wip: letsencrypt
This commit is contained in:
parent
1203c9f005
commit
04df1bd919
|
@ -0,0 +1,51 @@
|
|||
# FROM certbot/certbot:latest as dist
|
||||
FROM python:3.8-alpine as dist
|
||||
LABEL maintainer aynic.os <support+docker@asycn.io>
|
||||
ARG DOCKER_BUILD_DIR
|
||||
|
||||
# RUN pip install \
|
||||
RUN apk --no-cache add --virtual .build-deps \
|
||||
build-base \
|
||||
libffi-dev \
|
||||
&& pip install \
|
||||
certbot \
|
||||
certbot-dns-azure \
|
||||
# certbot-dns-bunny \
|
||||
# certbot-dns-clouddns \
|
||||
certbot-dns-cloudflare \
|
||||
# certbot-dns-cloudxns \
|
||||
certbot-dns-digitalocean \
|
||||
# certbot-dns-dnsmadeeasy \
|
||||
# certbot-dns-dnsimple \
|
||||
# certbot-dns-gehirn \
|
||||
# certbot-dns-godaddy \
|
||||
certbot-dns-google \
|
||||
certbot-dns-infomaniak \
|
||||
# certbot-dns-inwx \
|
||||
certbot-dns-ispconfig \
|
||||
# certbot-dns-lightsail \
|
||||
certbot-dns-linode \
|
||||
# certbot-dns-luadns \
|
||||
# certbot-dns-njalla \
|
||||
# certbot-dns-nsone \
|
||||
certbot-dns-ovh \
|
||||
certbot-dns-rfc2136 \
|
||||
certbot-dns-route53 \
|
||||
# certbot-dns-sakuracloud \
|
||||
certbot-dns-standalone \
|
||||
# certbot-dns-yandexcloud \
|
||||
# certbot-ext-auth future \
|
||||
certbot-plugin-gandi \
|
||||
certbot-s3front \
|
||||
# certbot_dns_duckdns \
|
||||
# certbot_dns_porkbun \
|
||||
# letsencrypt-pritunl \
|
||||
# letsencrypt-proxmox \
|
||||
&& apk del .build-deps
|
||||
|
||||
COPY ${DOCKER_BUILD_DIR}/certbot-renew /etc/periodic/daily/
|
||||
COPY ${DOCKER_BUILD_DIR}/docker-entrypoint.sh /docker-entrypoint.sh
|
||||
ENTRYPOINT ["/docker-entrypoint.sh"]
|
||||
CMD ["--help"]
|
||||
|
||||
FROM dist as master
|
|
@ -0,0 +1,4 @@
|
|||
#!/bin/sh
|
||||
|
||||
mkdir -p /etc/letsencrypt/renewal
|
||||
/usr/local/bin/certbot renew > /etc/letsencrypt/renewal/letsencrypt.log
|
|
@ -0,0 +1,16 @@
|
|||
#!/usr/bin/env sh
|
||||
set -euo errexit
|
||||
|
||||
[ -n "${DEBUG:-}" -a "${DEBUG:-}" != "false" ] && set -x
|
||||
|
||||
case "${1:-start}" in
|
||||
|
||||
start)
|
||||
exec /usr/sbin/crond -f -L/dev/stdout
|
||||
;;
|
||||
|
||||
*)
|
||||
exec /usr/local/bin/certbot "$@"
|
||||
;;
|
||||
|
||||
esac
|
|
@ -1,6 +1,6 @@
|
|||
CMDS += docker-run docker-run-%
|
||||
COMPOSE_ARGS ?= --ansi auto
|
||||
COMPOSE_FILE ?= $(wildcard docker/docker-compose.yml $(foreach file,$(patsubst docker/docker-compose.%,%,$(basename $(wildcard docker/docker-compose.*.yml))),$(if $(filter true,$(COMPOSE_FILE_$(file)) $(COMPOSE_FILE_$(call UPPERCASE,$(file)))),docker/docker-compose.$(file).yml)))
|
||||
COMPOSE_FILE ?= $(wildcard docker-compose.yml docker/docker-compose.yml $(foreach file,$(patsubst docker/docker-compose.%,%,$(basename $(wildcard docker/docker-compose.*.yml))),$(if $(filter true,$(COMPOSE_FILE_$(file)) $(COMPOSE_FILE_$(call UPPERCASE,$(file)))),docker/docker-compose.$(file).yml)))
|
||||
COMPOSE_FILE_$(ENV) ?= true
|
||||
COMPOSE_FILE_DEBUG ?= $(if $(DEBUG),true)
|
||||
COMPOSE_FILE_NFS ?= $(MOUNT_NFS)
|
||||
|
|
|
@ -41,6 +41,7 @@ CONFIG_REPOSITORY_URI ?= $(shell printf '$(CONFIG_REPOSITORY_URL)\n' |
|
|||
CONFIG_REPOSITORY_URL ?= $(call pop,$(APP_UPSTREAM_REPOSITORY))/$(notdir $(CONFIG))
|
||||
CONTEXT ?= ENV $(shell awk 'BEGIN {FS="="}; $$1 !~ /^(\#|$$)/ {print $$1}' .env.dist 2>/dev/null)
|
||||
CONTEXT_DEBUG ?= MAKEFILE_LIST DOCKER_ENV_ARGS ENV_ARGS APPS GIT_AUTHOR_EMAIL GIT_AUTHOR_NAME MAKE_DIR MAKE_SUBDIRS MAKE_CMD_ARGS MAKE_ENV_ARGS UID USER
|
||||
CERTBOT ?=
|
||||
DEBUG ?=
|
||||
DOCKER ?= $(shell type -p docker)
|
||||
DOMAIN ?= localhost
|
||||
|
|
|
@ -18,7 +18,7 @@ services:
|
|||
- DRONE_USER_FILTER=${DRONE_USER_FILTER}
|
||||
labels:
|
||||
- SERVICE_80_CHECK_TCP=true
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-drone:80
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-drone-80
|
||||
- SERVICE_80_TAGS=${DRONE_SERVER_SERVICE_80_TAGS}
|
||||
- SERVICE_443_IGNORE=true
|
||||
networks:
|
||||
|
|
|
@ -11,7 +11,7 @@ services:
|
|||
command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD} -E apm-server.register.ingest.pipeline.enabled=false
|
||||
labels:
|
||||
- SERVICE_8200_CHECK_HTTP=/
|
||||
- SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-oss:8200
|
||||
- SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-oss-8200
|
||||
- SERVICE_8200_TAGS=${APM_SERVER_SERVICE_8200_TAGS}
|
||||
networks:
|
||||
- private
|
||||
|
|
|
@ -6,7 +6,7 @@ services:
|
|||
command: -c apm-server.yml --strict.perms=false -e -E output.elasticsearch.hosts=["${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}"] -E output.elasticsearch.protocol=${ELASTICSEARCH_PROTOCOL} -E output.elasticsearch.username=${ELASTICSEARCH_USERNAME} -E output.elasticsearch.password=${ELASTICSEARCH_PASSWORD}
|
||||
labels:
|
||||
- SERVICE_8200_CHECK_HTTP=/
|
||||
- SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server:8200
|
||||
- SERVICE_8200_NAME=${COMPOSE_SERVICE_NAME}-apm-server-8200
|
||||
- SERVICE_8200_TAGS=${APM_SERVER_SERVICE_8200_TAGS}
|
||||
networks:
|
||||
private:
|
||||
|
|
|
@ -18,10 +18,10 @@ services:
|
|||
- http.cors.allow-headers=X-Requested-With,X-Auth-Token,Content-Type,Content-Length
|
||||
labels:
|
||||
- SERVICE_9200_CHECK_HTTP=/
|
||||
- SERVICE_9200_NAME=${COMPOSE_SERVICE_NAME}-elasticsearch:9200
|
||||
- SERVICE_9200_NAME=${COMPOSE_SERVICE_NAME}-elasticsearch-9200
|
||||
- SERVICE_9200_TAGS=${ELASTICSEARCH_SERVICE_9200_TAGS}
|
||||
- SERVICE_9300_CHECK_TCP=true
|
||||
- SERVICE_9300_NAME=${COMPOSE_SERVICE_NAME}-elasticsearch:9300
|
||||
- SERVICE_9300_NAME=${COMPOSE_SERVICE_NAME}-elasticsearch-9300
|
||||
networks:
|
||||
- private
|
||||
- public
|
||||
|
|
|
@ -4,7 +4,7 @@ services:
|
|||
kibana-oss:
|
||||
labels:
|
||||
- SERVICE_5601_CHECK_HTTP=/app/kibana
|
||||
- SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-oss:5601
|
||||
- SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-oss-5601
|
||||
- SERVICE_5601_TAGS=${KIBANA_SERVICE_5601_TAGS}
|
||||
networks:
|
||||
- private
|
||||
|
|
|
@ -4,7 +4,7 @@ services:
|
|||
kibana:
|
||||
labels:
|
||||
- SERVICE_5601_CHECK_HTTP=/app/kibana
|
||||
- SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana:5601
|
||||
- SERVICE_5601_NAME=${COMPOSE_SERVICE_NAME}-kibana-5601
|
||||
- SERVICE_5601_TAGS=${KIBANA_SERVICE_5601_TAGS}
|
||||
networks:
|
||||
- private
|
||||
|
|
|
@ -17,7 +17,7 @@ services:
|
|||
image: ${DOCKER_REPOSITORY}/grafana:${DOCKER_IMAGE_TAG}
|
||||
labels:
|
||||
- SERVICE_3000_CHECK_TCP=true
|
||||
- SERVICE_3000_NAME=${COMPOSE_SERVICE_NAME}-grafana:3000
|
||||
- SERVICE_3000_NAME=${COMPOSE_SERVICE_NAME}-grafana-3000
|
||||
- SERVICE_3000_TAGS=${GRAFANA_SERVICE_3000_TAGS}
|
||||
networks:
|
||||
- private
|
||||
|
|
|
@ -57,10 +57,10 @@ services:
|
|||
image: ${DOCKER_REPOSITORY}/ipfs:${DOCKER_IMAGE_TAG}
|
||||
labels:
|
||||
- SERVICE_4001_CHECK_TCP=true
|
||||
- SERVICE_4001_NAME=${COMPOSE_SERVICE_NAME}-ipfs:4001
|
||||
- SERVICE_5001_NAME=${COMPOSE_SERVICE_NAME}-ipfs:5001
|
||||
- SERVICE_4001_NAME=${COMPOSE_SERVICE_NAME}-ipfs-4001
|
||||
- SERVICE_5001_NAME=${COMPOSE_SERVICE_NAME}-ipfs-5001
|
||||
- SERVICE_8080_CHECK_HTTP=${IPFS_SERVICE_8080_CHECK_TCP}
|
||||
- SERVICE_8080_NAME=${COMPOSE_SERVICE_NAME}-ipfs:8080
|
||||
- SERVICE_8080_NAME=${COMPOSE_SERVICE_NAME}-ipfs-8080
|
||||
- SERVICE_8080_TAGS=${IPFS_SERVICE_8080_TAGS}
|
||||
- SERVICE_8081_IGNORE=true
|
||||
networks:
|
||||
|
|
|
@ -5,7 +5,7 @@ services:
|
|||
image: memcached:alpine
|
||||
labels:
|
||||
- SERVICE_11211_CHECK_TCP=true
|
||||
- SERVICE_11211_NAME=${COMPOSE_SERVICE_NAME}-memcached:11211
|
||||
- SERVICE_11211_NAME=${COMPOSE_SERVICE_NAME}-memcached-11211
|
||||
networks:
|
||||
- private
|
||||
ports:
|
||||
|
|
|
@ -5,7 +5,7 @@ services:
|
|||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
|
||||
labels:
|
||||
- SERVICE_3306_NAME=${COMPOSE_SERVICE_NAME}-mysql:3306
|
||||
- SERVICE_3306_NAME=${COMPOSE_SERVICE_NAME}-mysql-3306
|
||||
- SERVICE_CHECK_SCRIPT=docker-healthcheck $$SERVICE_IP
|
||||
networks:
|
||||
- private
|
||||
|
|
|
@ -6,7 +6,7 @@ services:
|
|||
# command: "/usr/bin/newrelic-daemon --loglevel debug"
|
||||
labels:
|
||||
- SERVICE_31339_CHECK_TCP=true
|
||||
- SERVICE_31339_NAME=${COMPOSE_SERVICE_NAME}-php-daemon:31339
|
||||
- SERVICE_31339_NAME=${COMPOSE_SERVICE_NAME}-php-daemon-31339
|
||||
networks:
|
||||
- private
|
||||
ports:
|
||||
|
|
|
@ -6,7 +6,7 @@ services:
|
|||
command: /bin/sh -c "grep autoindex /etc/nginx/conf.d/default.conf >/dev/null 2>&1 || sed -i 's|index index.html index.htm;|index index.html index.htm;\n autoindex on;|' /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
|
||||
labels:
|
||||
- SERVICE_80_CHECK_TCP=true
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nginx:80
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-nginx-80
|
||||
- SERVICE_80_TAGS=${STATIC_SERVICE_80_TAGS}
|
||||
networks:
|
||||
- private
|
||||
|
|
|
@ -2,9 +2,9 @@ CMDS += node-exec stack-node-exec node-exec:% node-ex
|
|||
node ?= node/node
|
||||
ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET4 DOCKER_INTERNAL_DOCKER_HOST
|
||||
|
||||
# target bootstrap-stack-node: Fire node-ssl-certs
|
||||
# target bootstrap-stack-node: Fire node-certbot node-ssl-certs
|
||||
.PHONY: bootstrap-stack-node
|
||||
bootstrap-stack-node: docker-network-create-$(DOCKER_NETWORK_PUBLIC) node-ssl-certs
|
||||
bootstrap-stack-node: docker-network-create-$(DOCKER_NETWORK_PUBLIC) $(if $(CERTBOT),node-certbot) node-ssl-certs
|
||||
|
||||
# target node: Fire stack-node-up
|
||||
.PHONY: node
|
||||
|
@ -14,15 +14,63 @@ node: stack-node-up
|
|||
.PHONY: node-%
|
||||
node-%: stack-node-%;
|
||||
|
||||
# target node-ssl-certs: Create ${DOMAIN}.key.pem and ${DOMAIN}.crt.pem files
|
||||
# target node-ssl-certs: Create invalid ${DOMAIN}/privkey.pem and ${DOMAIN}/cert.pem certificate files
|
||||
.PHONY: node-ssl-certs
|
||||
node-ssl-certs:
|
||||
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine [ -f /certs/$(DOMAIN).crt.pem -a -f /certs/$(DOMAIN).key.pem ] \
|
||||
|| $(RUN) docker run --rm -e DOMAIN=$(DOMAIN) --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine sh -c "\
|
||||
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine \
|
||||
[ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|
||||
|| $(RUN) docker run --rm -e DOMAIN=$(DOMAIN) --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine sh -c "\
|
||||
apk --no-cache add openssl \
|
||||
&& { [ -f /certs/${DOMAIN}.key.pem ] || openssl genrsa -out /certs/${DOMAIN}.key.pem 2048; } \
|
||||
&& openssl req -key /certs/${DOMAIN}.key.pem -out /certs/${DOMAIN}.crt.pem \
|
||||
&& mkdir -p /certs/live/${DOMAIN} \
|
||||
&& { [ -f /certs/live/${DOMAIN}/privkey.pem ] || openssl genrsa -out /certs/live/${DOMAIN}/privkey.pem 2048; } \
|
||||
&& openssl req -key /certs/live/${DOMAIN}/privkey.pem -out /certs/live/${DOMAIN}/cert.pem \
|
||||
-addext extendedKeyUsage=serverAuth \
|
||||
-addext subjectAltName=DNS:${DOMAIN} \
|
||||
-subj \"/C=/ST=/L=/O=/CN=${DOMAIN}\" \
|
||||
-x509 -days 365"
|
||||
|
||||
# target node-certbot: Create letsencrypt ${DOMAIN}/privkey.pem and ${DOMAIN}/cert.pem files
|
||||
.PHONY: node-certbot
|
||||
node-certbot: node-docker-build-certbot
|
||||
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine [ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|
||||
|| $(RUN) docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ --mount source=$(NODE_DOCKER_VOLUME),target=/var/log/letsencrypt/ -e DOMAIN=$(DOMAIN) --network host node/certbot \
|
||||
--non-interactive --agree-tos --email hostmaster@${DOMAIN} certonly \
|
||||
--preferred-challenges dns --authenticator dns-standalone \
|
||||
--dns-standalone-address=0.0.0.0 \
|
||||
--dns-standalone-port=53 \
|
||||
-d ${DOMAIN} \
|
||||
-d *.${DOMAIN}
|
||||
|
||||
# target node-certbot-certificates: List letsencrypt certificates
|
||||
.PHONY: node-certbot-certificates
|
||||
node-certbot-certificates: node-docker-build-certbot
|
||||
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ node/certbot certificates
|
||||
|
||||
# target node-certbot-renew: Renew letsencrypt certificates
|
||||
.PHONY: node-certbot-renew
|
||||
node-certbot-renew: node-docker-build-certbot
|
||||
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ --network host node/certbot renew
|
||||
|
||||
# target node-certbot-staging: Create staging letsencrypt ${DOMAIN}/privkey.pem and ${DOMAIN}/cert.pem files
|
||||
.PHONY: node-certbot-staging
|
||||
node-certbot-staging: node-docker-build-certbot
|
||||
docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/certs alpine [ -f /certs/live/$(DOMAIN)/cert.pem -a -f /certs/live/$(DOMAIN)/privkey.pem ] \
|
||||
|| $(RUN) docker run --rm --mount source=$(NODE_DOCKER_VOLUME),target=/etc/letsencrypt/ --mount source=$(NODE_DOCKER_VOLUME),target=/var/log/letsencrypt/ -e DOMAIN=$(DOMAIN) --network host node/certbot \
|
||||
--non-interactive --agree-tos --email hostmaster@${DOMAIN} certonly \
|
||||
--preferred-challenges dns --authenticator dns-standalone \
|
||||
--dns-standalone-address=0.0.0.0 \
|
||||
--dns-standalone-port=53 \
|
||||
--staging \
|
||||
-d ${DOMAIN} \
|
||||
-d *.${DOMAIN}
|
||||
|
||||
# target node-docker-build-%: Build % docker
|
||||
.PHONY: node-docker-build-%
|
||||
node-docker-build-%:
|
||||
$(call docker-build,docker/$*,node/$*:$(DOCKER_IMAGE_TAG))
|
||||
|
||||
# target node-docker-rebuild-%: Rebuild % docker
|
||||
.PHONY: node-docker-rebuild-%
|
||||
node-docker-rebuild-%:
|
||||
$(call make,node-docker-build-$* DOCKER_BUILD_CACHE=false)
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ services:
|
|||
image: google/cadvisor:latest
|
||||
labels:
|
||||
- SERVICE_8080_CHECK_TCP=true
|
||||
- SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-cadvisor-exporter:8080
|
||||
- SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-cadvisor-exporter-8080
|
||||
- SERVICE_8080_TAGS=${NODE_CADVISOR_EXPORTER_SERVICE_8080_TAGS}
|
||||
- SERVICE_9200_IGNORE=true
|
||||
networks:
|
||||
|
@ -31,7 +31,7 @@ services:
|
|||
image: prom/node-exporter:latest
|
||||
labels:
|
||||
- SERVICE_9100_CHECK_TCP=true
|
||||
- SERVICE_9100_NAME=${NODE_COMPOSE_SERVICE_NAME}-node-exporter:9100
|
||||
- SERVICE_9100_NAME=${NODE_COMPOSE_SERVICE_NAME}-node-exporter-9100
|
||||
- SERVICE_9100_TAGS=${NODE_EXPORTER_SERVICE_9100_TAGS}
|
||||
networks:
|
||||
- public
|
||||
|
|
|
@ -57,11 +57,11 @@ services:
|
|||
image: ${NODE_DOCKER_REPOSITORY}/ipfs:${DOCKER_IMAGE_TAG}
|
||||
labels:
|
||||
- SERVICE_4001_CHECK_TCP=true
|
||||
- SERVICE_4001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs:4001
|
||||
- SERVICE_4001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-4001
|
||||
- SERVICE_5001_CHECK_TCP=true
|
||||
- SERVICE_5001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs:5001
|
||||
- SERVICE_5001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-5001
|
||||
- SERVICE_8080_CHECK_HTTP=${NODE_IPFS_SERVICE_8080_CHECK_TCP}
|
||||
- SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs:8080
|
||||
- SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-8080
|
||||
- SERVICE_8080_TAGS=${NODE_IPFS_SERVICE_8080_TAGS}
|
||||
- SERVICE_8081_IGNORE=true
|
||||
network_mode: host
|
||||
|
|
|
@ -1,6 +1,19 @@
|
|||
version: '3.6'
|
||||
|
||||
services:
|
||||
certbot:
|
||||
build:
|
||||
args:
|
||||
- DOCKER_BUILD_DIR=docker/certbot
|
||||
context: ../..
|
||||
dockerfile: docker/certbot/Dockerfile
|
||||
command: start
|
||||
container_name: ${NODE_COMPOSE_PROJECT_NAME}-certbot
|
||||
image: ${NODE_DOCKER_REPOSITORY}/certbot:${DOCKER_IMAGE_TAG}
|
||||
network_mode: host
|
||||
restart: always
|
||||
volumes:
|
||||
- myos:/etc/letsencrypt
|
||||
consul:
|
||||
build:
|
||||
args:
|
||||
|
@ -31,7 +44,7 @@ services:
|
|||
- SERVICE_8301_IGNORE=true
|
||||
- SERVICE_8302_IGNORE=true
|
||||
- SERVICE_8500_CHECK_HTTP=/v1/health/service/consul
|
||||
- SERVICE_8500_NAME=${NODE_COMPOSE_SERVICE_NAME}-consul:8500
|
||||
- SERVICE_8500_NAME=${NODE_COMPOSE_SERVICE_NAME}-consul-8500
|
||||
- SERVICE_8500_TAGS=${NODE_CONSUL_SERVICE_8500_TAGS}
|
||||
- SERVICE_8600_IGNORE=true
|
||||
- SERVICE_ADDRESS=${DOCKER_HOST_INET4}
|
||||
|
@ -40,20 +53,19 @@ services:
|
|||
restart: always
|
||||
volumes:
|
||||
- consul:/consul/data:delegated
|
||||
- myos:/certs:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
fabio:
|
||||
build:
|
||||
args:
|
||||
- DOCKER_BUILD_DIR=docker/fabio
|
||||
- FABIO_VERSION=1.6.0
|
||||
- FABIO_VERSION=1.6.2
|
||||
- SYSTEM=${SYSTEM}
|
||||
- MACHINE=${MACHINE}
|
||||
context: ../..
|
||||
dockerfile: docker/fabio/Dockerfile
|
||||
container_name: ${NODE_COMPOSE_PROJECT_NAME}-fabio
|
||||
image: ${NODE_DOCKER_REPOSITORY}/fabio:${DOCKER_IMAGE_TAG}
|
||||
command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${NODE_CONSUL_HTTP_TOKEN}" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/certs/${DOMAIN}.crt.pem;key=/certs/${DOMAIN}.key.pem"
|
||||
command: -registry.backend "consul" -registry.consul.addr "consul:8500" -registry.consul.token "${NODE_CONSUL_HTTP_TOKEN}" -proxy.addr ":80,:443;cs=local" -proxy.cs "cs=local;type=file;cert=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem;key=/etc/letsencrypt/live/${DOMAIN}/privkey.pem"
|
||||
depends_on:
|
||||
- consul
|
||||
extra_hosts:
|
||||
|
@ -61,11 +73,11 @@ services:
|
|||
hostname: ${HOSTNAME}
|
||||
labels:
|
||||
- SERVICE_80_CHECK_TCP=true
|
||||
- SERVICE_80_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio:80
|
||||
- SERVICE_80_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio-80
|
||||
- SERVICE_443_CHECK_TCP=true
|
||||
- SERVICE_443_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio:443
|
||||
- SERVICE_443_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio-443
|
||||
- SERVICE_9998_CHECK_HTTP=/routes
|
||||
- SERVICE_9998_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio:9998
|
||||
- SERVICE_9998_NAME=${NODE_COMPOSE_SERVICE_NAME}-fabio-9998
|
||||
- SERVICE_9998_TAGS=${NODE_FABIO_SERVICE_9998_TAGS}
|
||||
- SERVICE_9999_IGNORE=true
|
||||
ports:
|
||||
|
@ -76,7 +88,7 @@ services:
|
|||
- public
|
||||
restart: always
|
||||
volumes:
|
||||
- myos:/certs:ro
|
||||
- myos:/etc/letsencrypt:ro
|
||||
registrator:
|
||||
build:
|
||||
args:
|
||||
|
|
|
@ -7,7 +7,7 @@ services:
|
|||
labels:
|
||||
- SERVICE_8000_IGNORE=true
|
||||
- SERVICE_9000_CHECK_HTTP=/
|
||||
- SERVICE_9000_NAME=${NODE_COMPOSE_SERVICE_NAME}-portainer:9000
|
||||
- SERVICE_9000_NAME=${NODE_COMPOSE_SERVICE_NAME}-portainer-9000
|
||||
- SERVICE_9000_TAGS=${NODE_PORTAINER_SERVICE_9000_TAGS}
|
||||
networks:
|
||||
- public
|
||||
|
|
|
@ -28,9 +28,9 @@ services:
|
|||
image: ${NODE_DOCKER_REPOSITORY}/vsftpd-s3:${DOCKER_IMAGE_TAG}
|
||||
labels:
|
||||
- SERVICE_21_CHECK_TCP=true
|
||||
- SERVICE_21_NAME=${NODE_COMPOSE_SERVICE_NAME}-vsftpd-s3:21
|
||||
- SERVICE_21_NAME=${NODE_COMPOSE_SERVICE_NAME}-vsftpd-s3-21
|
||||
- SERVICE_22_CHECK_TCP=true
|
||||
- SERVICE_22_NAME=${NODE_COMPOSE_SERVICE_NAME}-vsftpd-s3:22
|
||||
- SERVICE_22_NAME=${NODE_COMPOSE_SERVICE_NAME}-vsftpd-s3-22
|
||||
- SERVICE_65000_IGNORE=true
|
||||
security_opt:
|
||||
- apparmor:unconfined
|
||||
|
|
|
@ -6,7 +6,7 @@ services:
|
|||
labels:
|
||||
- SERVICE_8000_IGNORE=true
|
||||
- SERVICE_9000_CHECK_HTTP=/
|
||||
- SERVICE_9000_NAME=${COMPOSE_SERVICE_NAME}-portainer:9000
|
||||
- SERVICE_9000_NAME=${COMPOSE_SERVICE_NAME}-portainer-9000
|
||||
- SERVICE_9000_TAGS=${PORTAINER_SERVICE_9000_TAGS}
|
||||
networks:
|
||||
- public
|
||||
|
|
|
@ -8,7 +8,7 @@ services:
|
|||
- POSTGRES_USER=${POSTGRES_USER}
|
||||
labels:
|
||||
- SERVICE_5432_CHECK_TCP=true
|
||||
- SERVICE_5432_NAME=${COMPOSE_SERVICE_NAME}-postgres:5432
|
||||
- SERVICE_5432_NAME=${COMPOSE_SERVICE_NAME}-postgres-5432
|
||||
networks:
|
||||
- private
|
||||
ports:
|
||||
|
|
|
@ -11,7 +11,7 @@ services:
|
|||
image: ${DOCKER_REPOSITORY}/alertmanager:${DOCKER_IMAGE_TAG}
|
||||
labels:
|
||||
- SERVICE_9093_CHECK_TCP=true
|
||||
- SERVICE_9093_NAME=${COMPOSE_SERVICE_NAME}-alertmanager:9093
|
||||
- SERVICE_9093_NAME=${COMPOSE_SERVICE_NAME}-alertmanager-9093
|
||||
- SERVICE_9093_TAGS=${ALERTMANAGER_SERVICE_9093_TAGS}
|
||||
networks:
|
||||
- private
|
||||
|
|
|
@ -10,7 +10,7 @@ services:
|
|||
image: ${DOCKER_REPOSITORY}/blackbox:${DOCKER_IMAGE_TAG}
|
||||
labels:
|
||||
- SERVICE_9115_CHECK_TCP=true
|
||||
- SERVICE_9115_NAME=${COMPOSE_SERVICE_NAME}-blackbox:9115
|
||||
- SERVICE_9115_NAME=${COMPOSE_SERVICE_NAME}-blackbox-9115
|
||||
- SERVICE_9115_TAGS=${BLACKBOX_SERVICE_9115_TAGS}
|
||||
networks:
|
||||
- private
|
||||
|
|
|
@ -11,7 +11,7 @@ services:
|
|||
image: ${DOCKER_REPOSITORY}/es-exporter:${DOCKER_IMAGE_TAG}
|
||||
labels:
|
||||
- SERVICE_9206_CHECK_TCP=true
|
||||
- SERVICE_9206_NAME=${COMPOSE_SERVICE_NAME}-es-exporter:9206
|
||||
- SERVICE_9206_NAME=${COMPOSE_SERVICE_NAME}-es-exporter-9206
|
||||
- SERVICE_9206_TAGS=${ES_EXPORTER_SERVICE_9206_TAGS}
|
||||
networks:
|
||||
- private
|
||||
|
|
|
@ -12,7 +12,7 @@ services:
|
|||
image: ${DOCKER_REPOSITORY}/prometheus:${DOCKER_IMAGE_TAG}
|
||||
labels:
|
||||
- SERVICE_9090_CHECK_TCP=true
|
||||
- SERVICE_9090_NAME=${COMPOSE_SERVICE_NAME}-prometheus:9090
|
||||
- SERVICE_9090_NAME=${COMPOSE_SERVICE_NAME}-prometheus-9090
|
||||
- SERVICE_9090_TAGS=${PROMETHEUS_SERVICE_9090_TAGS}
|
||||
networks:
|
||||
- private
|
||||
|
|
|
@ -7,10 +7,10 @@ services:
|
|||
- SERVICE_4369_IGNORE=true
|
||||
- SERVICE_5671_IGNORE=true
|
||||
- SERVICE_5672_CHECK_TCP=true
|
||||
- SERVICE_5672_NAME=${COMPOSE_SERVICE_NAME}-rabbitmq:5672
|
||||
- SERVICE_5672_NAME=${COMPOSE_SERVICE_NAME}-rabbitmq-5672
|
||||
- SERVICE_15671_IGNORE=true
|
||||
- SERVICE_15672_CHECK_HTTP=/
|
||||
- SERVICE_15672_NAME=${COMPOSE_SERVICE_NAME}-rabbitmq:15672
|
||||
- SERVICE_15672_NAME=${COMPOSE_SERVICE_NAME}-rabbitmq-15672
|
||||
- SERVICE_15672_TAGS=${RABBITMQ_SERVICE_15672_TAGS}
|
||||
- SERVICE_25672_IGNORE=true
|
||||
networks:
|
||||
|
|
|
@ -6,7 +6,7 @@ services:
|
|||
command: redis-server --appendonly yes
|
||||
labels:
|
||||
- SERVICE_6379_CHECK_TCP=true
|
||||
- SERVICE_6379_NAME=${COMPOSE_SERVICE_NAME}-redis:6379
|
||||
- SERVICE_6379_NAME=${COMPOSE_SERVICE_NAME}-redis-6379
|
||||
networks:
|
||||
- private
|
||||
ports:
|
||||
|
|
|
@ -23,7 +23,7 @@ services:
|
|||
- TZ=Europe/Paris
|
||||
labels:
|
||||
- SERVICE_80_CHECK_TCP=true
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine:80
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine-80
|
||||
- SERVICE_80_TAGS=${REDMINE_SERVICE_80_TAGS}
|
||||
- SERVICE_443_IGNORE=true
|
||||
networks:
|
||||
|
|
|
@ -16,7 +16,7 @@ services:
|
|||
- TZ=Europe/Paris
|
||||
labels:
|
||||
- SERVICE_80_CHECK_TCP=true
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine3:80
|
||||
- SERVICE_80_NAME=${COMPOSE_SERVICE_NAME}-redmine3-80
|
||||
- SERVICE_80_TAGS=${REDMINE3_SERVICE_80_TAGS}
|
||||
- SERVICE_443_IGNORE=true
|
||||
networks:
|
||||
|
|
|
@ -24,7 +24,7 @@ services:
|
|||
image: ${DOCKER_REPOSITORY}/theia:${DOCKER_IMAGE_TAG}
|
||||
labels:
|
||||
- SERVICE_3000_CHECK_TCP=true
|
||||
- SERVICE_3000_NAME=${COMPOSE_SERVICE_NAME}-theia:3000
|
||||
- SERVICE_3000_NAME=${COMPOSE_SERVICE_NAME}-theia-3000
|
||||
- SERVICE_3000_TAGS=${THEIA_SERVICE_3000_TAGS}
|
||||
networks:
|
||||
- private
|
||||
|
|
Loading…
Reference in New Issue