certbot: node-docker-build-certbot + docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine [ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \ + || $(RUN) docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ --mount source=$(NODE_DOCKER_VOLUME),target=/var/log/letsencrypt/ -e DOMAIN=$(DOMAIN) --network host node/certbot \ + --non-interactive --agree-tos --email hostmaster@${DOMAIN} certonly \ + --preferred-challenges dns --authenticator dns-standalone \ + --dns-standalone-address=0.0.0.0 \ + --dns-standalone-port=53 \ + -d ${DOMAIN} \ + -d *.${DOMAIN} + +# target node-certbot-certificates: List letsencrypt certificates +.PHONY: node-certbot-certificates +node-certbot-certificates: node-docker-build-certbot + docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ node/certbot certificates + +# target node-certbot-renew: Renew letsencrypt certificates +.PHONY: node-certbot-renew +node-certbot-renew: node-docker-build-certbot + docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ --network host node/certbot renew + +# target node-certbot-staging: Create staging letsencrypt ${DOMAIN}/privkey.pem and ${DOMAIN}/cert.pem files +.PHONY: node-certbot-staging +node-certbot-staging: node-docker-build-certbot + docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine [ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \ + || $(RUN) docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ --mount source=$(NODE_DOCKER_VOLUME),target=/var/log/letsencrypt/ -e DOMAIN=$(DOMAIN) --network host node/certbot \ + --non-interactive --agree-tos --email hostmaster@${DOMAIN} certonly \ + --preferred-challenges dns --authenticator dns-standalone \ + --dns-standalone-address=0.0.0.0 \ + --dns-standalone-port=53 \ + --staging \ + -d ${DOMAIN} \ + -d *.${DOMAIN} + +# target node-docker-build-%: Build % docker +.PHONY: node-docker-build-% +node-docker-build-%: + $(call docker-build,docker/$*,node/$*:$(DOCKER_IMAGE_TAG)) + +# target node-docker-rebuild-%: Rebuild % docker +.PHONY: node-docker-rebuild-% +node-docker-rebuild-%: + $(call make,node-docker-build-$* DOCKER_BUILD_CACHE=false) + diff --git a/stack/node/exporter/exporter.yml b/stack/node/exporter/exporter.yml index 2e0efe0..7163d01 100644 --- a/stack/node/exporter/exporter.yml +++ b/stack/node/exporter/exporter.yml @@ -7,7 +7,7 @@ services: image: google/cadvisor:latest labels: - SERVICE_8080_CHECK_TCP=true - - SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-cadvisor-exporter:8080 + - SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-cadvisor-exporter-8080 - SERVICE_8080_TAGS=${NODE_CADVISOR_EXPORTER_SERVICE_8080_TAGS} - SERVICE_9200_IGNORE=true networks: @@ -31,7 +31,7 @@ services: image: prom/node-exporter:latest labels: - SERVICE_9100_CHECK_TCP=true - - SERVICE_9100_NAME=${NODE_COMPOSE_SERVICE_NAME}-node-exporter:9100 + - SERVICE_9100_NAME=${NODE_COMPOSE_SERVICE_NAME}-node-exporter-9100 - SERVICE_9100_TAGS=${NODE_EXPORTER_SERVICE_9100_TAGS} networks: - public diff --git a/stack/node/ipfs/ipfs.yml b/stack/node/ipfs/ipfs.yml index 7d09690..8a2d771 100644 --- a/stack/node/ipfs/ipfs.yml +++ b/stack/node/ipfs/ipfs.yml @@ -57,11 +57,11 @@ services: image: ${NODE_DOCKER_REPOSITORY}/ipfs:${DOCKER_IMAGE_TAG} labels: - SERVICE_4001_CHECK_TCP=true - - SERVICE_4001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs:4001 + - SERVICE_4001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-4001 - SERVICE_5001_CHECK_TCP=true - - SERVICE_5001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs:5001 + - SERVICE_5001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-5001 - SERVICE_8080_CHECK_HTTP=${NODE_IPFS_SERVICE_8080_CHECK_TCP} - - SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs:8080 + - SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-8080 - SERVICE_8080_TAGS=${NODE_IPFS_SERVICE_8080_TAGS} - SERVICE_8081_IGNORE=true network_mode: host diff --git a/stack/node/node.yml b/stack/node/node.yml index 7c84c63..39d92f6 100644 --- a/stack/node/node.yml +++ b/stack/node/node.yml @@ -1,6 +1,19 @@ version: '3.6' services: + certbot: + build: + args: + - DOCKER_BUILD_DIR=docker/certbot + context: ../.. + dockerfile: docker/certbot/Dockerfile + command: start + container_name: ${NODE_COMPOSE_PROJECT_NAME}-certbot + image: ${NODE_DOCKER_REPOSITORY}/certbot:${DOCKER_IMAGE_TAG} + network_mode: host + restart: always + volumes: + - myos:/etc/letsencrypt consul: build: args: @@ -31,7 +44,7 @@ services: - SERVICE_8301_IGNORE=true - SERVICE_8302_IGNORE=true - SERVICE_8500_CHECK_HTTP=/v1/health/service/consul - - SERVICE_8500_NAME=${NODE_COMPOSE_SERVICE_NAME}-consul:8500 + - SERVICE_8500_NAME=${NODE_COMPOSE_SERVICE_NAME}-consul-8500 - SERVICE_8500_TAGS=${NODE_CONSUL_SERVICE_8500_TAGS} - SERVICE_8600_IGNORE=true - SERVICE_ADDRESS=${DOCKER_HOST_INET4} @@ -40,20 +53,19 @@ services: restart: always volumes: - consul:/consul/data:delegated - - myos:/certs:ro - /var/run/docker.sock:/var/run/docker.sock fabio: build: args: - DOCKER_BUILD_DIR=docker/fabio - - FABIO_VERSION=1.6.0 + - FABIO_VERSION=1.6.2 - SYSTEM=${SYSTEM} - MACHINE=${MACHINE} context: ../.. dockerfile: docker/fabio/Dockerfile container_name: ${NODE_COMPOSE_PROJECT_NAME}-fabio image: ${NODE_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG} - command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${NODE_CONSUL_HTTP_TOKEN}" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/certs/${DOMAIN}.crt.pem;key=/certs/${DOMAIN}.key.pem" + command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${NODE_CONSUL_HTTP_TOKEN}" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem;key=/etc/letsencrypt/live/${DOMAIN}/privkey.pem" depends_on: - consul extra_hosts: @@ -61,11 +73,11 @@ services: hostname: ${HOSTNAME} labels: - SERVICE_80_CHECK_TCP=true - - SERVICE_80_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio:80 + - SERVICE_80_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio-80 - SERVICE_443_CHECK_TCP=true - - SERVICE_443_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio:443 + - SERVICE_443_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio-443 - SERVICE_9998_CHECK_HTTP=/routes - - SERVICE_9998_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio:9998 + - SERVICE_9998_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio-9998 - SERVICE_9998_TAGS=${NODE_FABIO_SERVICE_9998_TAGS} - SERVICE_9999_IGNORE=true ports: @@ -76,7 +88,7 @@ services: - public restart: always volumes: - - myos:/certs:ro + - myos:/etc/letsencrypt:ro registrator: build: args: diff --git a/stack/node/portainer/portainer.yml b/stack/node/portainer/portainer.yml index 8aafdf4..4c14492 100644 --- a/stack/node/portainer/portainer.yml +++ b/stack/node/portainer/portainer.yml @@ -7,7 +7,7 @@ services: labels: - SERVICE_8000_IGNORE=true - SERVICE_9000_CHECK_HTTP=/ - - SERVICE_9000_NAME=${NODE_COMPOSE_SERVICE_NAME}-portainer:9000 + - SERVICE_9000_NAME=${NODE_COMPOSE_SERVICE_NAME}-portainer-9000 - SERVICE_9000_TAGS=${NODE_PORTAINER_SERVICE_9000_TAGS} networks: - public diff --git a/stack/node/vsftpd/vsftpd-s3.yml b/stack/node/vsftpd/vsftpd-s3.yml index 2a14461..7df5050 100644 --- a/stack/node/vsftpd/vsftpd-s3.yml +++ b/stack/node/vsftpd/vsftpd-s3.yml @@ -28,9 +28,9 @@ services: image: ${NODE_DOCKER_REPOSITORY}/vsftpd-s3:${DOCKER_IMAGE_TAG} labels: - SERVICE_21_CHECK_TCP=true - - SERVICE_21_NAME=${NODE_COMPOSE_SERVICE_NAME}-vsftpd-s3:21 + - SERVICE_21_NAME=${NODE_COMPOSE_SERVICE_NAME}-vsftpd-s3-21 - SERVICE_22_CHECK_TCP=true - - SERVICE_22_NAME=${NODE_COMPOSE_SERVICE_NAME}-vsftpd-s3:22 + - SERVICE_22_NAME=${NODE_COMPOSE_SERVICE_NAME}-vsftpd-s3-22 - SERVICE_65000_IGNORE=true security_opt: - apparmor:unconfined diff --git a/stack/portainer/portainer.yml b/stack/portainer/portainer.yml index a819994..231ff74 100644 --- a/stack/portainer/portainer.yml +++ b/stack/portainer/portainer.yml @@ -6,7 +6,7 @@ services: labels: - SERVICE_8000_IGNORE=true - SERVICE_9000_CHECK_HTTP=/ - - SERVICE_9000_NAME=${COMPOSE_SERVICE_NAME}-portainer:9000 + - SERVICE_9000_NAME=${COMPOSE_SERVICE_NAME}-portainer-9000 - SERVICE_9000_TAGS=${PORTAINER_SERVICE_9000_TAGS} networks: - public diff --git a/stack/postgres/postgres.yml b/stack/postgres/postgres.yml index a3010f5..de6c98a 100644 --- a/stack/postgres/postgres.yml +++ b/stack/postgres/postgres.yml @@ -8,7 +8,7 @@ services: - POSTGRES_USER=${POSTGRES_USER} labels: - SERVICE_5432_CHECK_TCP=true - - SERVICE_5432_NAME=${COMPOSE_SERVICE_NAME}-postgres:5432 + - SERVICE_5432_NAME=${COMPOSE_SERVICE_NAME}-postgres-5432 networks: - private ports: diff --git a/stack/prometheus/alertmanager.yml b/stack/prometheus/alertmanager.yml index 4f3e829..f4fe752 100644 --- a/stack/prometheus/alertmanager.yml +++ b/stack/prometheus/alertmanager.yml @@ -11,7 +11,7 @@ services: image: ${DOCKER_REPOSITORY}/alertmanager:${DOCKER_IMAGE_TAG} labels: - SERVICE_9093_CHECK_TCP=true - - SERVICE_9093_NAME=${COMPOSE_SERVICE_NAME}-alertmanager:9093 + - SERVICE_9093_NAME=${COMPOSE_SERVICE_NAME}-alertmanager-9093 - SERVICE_9093_TAGS=${ALERTMANAGER_SERVICE_9093_TAGS} networks: - private diff --git a/stack/prometheus/blackbox-exporter.yml b/stack/prometheus/blackbox-exporter.yml index 8a5226f..80a8529 100644 --- a/stack/prometheus/blackbox-exporter.yml +++ b/stack/prometheus/blackbox-exporter.yml @@ -10,7 +10,7 @@ services: image: ${DOCKER_REPOSITORY}/blackbox:${DOCKER_IMAGE_TAG} labels: - SERVICE_9115_CHECK_TCP=true - - SERVICE_9115_NAME=${COMPOSE_SERVICE_NAME}-blackbox:9115 + - SERVICE_9115_NAME=${COMPOSE_SERVICE_NAME}-blackbox-9115 - SERVICE_9115_TAGS=${BLACKBOX_SERVICE_9115_TAGS} networks: - private diff --git a/stack/prometheus/es-exporter.yml b/stack/prometheus/es-exporter.yml index 48eb195..188257e 100644 --- a/stack/prometheus/es-exporter.yml +++ b/stack/prometheus/es-exporter.yml @@ -11,7 +11,7 @@ services: image: ${DOCKER_REPOSITORY}/es-exporter:${DOCKER_IMAGE_TAG} labels: - SERVICE_9206_CHECK_TCP=true - - SERVICE_9206_NAME=${COMPOSE_SERVICE_NAME}-es-exporter:9206 + - SERVICE_9206_NAME=${COMPOSE_SERVICE_NAME}-es-exporter-9206 - SERVICE_9206_TAGS=${ES_EXPORTER_SERVICE_9206_TAGS} networks: - private diff --git a/stack/prometheus/prometheus.yml b/stack/prometheus/prometheus.yml index 09c8ce6..6ed6877 100644 --- a/stack/prometheus/prometheus.yml +++ b/stack/prometheus/prometheus.yml @@ -12,7 +12,7 @@ services: image: ${DOCKER_REPOSITORY}/prometheus:${DOCKER_IMAGE_TAG} labels: - SERVICE_9090_CHECK_TCP=true - - SERVICE_9090_NAME=${COMPOSE_SERVICE_NAME}-prometheus:9090 + - SERVICE_9090_NAME=${COMPOSE_SERVICE_NAME}-prometheus-9090 - SERVICE_9090_TAGS=${PROMETHEUS_SERVICE_9090_TAGS} networks: - private diff --git a/stack/rabbitmq/rabbitmq.yml b/stack/rabbitmq/rabbitmq.yml index b1cb9db..4562a53 100644 --- a/stack/rabbitmq/rabbitmq.yml +++ b/stack/rabbitmq/rabbitmq.yml @@ -7,10 +7,10 @@ services: - SERVICE_4369_IGNORE=true - SERVICE_5671_IGNORE=true - SERVICE_5672_CHECK_TCP=true - - SERVICE_5672_NAME=${COMPOSE_SERVICE_NAME}-rabbitmq:5672 + - SERVICE_5672_NAME=${COMPOSE_SERVICE_NAME}-rabbitmq-5672 - SERVICE_15671_IGNORE=true - SERVICE_15672_CHECK_HTTP=/ - - SERVICE_15672_NAME=${COMPOSE_SERVICE_NAME}-rabbitmq:15672 + - SERVICE_15672_NAME=${COMPOSE_SERVICE_NAME}-rabbitmq-15672 - SERVICE_15672_TAGS=${RABBITMQ_SERVICE_15672_TAGS} - SERVICE_25672_IGNORE=true networks: diff --git a/stack/redis/redis.yml b/stack/redis/redis.yml index e25f4b1..c84c567 100644 --- a/stack/redis/redis.yml +++ b/stack/redis/redis.yml @@ -6,7 +6,7 @@ services: command: redis-server --appendonly yes labels: - SERVICE_6379_CHECK_TCP=true - - SERVICE_6379_NAME=${COMPOSE_SERVICE_NAME}-redis:6379 + - SERVICE_6379_NAME=${COMPOSE_SERVICE_NAME}-redis-6379 networks: - private ports: diff --git a/stack/redmine/redmine.yml b/stack/redmine/redmine.yml index b7cbb97..21b7f60 100644 --- a/stack/redmine/redmine.yml +++ b/stack/redmine/redmine.yml @@ -23,7 +23,7 @@ services: - TZ=Europe/Paris labels: - SERVICE_80_CHECK_TCP=true - - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine:80 + - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine-80 - SERVICE_80_TAGS=${REDMINE_SERVICE_80_TAGS} - SERVICE_443_IGNORE=true networks: diff --git a/stack/redmine/redmine3.yml b/stack/redmine/redmine3.yml index 7a65f37..7a2a323 100644 --- a/stack/redmine/redmine3.yml +++ b/stack/redmine/redmine3.yml @@ -16,7 +16,7 @@ services: - TZ=Europe/Paris labels: - SERVICE_80_CHECK_TCP=true - - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine3:80 + - SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine3-80 - SERVICE_80_TAGS=${REDMINE3_SERVICE_80_TAGS} - SERVICE_443_IGNORE=true networks: diff --git a/stack/theia/theia.yml b/stack/theia/theia.yml index 22ffb7c..209c332 100644 --- a/stack/theia/theia.yml +++ b/stack/theia/theia.yml @@ -24,7 +24,7 @@ services: image: ${DOCKER_REPOSITORY}/theia:${DOCKER_IMAGE_TAG} labels: - SERVICE_3000_CHECK_TCP=true - - SERVICE_3000_NAME=${COMPOSE_SERVICE_NAME}-theia:3000 + - SERVICE_3000_NAME=${COMPOSE_SERVICE_NAME}-theia-3000 - SERVICE_3000_TAGS=${THEIA_SERVICE_3000_TAGS} networks: - private