parent
1d1b5156bc
commit
2dec68807e
|
@ -1,19 +1,6 @@
|
|||
index index.php index.html index.htm;
|
||||
try_files $uri $uri/ index.php$uri =404;
|
||||
|
||||
location ~ ^(.+\.php)(.*)$ {
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_pass php;
|
||||
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
||||
include fastcgi_params;
|
||||
try_files $uri index.php =404;
|
||||
}
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ /ip(f|n)s {
|
||||
proxy_pass http://$host:8080;
|
||||
}
|
||||
|
|
|
@ -27,7 +27,7 @@ bootstrap-docker: install-bin-docker setup-docker-group setup-binfmt setup-nfsd
|
|||
|
||||
# target bootstrap-stack: Call bootstrap target of each stack
|
||||
.PHONY: bootstrap-stack
|
||||
bootstrap-stack: docker-network debug-STACK $(foreach stack,$(STACK),bootstrap-stack-$(subst /,-,$(stack)) debug-$(stack))
|
||||
bootstrap-stack: docker-network debug-STACK $(foreach stack,$(STACK),bootstrap-stack-$(subst /,-,$(firstword $(subst :, ,$(stack)))) debug-$(firstword $(subst :, ,$(stack))))
|
||||
|
||||
# target build: Build application docker images to run
|
||||
# on local host
|
||||
|
|
|
@ -45,7 +45,7 @@ DOCKER_PLUGIN_S3FS_OPTIONS ?= allow_other,nonempty,use_path_request_style,u
|
|||
DOCKER_PLUGIN_S3FS_SECRETKEY ?= $(AWS_SECRET_ACCESS_KEY)
|
||||
DOCKER_PLUGIN_S3FS_REGION ?= eu-west-1
|
||||
DOCKER_PLUGIN_VARS ?= S3FS_ACCESSKEY S3FS_OPTIONS S3FS_SECRETKEY S3FS_REGION
|
||||
DOCKER_REGISTRY ?= $(DOMAIN)
|
||||
DOCKER_REGISTRY ?= $(DOMAINNAME)
|
||||
DOCKER_REGISTRY_USERNAME ?= $(USER)
|
||||
DOCKER_REGISTRY_REPOSITORY ?= $(addsuffix /,$(DOCKER_REGISTRY))$(subst $(USER),$(DOCKER_REGISTRY_USERNAME),$(DOCKER_REPOSITORY))
|
||||
DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(COMPOSE_PROJECT_NAME)))
|
||||
|
|
|
@ -29,11 +29,11 @@ NFS_CONFIG ?= addr=$(NFS_HOST),actimeo=3,intr,noacl,noatime
|
|||
NFS_HOST ?= host.docker.internal
|
||||
SERVICES ?= $(DOCKER_SERVICES)
|
||||
|
||||
tagprefix = $(call urlprefix,$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_PATH)),$($(call UPPERCASE,$(1)_SERVICE_PATH))),$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_OPTS)),$($(call UPPERCASE,$(1)_SERVICE_OPTS)),$(call envprefix,$(1),$(2),auth proto)),$(or $(foreach env,$(3),$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env)))),$($(call UPPERCASE,$(1)_SERVICE_$(2)_URIS)),$(call uriprefix,$(1),$(2))))
|
||||
tagprefix = $(call urlprefix,$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_PATH)),$($(call UPPERCASE,$(1)_SERVICE_PATH))),$(or $($(call UPPERCASE,$(1)_SERVICE_$(2)_OPTS)),$($(call UPPERCASE,$(1)_SERVICE_OPTS)),$(call envprefix,$(1),$(2),allow auth deny preprend proto register strip)),$(or $(foreach env,$(3),$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env)))),$($(call UPPERCASE,$(1)_SERVICE_$(2)_URIS)),$(call uriprefix,$(1),$(2))))
|
||||
envprefix = $(foreach env,$(3),$(if $($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env))),$(env)=$($(call UPPERCASE,$(1)_SERVICE_$(2)_$(env)))))
|
||||
patsublist = $(patsubst $(1),$(2),$(firstword $(3)))$(foreach pattern,$(wordlist 2,16,$(3)),$(comma)$(patsubst $(1),$(2),$(pattern)))
|
||||
servicenvs = $(foreach env,$(call UPPERCASE,$($(1)_SERVICE_$(2)_ENVS)),$(if $(3),$($(1)_SERVICE_$(env)_$(3)),$($(1)_SERVICE_$(2)_$(env))))
|
||||
uriprefix = $(foreach svc,$(1),$(patsubst %,$(addsuffix .,$(or $($(call UPPERCASE,$(svc)_SERVICE_$(2)_NAME)),$($(call UPPERCASE,$(svc)_SERVICE_NAME)),$(svc)))%,$(APP_URIS)))
|
||||
uriprefix = $(foreach svc,$(1),$(patsubst %,$(addsuffix .,$(or $($(call UPPERCASE,$(svc)_SERVICE_$(2)_NAME)),$($(call UPPERCASE,$(svc)_SERVICE_NAME)),$(svc)))%,$(or $(3),$(APP_URIS))))
|
||||
url_suffix = *
|
||||
urlprefix = $(strip $(call patsublist,%,urlprefix-%$(1)$(url_suffix) $(2),$(or $(3),$(APP_URIS))))
|
||||
urlprefixs = $(strip $(call urlprefix,$(firstword $(1)),$(wordlist 2,16,$(1)))$(foreach prefix,$(subst $(space),$(dollar),$(2)) $(subst $(space),$(dollar),$(3)) $(subst $(space),$(dollar),$(4)),$(comma)$(call subst,$(dollar),$(space),$(call urlprefix,$(firstword $(prefix)),$(wordlist 2,16,$(prefix))))))
|
||||
|
|
|
@ -7,7 +7,7 @@ ifeq ($(SETUP_UFW),true)
|
|||
define ufw
|
||||
$(call INFO,ufw,$(1)$(comma))
|
||||
$(call app-bootstrap,ufw-docker)
|
||||
$(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
|
||||
$(eval DOCKER_COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
|
||||
$(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw $(1))
|
||||
endef
|
||||
|
||||
|
@ -15,7 +15,7 @@ endef
|
|||
define ufw-docker
|
||||
$(call INFO,ufw-docker,$(1)$(comma))
|
||||
$(call app-bootstrap,ufw-docker)
|
||||
$(eval COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
|
||||
$(eval DOCKER_COMPOSE_PROJECT_NAME := $(HOST_COMPOSE_PROJECT_NAME))
|
||||
$(call app-exec,,$(if $(DOCKER_RUN),,$(SUDO)) ufw-docker $(1))
|
||||
endef
|
||||
|
||||
|
|
|
@ -56,7 +56,7 @@ docker-compose-exec:
|
|||
# target docker-compose-logs: Call docker-compose logs SERVICE
|
||||
.PHONY: docker-compose-logs
|
||||
docker-compose-logs:
|
||||
$(call docker-compose,logs -f --tail=100 $(if $(filter $(SERVICE),$(SERVICES)),$(SERVICE))) || true
|
||||
$(call docker-compose,logs -f --tail=100 $(if $(filter $(SERVICE),$(SERVICES)),$(SERVICE)))
|
||||
|
||||
# target docker-compose-ps: Call docker-compose ps
|
||||
.PHONY: docker-compose-ps
|
||||
|
|
|
@ -25,11 +25,11 @@ HOST_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(HOST_COMPOSE_PROJEC
|
|||
HOST_DOCKER_VOLUME ?= $(HOST_COMPOSE_PROJECT_NAME)
|
||||
HOST_GID ?= 100
|
||||
HOST_UID ?= 123
|
||||
RESU_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER_COMPOSE_PROJECT_NAME)))
|
||||
RESU_DOCKER_REPOSITORY ?= $(subst -,/,$(USER_COMPOSE_PROJECT_NAME))
|
||||
STACK_HOST ?= $(filter host,$(firstword $(subst /, ,$(STACK))))
|
||||
STACK_USER ?= $(filter User,$(firstword $(subst /, ,$(STACK))))
|
||||
USER_COMPOSE_PROJECT_NAME ?= $(strip $(RESU))
|
||||
USER_COMPOSE_SERVICE_NAME ?= $(subst _,-,$(subst .,-,$(USER_COMPOSE_PROJECT_NAME)))
|
||||
USER_COMPOSE_PROJECT_NAME ?= $(subst .,-,$(RESU))
|
||||
USER_COMPOSE_SERVICE_NAME ?= $(USER_COMPOSE_PROJECT_NAME)
|
||||
USER_DOCKER_IMAGE ?= $(USER_DOCKER_REPOSITORY):${DOCKER_IMAGE_TAG}
|
||||
USER_DOCKER_NAME ?= $(USER_COMPOSE_PROJECT_NAME)
|
||||
USER_DOCKER_REPOSITORY ?= $(subst -,/,$(subst _,/,$(USER)))
|
||||
|
|
28
make/def.mk
28
make/def.mk
|
@ -43,7 +43,8 @@ CONTEXT ?= ENV $(shell awk 'BEGIN {FS="="}; $$1 !~ /^(\#
|
|||
CONTEXT_DEBUG ?= MAKEFILE_LIST DOCKER_ENV_ARGS ENV_ARGS APPS GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME MAKE_DIR MAKE_SUBDIRS MAKE_CMD_ARGS MAKE_ENV_ARGS UID USER
|
||||
DEBUG ?=
|
||||
DOCKER ?= $(shell type -p docker)
|
||||
DOMAIN ?= localhost
|
||||
DOMAIN ?= $(or $(shell dnsdomainname 2>/dev/null),$(shell hostname -d 2>/dev/null),$(shell hostname -f | sed -n 's/[^\.]*\.\([^/ ]*\).*/\1/p'), localhost)
|
||||
DOMAINNAME ?= $(firstword $(DOMAIN))
|
||||
DRONE ?= false
|
||||
DRYRUN ?= false
|
||||
DRYRUN_RECURSIVE ?= false
|
||||
|
@ -53,10 +54,10 @@ ENV_ARGS ?= $(env_args)
|
|||
ENV_FILE ?= $(wildcard $(if $(filter-out myos,$(MYOS)),$(MONOREPO_DIR)/.env) $(CONFIG)/$(ENV)/$(APP)/.env .env)
|
||||
ENV_LIST ?= $(shell ls .git/refs/heads/ 2>/dev/null)
|
||||
ENV_RESET ?= false
|
||||
ENV_VARS ?= APP BRANCH DOMAIN ENV HOME HOSTNAME GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME GROUP MAIL MONOREPO MONOREPO_DIR TAG UID USER VERSION
|
||||
ENV_VARS ?= APP BRANCH DOMAIN DOMAINNAME ENV HOME HOSTNAME GID GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME GROUP MAIL MONOREPO MONOREPO_DIR TAG UID USER VERSION
|
||||
GID ?= $(shell id -g 2>/dev/null)
|
||||
GIDS ?= $(shell id -G 2>/dev/null)
|
||||
GIT_AUTHOR_EMAIL ?= $(or $(shell git config user.email 2>/dev/null),$(USER)@$(DOMAIN))
|
||||
GIT_AUTHOR_EMAIL ?= $(or $(shell git config user.email 2>/dev/null),$(USER)@$(DOMAINNAME))
|
||||
GIT_AUTHOR_NAME ?= $(or $(shell git config user.name 2>/dev/null),$(USER))
|
||||
GIT_BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
|
||||
GIT_COMMIT ?= $(shell git rev-parse $(BRANCH) 2>/dev/null)
|
||||
|
@ -68,7 +69,7 @@ GIT_UPSTREAM_USER ?= $(lastword $(subst /, ,$(call pop,$(MYOS_REPO
|
|||
GIT_USER ?= $(USER)
|
||||
GIT_VERSION ?= $(shell git describe --tags $(BRANCH) 2>/dev/null || git rev-parse $(BRANCH) 2>/dev/null)
|
||||
GROUP ?= $(shell id -ng 2>/dev/null)
|
||||
HOST ?= $(HOSTNAME).$(DOMAIN)
|
||||
HOST ?= $(patsubst %,$(HOSTNAME).%,$(DOMAIN))
|
||||
HOSTNAME ?= $(call LOWERCASE,$(shell hostname 2>/dev/null |sed 's/\..*//'))
|
||||
IGNORE_DRYRUN ?= false
|
||||
IGNORE_VERBOSE ?= false
|
||||
|
@ -171,21 +172,22 @@ INFO = $(if $(VERBOSE),$(if $(filter-out true,$(IGNORE_VERBOSE)), \
|
|||
# macro RESU: Print USER associated to MAIL
|
||||
RESU = $(strip \
|
||||
$(if $(findstring @,$(MAIL)), \
|
||||
$(eval user := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \
|
||||
$(eval domain := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}'))))) \
|
||||
$(eval user := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$1}'))))) \
|
||||
$(eval domain := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(shell printf '$(MAIL)' |awk -F "@" '{print $$NF}'))))) \
|
||||
$(if $(domain), \
|
||||
$(eval mail := $(MAIL)) \
|
||||
$(eval niamod := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(domain)))))) \
|
||||
$(eval resu := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(user)))))) \
|
||||
$(eval resu_niamod := $(niamod).$(resu)) \
|
||||
$(eval resu_path := $(subst .,/,$(resu_niamod))) \
|
||||
$(eval user_domain := $(user).$(domain)) \
|
||||
$(resu_niamod) \
|
||||
$(eval mail := $(call LOWERCASE,$(subst +,.,$(subst _,.,$(MAIL))))) \
|
||||
$(eval niamod := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(domain)))))) \
|
||||
$(eval resu := $(subst $(space),.,$(strip $(call reverse,$(subst ., ,$(user)))))) \
|
||||
$(eval resu.niamod := $(niamod).$(resu)) \
|
||||
$(eval resu.path := $(subst .,/,$(resu_niamod))) \
|
||||
$(eval user.domain := $(user).$(domain)) \
|
||||
$(user.domain) \
|
||||
, $(USER) \
|
||||
) \
|
||||
, $(USER) \
|
||||
) \
|
||||
)
|
||||
|
||||
# macro TIME: Print time elapsed since unixtime 1
|
||||
TIME = awk '{printf "%02d:%02d:%02d\n",int($$1/3600),int(($$1%3600)/60),int($$1%60)}' \
|
||||
<<< $(shell awk 'BEGIN {current=$(or $(2),$(MAKE_UNIXTIME_CURRENT)); start=$(or $(1),$(MAKE_UNIXTIME_START)); print (current - start)}' 2>/dev/null)
|
||||
|
|
|
@ -1,6 +1,20 @@
|
|||
ENV_VARS += USER_DOMAIN user_domain
|
||||
MAKECMDARGS += user-exec user-exec:% user-exec@% user-run user-run:% user-run@%
|
||||
USER_DOMAIN ?= $(USER).$(DOMAIN)
|
||||
USER_DOMAIN ?= $(patsubst %,$(USER).%,$(DOMAIN))
|
||||
USER_HOST ?= $(patsubst %,$(USER).%,$(HOST))$(USER_HOST_LB)
|
||||
USER_HOST_RESU ?= $(patsubst %,$(RESU).%,$(USER_HOST))
|
||||
USER_HOST_LB ?= $(if $(USER_LB),$(space)$(HOST)$(if $(HOST_LB),$(space)$(DOMAIN)),$(if $(HOST_LB),$(space)$(USER_DOMAIN)))
|
||||
USER_PATH ?= $(USER_PATH_PREFIX)
|
||||
USER_PATH_RESU ?= $(USER_PATH)$(RESU)/
|
||||
USER_URIS ?= $(patsubst %,%/$(USER_PATH),$(USER_HOST))
|
||||
|
||||
ifneq ($(RESU),)
|
||||
ifeq ($(USER_RESU_HOST),true)
|
||||
USER_HOST := $(USER_HOST_RESU)
|
||||
else ifeq ($(USER_RESU_PATH),true)
|
||||
USER_PATH := $(USER_PATH_RESU)
|
||||
endif
|
||||
endif
|
||||
|
||||
# target start-stack-User: Fire ssh-add
|
||||
.PHONY: start-stack-User
|
||||
|
|
|
@ -2,6 +2,12 @@ ENV_VARS += USER_IPFS_API_HTTPHEADERS_ACA_ORIGI
|
|||
USER_IPFS_API_HTTPHEADERS_ACA_ORIGIN ?= [$(call patsublist,%,"https://%",$(USER_IPFS_SERVICE_8080_URIS))]
|
||||
USER_IPFS_SERVICE_NAME ?= ipfs
|
||||
USER_IPFS_SERVICE_5001_PATH ?= api/
|
||||
USER_IPFS_SERVICE_5001_TAGS ?= $(strip $(filter %.localhost/api/$(url_suffix),$(call tagprefix,USER_IPFS,5001)) $(if $(call servicenvs,USER_IPFS,5001,URIS),$(call urlprefix,$(USER_IPFS_SERVICE_5001_PATH),,$(call servicenvs,USER_IPFS,5001,URIS))))
|
||||
USER_IPFS_SERVICE_5001_URIS ?= $(call uriprefix,ipfs)
|
||||
USER_IPFS_SERVICE_5001_TAGS ?= $(or $(USER_IPFS_SERVICE_5001_TAGS_LOCALHOST),$(USER_IPFS_SERVICE_5001_TAGS_URIS),$(USER_IPFS_SERVICE_5001_TAGS_PROXY_TCP))
|
||||
USER_IPFS_SERVICE_5001_TAGS_LOCALHOST ?= $(filter %.localhost/$(USER_PATH)$(USER_IPFS_SERVICE_5001_PATH)$(url_suffix),$(call tagprefix,USER_IPFS,5001))
|
||||
USER_IPFS_SERVICE_5001_TAGS_PROXY_TCP ?= $(call patsublist,%,urlprefix-% proxy=tcp,$(USER_IPFS_SERVICE_PROXY_TCP))
|
||||
USER_IPFS_SERVICE_5001_TAGS_URIS ?= $(strip $(if $(call servicenvs,USER_IPFS,5001,URIS),$(call urlprefix,$(USER_IPFS_SERVICE_5001_PATH),,$(call servicenvs,USER_IPFS,5001,URIS))))
|
||||
USER_IPFS_SERVICE_5001_URIS ?= $(call uriprefix,USER_IPFS,5001,$(USER_URIS))
|
||||
USER_IPFS_SERVICE_8080_OPTS ?= $(patsubst %/,%,$(if $(USER_PATH),strip=/$(USER_PATH)))
|
||||
USER_IPFS_SERVICE_8080_PATH ?= ip(f|n)s/
|
||||
USER_IPFS_SERVICE_8080_TAGS ?= $(call tagprefix,USER_IPFS,8080)
|
||||
USER_IPFS_SERVICE_8080_URIS ?= $(call uriprefix,USER_IPFS,8080,$(USER_URIS))
|
||||
|
|
|
@ -3,9 +3,9 @@ version: '3.6'
|
|||
services:
|
||||
autoheal:
|
||||
container_name: ${HOST_COMPOSE_PROJECT_NAME}-autoheal
|
||||
image: willfarrell/autoheal:latest
|
||||
environment:
|
||||
- AUTOHEAL_CONTAINER_LABEL=all
|
||||
image: willfarrell/autoheal:latest
|
||||
restart: always
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
|
|
|
@ -9,6 +9,11 @@ services:
|
|||
dockerfile: docker/certbot/Dockerfile
|
||||
command: start
|
||||
container_name: ${HOST_COMPOSE_PROJECT_NAME}-certbot
|
||||
domainname: ${DOMAINNAME}
|
||||
extra_hosts:
|
||||
- consul:${DOCKER_INTERNAL_DOCKER_HOST}
|
||||
- ${HOSTNAME}.${DOMAINNAME} ${HOSTNAME}:${DOCKER_HOST_INET4}
|
||||
hostname: ${HOSTNAME}
|
||||
image: ${HOST_DOCKER_REPOSITORY}/certbot:${DOCKER_IMAGE_TAG}
|
||||
network_mode: host
|
||||
restart: always
|
||||
|
|
|
@ -9,23 +9,26 @@ services:
|
|||
context: ../..
|
||||
dockerfile: docker/consul/Dockerfile
|
||||
container_name: ${HOST_COMPOSE_PROJECT_NAME}-consul
|
||||
image: ${HOST_DOCKER_REPOSITORY}/consul:${DOCKER_IMAGE_TAG}
|
||||
domainname: ${DOMAINNAME}
|
||||
environment:
|
||||
CONSUL_BIND_INTERFACE: '${DOCKER_HOST_IFACE}'
|
||||
CONSUL_CLIENT_INTERFACE: '${DOCKER_HOST_IFACE}'
|
||||
CONSUL_HTTP_TOKEN: '${HOST_CONSUL_HTTP_TOKEN}'
|
||||
CONSUL_BIND_INTERFACE: '${DOCKER_HOST_IFACE:-eth0}'
|
||||
CONSUL_CLIENT_INTERFACE: '${DOCKER_HOST_IFACE:-eth0}'
|
||||
CONSUL_HTTP_TOKEN: '${HOST_CONSUL_HTTP_TOKEN:-01234567-89ab-cdef-0123-456789abcdef}'
|
||||
CONSUL_LOCAL_CONFIG: '{ "log_level": "warn"
|
||||
, "enable_script_checks": true
|
||||
, "acl": { "enabled": true
|
||||
, "default_policy": "deny"
|
||||
, "down_policy": "extend-cache"
|
||||
, "enable_token_persistence": true
|
||||
, "tokens": { "initial_management": "${HOST_CONSUL_ACL_TOKENS_MASTER}"
|
||||
, "agent": "${HOST_CONSUL_HTTP_TOKEN}"
|
||||
, "tokens": { "initial_management": "${HOST_CONSUL_ACL_TOKENS_MASTER:-01234567-89ab-cdef-0123-456789abcdef}"
|
||||
, "agent": "${HOST_CONSUL_HTTP_TOKEN:-01234567-89ab-cdef-0123-456789abcdef}"
|
||||
}
|
||||
}
|
||||
}'
|
||||
extra_hosts:
|
||||
- ${HOSTNAME}.${DOMAINNAME} ${HOSTNAME}:${DOCKER_HOST_INET4}
|
||||
hostname: ${HOSTNAME}
|
||||
image: ${HOST_DOCKER_REPOSITORY}/consul:${DOCKER_IMAGE_TAG}
|
||||
labels:
|
||||
- SERVICE_8300_IGNORE=true
|
||||
- SERVICE_8301_IGNORE=true
|
||||
|
|
|
@ -1,5 +1,13 @@
|
|||
ENV_VARS += HOST_FABIO_SERVICE_9998_TAGS
|
||||
ENV_VARS += HOST_FABIO_PROXY_ADDR HOST_FABIO_PROXY_CS HOST_FABIO_SERVICE_9998_TAGS HOST_FABIO_VERSION
|
||||
HOST_FABIO_PROXY_ADDR ?= $(call subst,$(space),$(comma),$(HOST_FABIO_SERVICE_PROXY_ADDR))
|
||||
HOST_FABIO_SERVICE_HTTP_ADDR ?= :80
|
||||
HOST_FABIO_SERVICE_HTTPS_ADDR ?= :443;cs=certs
|
||||
HOST_FABIO_SERVICE_PROXY_ADDR ?= $(call servicenvs,HOST_FABIO,PROXY,ADDR)
|
||||
HOST_FABIO_SERVICE_PROXY_ENVS ?= http https tcp
|
||||
HOST_FABIO_SERVICE_TCP_ADDR ?= $(foreach port,$(HOST_FABIO_SERVICE_TCP_PORT),:$(port);proto=tcp)
|
||||
HOST_FABIO_SERVICE_TCP_PORT ?=
|
||||
HOST_FABIO_SERVICE_9998_NAME ?= fabio
|
||||
HOST_FABIO_SERVICE_9998_AUTH ?= default
|
||||
HOST_FABIO_SERVICE_9998_TAGS ?= $(call tagprefix,HOST_FABIO,9998)
|
||||
HOST_FABIO_UFW_UPDATE ?= 80/tcp 443/tcp
|
||||
HOST_FABIO_VERSION ?= 1.6.3
|
||||
|
|
|
@ -7,17 +7,19 @@ services:
|
|||
- DOCKER_BUILD_DIR=docker/fabio
|
||||
- DOCKER_MACHINE=${DOCKER_MACHINE}
|
||||
- DOCKER_SYSTEM=${DOCKER_SYSTEM}
|
||||
- FABIO_VERSION=1.6.2
|
||||
- FABIO_VERSION=${HOST_FABIO_VERSION:-${FABIO_VERSION:-1.6.0}}
|
||||
context: ../..
|
||||
dockerfile: docker/fabio/Dockerfile
|
||||
command: -log.level "${HOST_FABIO_LOG_LEVEL:-INFO}" -proxy.addr "${HOST_FABIO_PROXY_ADDR:-:80,:443;cs=certs}" -proxy.auth "${HOST_FABIO_PROXY_AUTH:-name=default;type=basic;file=/host/htpasswd/default.htpasswd}" -proxy.cs "${HOST_FABIO_PROXY_CS:-cs=local;type=file;cert=/host/live/localhost/fullchain.pem;key=/host/live/localhost/privkey.pem,cs=certs;type=path;cert=/host/certs}" -proxy.matcher "${HOST_FABIO_PROXY_MATCHER:-glob}" -registry.backend "${HOST_FABIO_REGISTRY_BACKEND:-consul}" -registry.consul.addr "${HOST_FABIO_REGISTRY_CONSUL_ADDR:-consul:8500}" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN:-01234567-89ab-cdef-0123-456789abcdef}"
|
||||
container_name: ${HOST_COMPOSE_PROJECT_NAME}-fabio
|
||||
image: ${HOST_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG}
|
||||
command: -proxy.addr ":80,:443;cs=certs" -proxy.auth "name=default;type=basic;file=/host/htpasswd/default.htpasswd;" -proxy.cs "cs=local;type=file;cert=/host/live/${DOMAIN}/fullchain.pem;key=/host/live/${DOMAIN}/privkey.pem,cs=certs;type=path;cert=/host/certs" -proxy.matcher "glob" -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${HOST_CONSUL_HTTP_TOKEN}"
|
||||
domainname: ${DOMAINNAME}
|
||||
depends_on:
|
||||
- consul
|
||||
extra_hosts:
|
||||
- consul:${DOCKER_INTERNAL_DOCKER_HOST}
|
||||
- ${HOSTNAME}.${DOMAINNAME} ${HOSTNAME}:${DOCKER_HOST_INET4}
|
||||
hostname: ${HOSTNAME}
|
||||
image: ${HOST_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG}
|
||||
labels:
|
||||
- SERVICE_80_CHECK_TCP=true
|
||||
- SERVICE_80_NAME=${HOST_COMPOSE_SERVICE_NAME}-fabio-80
|
||||
|
@ -27,12 +29,7 @@ services:
|
|||
- SERVICE_9998_NAME=${HOST_COMPOSE_SERVICE_NAME}-fabio-9998
|
||||
- SERVICE_9998_TAGS=${HOST_FABIO_SERVICE_9998_TAGS}
|
||||
- SERVICE_9999_IGNORE=true
|
||||
ports:
|
||||
- 80:80/tcp
|
||||
- 443:443/tcp
|
||||
- 9998/tcp
|
||||
networks:
|
||||
- public
|
||||
network_mode: host
|
||||
restart: always
|
||||
volumes:
|
||||
- host:/host:ro
|
||||
|
@ -41,8 +38,3 @@ volumes:
|
|||
host:
|
||||
external: true
|
||||
name: ${HOST_DOCKER_VOLUME}
|
||||
|
||||
networks:
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
||||
|
|
|
@ -26,13 +26,13 @@ host-ssl-certs:
|
|||
; [ -f /host/htpasswd/default.htpasswd ] \
|
||||
|| echo "default:{PLAIN}$(shell head -c 15 /dev/random |base64)" > /host/htpasswd/default.htpasswd \
|
||||
; for domain in ${DOMAIN}; do \
|
||||
[ -f /host/live/\$${domain}/fullchain.pem -a -f /host/live/\$${domain}/privkey.pem ] \
|
||||
[ -f /host/live/\$${domain}/privkey.pem ] \
|
||||
&& openssl x509 -in /host/live/\$${domain}/fullchain.pem -noout -issuer 2>/dev/null |grep -iqv staging \
|
||||
&& cp -L /host/live/\$${domain}/fullchain.pem /host/certs/\$${domain}-cert.pem \
|
||||
&& cp -L /host/live/\$${domain}/privkey.pem /host/certs/\$${domain}-key.pem \
|
||||
; if [ ! -f /host/certs/\$${domain}-cert.pem -o ! -f /host/certs/\$${domain}-key.pem ]; then \
|
||||
; if [ ! -f /host/certs/\$${domain}-key.pem ]; then \
|
||||
apk --no-cache add openssl \
|
||||
&& { [ -f /host/certs/\$${domain}-priv.pem ] || openssl genrsa -out /host/certs/\$${domain}-key.pem 2048; } \
|
||||
&& openssl genrsa -out /host/certs/\$${domain}-key.pem 2048 \
|
||||
&& openssl req -key /host/certs/\$${domain}-key.pem -out /host/certs/\$${domain}-cert.pem \
|
||||
-addext extendedKeyUsage=serverAuth \
|
||||
-addext subjectAltName=DNS:\$${domain},DNS:*.\$${domain} \
|
||||
|
|
|
@ -6,7 +6,7 @@ services:
|
|||
- NET_ADMIN
|
||||
container_name: ${HOST_COMPOSE_PROJECT_NAME}-mailserver
|
||||
cpus: 0.5
|
||||
domainname: ${DOMAIN}
|
||||
domainname: ${DOMAINNAME}
|
||||
environment:
|
||||
- OVERRIDE_HOSTNAME=${HOST_MAILSERVER_OVERRIDE_HOSTNAME:-}
|
||||
- DMS_DEBUG=${HOST_MAILSERVER_DMS_DEBUG:-0}
|
||||
|
|
|
@ -33,7 +33,7 @@ services:
|
|||
restart: unless-stopped
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||
- certs:/etc/nginx/certs:ro
|
||||
- certs:/etc/nginx/certs
|
||||
- html:/usr/share/nginx/html
|
||||
- htpasswd:/etc/nginx/htpasswd
|
||||
- log:/var/log/nginx
|
||||
|
|
|
@ -2,10 +2,10 @@ version: '3.6'
|
|||
|
||||
services:
|
||||
php:
|
||||
image: php:fpm-alpine
|
||||
environment:
|
||||
- VIRTUAL_HOST=php
|
||||
- VIRTUAL_PROTO=fastcgi
|
||||
image: php:fpm-alpine
|
||||
networks:
|
||||
- public
|
||||
volumes:
|
||||
|
|
|
@ -9,23 +9,20 @@ services:
|
|||
- GIT_AUTHOR_EMAIL=${GIT_AUTHOR_EMAIL}
|
||||
context: ../..
|
||||
dockerfile: docker/registrator/Dockerfile
|
||||
container_name: ${HOST_COMPOSE_PROJECT_NAME}-registrator
|
||||
image: ${HOST_DOCKER_REPOSITORY}/registrator:${DOCKER_IMAGE_TAG}
|
||||
command: -internal -cleanup -deregister always -resync=30 -useIpFromNetwork "${DOCKER_NETWORK_PUBLIC}" -useIpFromLabel SERVICE_ADDRESS consul://consul:8500
|
||||
container_name: ${HOST_COMPOSE_PROJECT_NAME}-registrator
|
||||
depends_on:
|
||||
- consul
|
||||
domainname: ${DOMAINNAME}
|
||||
environment:
|
||||
- CONSUL_HTTP_TOKEN=${HOST_CONSUL_HTTP_TOKEN}
|
||||
- GL_DISABLE_VERSION_CHECK=true
|
||||
extra_hosts:
|
||||
- consul:${DOCKER_INTERNAL_DOCKER_HOST}
|
||||
- ${HOSTNAME}.${DOMAINNAME} ${HOSTNAME}:${DOCKER_HOST_INET4}
|
||||
hostname: ${HOSTNAME}
|
||||
image: ${HOST_DOCKER_REPOSITORY}/registrator:${DOCKER_IMAGE_TAG}
|
||||
network_mode: host
|
||||
restart: always
|
||||
volumes:
|
||||
- /var/run/docker.sock:/tmp/docker.sock
|
||||
|
||||
networks:
|
||||
public:
|
||||
external: true
|
||||
name: ${DOCKER_NETWORK_PUBLIC}
|
||||
|
|
|
@ -2,8 +2,8 @@ version: '3.6'
|
|||
|
||||
services:
|
||||
static:
|
||||
image: nginx:alpine
|
||||
command: /bin/sh -c "grep autoindex /etc/nginx/conf.d/default.conf >/dev/null 2>&1 || sed -i 's|index index.html index.htm;|index index.html index.htm;\n autoindex on;|' /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
|
||||
image: nginx:alpine
|
||||
labels:
|
||||
- SERVICE_80_CHECK_TCP=true
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-static-80
|
||||
|
|
|
@ -4,5 +4,6 @@ volumes:
|
|||
log:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: none
|
||||
device: /var/log
|
||||
o: bind
|
||||
type: none
|
||||
|
|
|
@ -4,6 +4,6 @@ volumes:
|
|||
www:
|
||||
driver: local
|
||||
driver_opts:
|
||||
type: none
|
||||
device: /var/www
|
||||
o: bind
|
||||
type: none
|
||||
|
|
|
@ -7,7 +7,6 @@ IPFS_SERVICE_5001_TAGS ?= $(call tagprefix,ipfs,5001)
|
|||
IPFS_SERVICE_8080_CHECK_HTTP ?= /ipfs/QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn
|
||||
IPFS_SERVICE_8080_TAGS ?= $(call tagprefix,ipfs,8080)
|
||||
IPFS_SERVICE_8080_URIS ?= $(patsubst %,ipfs.%,$(APP_URIS)) $(patsubst %,*.ipfs.%,$(APP_URIS)) $(patsubst %,ipns.%,$(APP_URIS)) $(patsubst %,*.ipns.%,$(APP_URIS))
|
||||
IPFS_UFW_DOCKER ?= 4001/tcp 4001/udp 8080
|
||||
IPFS_VERSION ?= 0.16.0
|
||||
|
||||
.PHONY: bootstrap-stack-ipfs
|
||||
|
|
Loading…
Reference in New Issue