mirror of
https://github.com/furyhawk/cloudy.git
synced 2026-05-22 07:56:49 +00:00
Refactor traefik.yml to update routing rules for chat and bot subdomains
This commit is contained in:
@@ -11,10 +11,10 @@ services:
|
|||||||
published: 443
|
published: 443
|
||||||
mode: host
|
mode: host
|
||||||
# - "7687:7687"
|
# - "7687:7687"
|
||||||
# - "8083:8083"
|
- "8083:8083"
|
||||||
# - "8084:8084"
|
- "8084:8084"
|
||||||
# - "8883:8883"
|
- "8883:8883"
|
||||||
# - "5432:5432"
|
- "5432:5432"
|
||||||
deploy:
|
deploy:
|
||||||
placement:
|
placement:
|
||||||
constraints:
|
constraints:
|
||||||
@@ -33,7 +33,22 @@ services:
|
|||||||
# admin-auth middleware with HTTP Basic auth
|
# admin-auth middleware with HTTP Basic auth
|
||||||
# Using the environment variables USERNAME and HASHED_PASSWORD
|
# Using the environment variables USERNAME and HASHED_PASSWORD
|
||||||
- traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set}
|
- traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set}
|
||||||
- traefik.http.middlewares.csrf.headers.hostsProxyHeaders=["X-CSRFToken"]
|
- traefik.http.middlewares.csrf.headers.hostsProxyHeaders=["X-CSRF-Token"]
|
||||||
|
- traefik.http.middlewares.no-www.redirectregex.regex=^https://www.(.*)$$
|
||||||
|
- traefik.http.middlewares.no-www.redirectregex.replacement=https://$$1
|
||||||
|
- traefik.http.middlewares.no-www.redirectregex.permanent=true
|
||||||
|
- traefik.http.middlewares.sslheader.headers.sslProxyHeaders.X-Forwarded-Proto="https,wss"
|
||||||
|
- traefik.http.middlewares.sslheader.headers.sslRedirect=true
|
||||||
|
- traefik.http.middlewares.redirect-resume.redirectregex.regex=^https://resume.${DOMAIN?Variable not set}/(.*)
|
||||||
|
- traefik.http.middlewares.redirect-resume.redirectregex.replacement=https://info.${DOMAIN?Variable not set}/resume/$$1
|
||||||
|
- traefik.http.middlewares.redirect-resume.redirectregex.permanent=true
|
||||||
|
- traefik.http.middlewares.redirect-blog.redirectregex.regex=^https://blog.${DOMAIN?Variable not set}/(.*)
|
||||||
|
- traefik.http.middlewares.redirect-blog.redirectregex.replacement=https://furyhawk.github.io/124c41/$$1
|
||||||
|
- traefik.http.middlewares.redirect-blog.redirectregex.permanent=true
|
||||||
|
- traefik.http.middlewares.rate-limit.ratelimit.average=384
|
||||||
|
- traefik.http.middlewares.rate-limit.ratelimit.burst=128
|
||||||
|
- traefik.http.middlewares.rate-limit.ratelimit.period=10s
|
||||||
|
- treafik.http.middlewares.neo4j_strip.stripprefix.prefixes=/neo4j
|
||||||
# traefik-https the actual router using HTTPS
|
# traefik-https the actual router using HTTPS
|
||||||
- traefik.http.routers.traefik-public-https.rule=Host(`dashboard.${DOMAIN?Variable not set}`)
|
- traefik.http.routers.traefik-public-https.rule=Host(`dashboard.${DOMAIN?Variable not set}`)
|
||||||
- traefik.http.routers.traefik-public-https.entrypoints=https
|
- traefik.http.routers.traefik-public-https.entrypoints=https
|
||||||
@@ -58,7 +73,9 @@ services:
|
|||||||
- --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)
|
- --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)
|
||||||
# Do not expose all Docker services, only the ones explicitly exposed
|
# Do not expose all Docker services, only the ones explicitly exposed
|
||||||
- --providers.docker.exposedbydefault=false
|
- --providers.docker.exposedbydefault=false
|
||||||
|
- --providers.docker.endpoint=unix:///var/run/docker.sock
|
||||||
# Enable Docker Swarm mode
|
# Enable Docker Swarm mode
|
||||||
|
- --providers.swarm.exposedbydefault=false
|
||||||
- --providers.swarm.endpoint=unix:///var/run/docker.sock
|
- --providers.swarm.endpoint=unix:///var/run/docker.sock
|
||||||
# Create an entrypoint "http" listening on port 80
|
# Create an entrypoint "http" listening on port 80
|
||||||
- --entrypoints.http.address=:80
|
- --entrypoints.http.address=:80
|
||||||
+35
-14
@@ -17,15 +17,34 @@ services:
|
|||||||
volumes:
|
volumes:
|
||||||
- emqx-data1:/opt/emqx/data
|
- emqx-data1:/opt/emqx/data
|
||||||
deploy:
|
deploy:
|
||||||
mode: replicated
|
|
||||||
replicas: 1
|
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- traefik.enable=true
|
||||||
- "traefik.http.routers.emqx1.entrypoints=web-secure"
|
- traefik.docker.network=traefik-public
|
||||||
- "traefik.http.routers.emqx1.rule=Host(`mqtt.${DOMAINNAME}`)"
|
- traefik.constraint-label=traefik-public
|
||||||
- "traefik.http.routers.emqx1.tls.certresolver=letsencrypt"
|
- traefik.tcp.routers.emqx1-tcp-ws.entrypoints=web-socket
|
||||||
- "traefik.http.routers.emqx1.service=emqx-dashboard"
|
- traefik.tcp.routers.emqx1-tcp-ws.rule=HostSNI(`*`)
|
||||||
- "traefik.http.services.emqx-dashboard.loadbalancer.server.port=18083"
|
- traefik.tcp.routers.emqx1-tcp-ws.service=emqx1-tcp-ws
|
||||||
|
- traefik.tcp.services.emqx1-tcp-ws.loadbalancer.server.port=8083
|
||||||
|
- traefik.tcp.routers.emqx1-tcp-wss.entrypoints=web-socket-secure
|
||||||
|
- traefik.tcp.routers.emqx1-tcp-wss.rule=HostSNIRegexp(`^.+\\.${DOMAIN}$`)
|
||||||
|
- traefik.tcp.routers.emqx1-tcp-wss.tls.certresolver=le
|
||||||
|
- traefik.tcp.routers.emqx1-tcp-wss.service=emqx1-tcp-wss
|
||||||
|
- traefik.tcp.services.emqx1-tcp-wss.loadbalancer.server.port=8084
|
||||||
|
- traefik.http.routers.emqx1.entrypoints=https
|
||||||
|
- traefik.http.routers.emqx1.rule=Host(`mqtt.${DOMAIN}`)
|
||||||
|
- traefik.http.routers.emqx1.tls.certresolver=le
|
||||||
|
- traefik.http.routers.emqx1.service=emqx-dashboard
|
||||||
|
- traefik.http.services.emqx-dashboard.loadbalancer.server.port=18083
|
||||||
|
- traefik.http.routers.emqx1-web.entrypoints=web-socket
|
||||||
|
- traefik.http.routers.emqx1-web.rule=Host(`broker.${DOMAIN}`) || Host(`mqtt.${DOMAIN}`) || Host(`mqttx.${DOMAIN}`)
|
||||||
|
- traefik.http.routers.emqx1-web.tls.certresolver=le
|
||||||
|
- traefik.http.routers.emqx1-web.service=emqx1-web
|
||||||
|
- traefik.http.services.emqx1-web.loadbalancer.server.port=8083
|
||||||
|
- traefik.http.routers.emqx1-wss.entrypoints=web-socket-secure
|
||||||
|
- traefik.http.routers.emqx1-wss.rule=Host(`broker.${DOMAIN}`) || Host(`mqtt.${DOMAIN}`) || Host(`mqttx.${DOMAIN}`)
|
||||||
|
- traefik.http.routers.emqx1-wss.tls.certresolver=le
|
||||||
|
- traefik.http.routers.emqx1-wss.service=emqx1-wss
|
||||||
|
- traefik.http.services.emqx1-wss.loadbalancer.server.port=8084
|
||||||
|
|
||||||
mqttx-web:
|
mqttx-web:
|
||||||
image: emqx/mqttx-web:latest
|
image: emqx/mqttx-web:latest
|
||||||
@@ -34,12 +53,14 @@ services:
|
|||||||
- traefik-public
|
- traefik-public
|
||||||
deploy:
|
deploy:
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- traefik.enable=true
|
||||||
- "traefik.http.routers.mqttx-web.entrypoints=web-secure"
|
- traefik.docker.network=traefik-public
|
||||||
- "traefik.http.routers.mqttx-web.rule=Host(`mqttx.${DOMAINNAME}`)"
|
- traefik.constraint-label=traefik-public
|
||||||
- "traefik.http.routers.mqttx-web.tls.certresolver=letsencrypt"
|
- traefik.http.routers.mqttx-web.entrypoints=https
|
||||||
- "traefik.http.routers.mqttx-web.service=mqttx-web-service"
|
- traefik.http.routers.mqttx-web.rule=Host(`mqttx.${DOMAIN}`)
|
||||||
- "traefik.http.services.mqttx-web-service.loadbalancer.server.port=80"
|
- traefik.http.routers.mqttx-web.tls.certresolver=le
|
||||||
|
- traefik.http.routers.mqttx-web.service=mqttx-web-service
|
||||||
|
- traefik.http.services.mqttx-web-service.loadbalancer.server.port=80
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
traefik-public:
|
traefik-public:
|
||||||
|
|||||||
@@ -0,0 +1,253 @@
|
|||||||
|
volumes:
|
||||||
|
minio_data: {}
|
||||||
|
neo4j_data: {}
|
||||||
|
neo4j_logs: {}
|
||||||
|
postgres_data: {}
|
||||||
|
|
||||||
|
services:
|
||||||
|
api_server:
|
||||||
|
image: furyhawk/listen:latest
|
||||||
|
restart: always
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
environment:
|
||||||
|
DATABASE__HOSTNAME: ${DATABASE__HOSTNAME}
|
||||||
|
DATABASE__USERNAME: ${POSTGRES_USER}
|
||||||
|
DATABASE__PASSWORD: ${POSTGRES_PASSWORD}
|
||||||
|
DATABASE__PORT: ${DATABASE__PORT}
|
||||||
|
DATABASE__DB: ${DATABASE__DB}
|
||||||
|
SECURITY__JWT_SECRET_KEY: ${SECURITY__JWT_SECRET_KEY}
|
||||||
|
SECURITY__BACKEND_CORS_ORIGINS: ${SECURITY__BACKEND_CORS_ORIGINS}
|
||||||
|
SECURITY__ALLOWED_HOSTS: ${SECURITY__ALLOWED_HOSTS}
|
||||||
|
DOMAINNAME: ${DOMAINNAME}
|
||||||
|
ports:
|
||||||
|
- "8000:8000"
|
||||||
|
networks:
|
||||||
|
- net
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.api_server.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.api_server.rule=Host(`api.${DOMAINNAME}`)"
|
||||||
|
- "traefik.http.routers.api_server.middlewares=csrf@file, rate-limit@file"
|
||||||
|
- "traefik.http.routers.api_server.tls.certresolver=letsencrypt"
|
||||||
|
- "traefik.http.routers.api_server.service=api_server_service"
|
||||||
|
- "traefik.http.services.api_server_service.loadbalancer.server.port=8000"
|
||||||
|
|
||||||
|
postgres:
|
||||||
|
image: postgres
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: ${POSTGRES_DB}
|
||||||
|
POSTGRES_USER: ${POSTGRES_USER}
|
||||||
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||||
|
PGDATA: "/var/lib/postgresql/data"
|
||||||
|
LANG: en_US.utf8
|
||||||
|
TZ: Asia/Singapore
|
||||||
|
# DOMAINNAME: ${DOMAINNAME}
|
||||||
|
command: ["postgres", "-c", "log_connections=on"]
|
||||||
|
volumes:
|
||||||
|
- postgres_data:/var/lib/postgresql/data
|
||||||
|
# - ./config/postgresql.conf:/etc/postgresql.conf
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
|
||||||
|
interval: 30s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 10
|
||||||
|
# ports:
|
||||||
|
# - "5432:5432"
|
||||||
|
expose:
|
||||||
|
- 5432
|
||||||
|
networks:
|
||||||
|
- net
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.tcp.routers.postgres.entrypoints=postgres-socket"
|
||||||
|
- "traefik.tcp.routers.postgres.rule=HostSNI(`*`)"
|
||||||
|
- "traefik.tcp.routers.postgres.service=postgres_service"
|
||||||
|
- "traefik.tcp.services.postgres_service.loadbalancer.server.port=5432"
|
||||||
|
# - "traefik.tcp.middlewares.test-inflightconn.inflightconn.amount=10"
|
||||||
|
# - "traefik.tcp.routers.postgres.rule=HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)"
|
||||||
|
# - "traefik.tcp.routers.postgres.tls=true"
|
||||||
|
# - "traefik.tcp.routers.postgres.tls.certresolver=letsencrypt"
|
||||||
|
# - "traefik.tcp.routers.postgres.middlewares=test-inflightconn"
|
||||||
|
# - "traefik.http.routers.postgres.entrypoints=web-secure"
|
||||||
|
# - "traefik.http.routers.postgres.rule=Host(`db.${DOMAINNAME}`)"
|
||||||
|
# - "traefik.http.routers.postgres.middlewares=rate-limit@file, csrf@file"
|
||||||
|
# - "traefik.http.routers.postgres.tls.certresolver=letsencrypt"
|
||||||
|
# - "traefik.http.routers.postgres.service=postgres_service"
|
||||||
|
# - "traefik.http.services.postgres_service.loadbalancer.server.port=5432"
|
||||||
|
|
||||||
|
osrm-backend:
|
||||||
|
environment:
|
||||||
|
# OSRM manager setup
|
||||||
|
- OSRM_ALGORITHM=mld
|
||||||
|
- OSRM_THREADS=2
|
||||||
|
- OSRM_PORT=${OSRM_PORT:-5000}
|
||||||
|
- OSRM_PROFILE=/opt/car.lua
|
||||||
|
- OSRM_MAP_NAME=${OSRM_MAP_NAME}
|
||||||
|
- OSRM_GEOFABRIK_PATH=${OSRM_GEOFABRIK_PATH}
|
||||||
|
# Notify OSRM Manager to restart without stopping container
|
||||||
|
- OSRM_NOTIFY_FILEPATH=/data/osrm_notify.txt
|
||||||
|
- DOMAINNAME=${DOMAINNAME}
|
||||||
|
image: furyhawk/osrm-backend:${OSRM_VERSION:-latest}
|
||||||
|
restart: unless-stopped
|
||||||
|
expose:
|
||||||
|
- ${OSRM_PORT:-5000}
|
||||||
|
networks:
|
||||||
|
- net
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.osrm-backend.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.osrm-backend.rule=Host(`osrm.${DOMAINNAME}`)"
|
||||||
|
- "traefik.http.routers.osrm-backend.middlewares=csrf@file"
|
||||||
|
- "traefik.http.routers.osrm-backend.tls.certresolver=letsencrypt"
|
||||||
|
- "traefik.http.routers.osrm-backend.service=osrm_backend_service"
|
||||||
|
- "traefik.http.services.osrm_backend_service.loadbalancer.server.port=${OSRM_PORT:-5000}"
|
||||||
|
|
||||||
|
minio-common:
|
||||||
|
image: minio/minio:latest
|
||||||
|
environment:
|
||||||
|
MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}"
|
||||||
|
MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:-minioadmin}"
|
||||||
|
MINIO_OPTS: "--console-address :9001"
|
||||||
|
MINIO_SERVER_URL: https://minio.${DOMAINNAME}
|
||||||
|
DOMAINNAME: ${DOMAINNAME}
|
||||||
|
# user: "1000:1000"
|
||||||
|
restart: unless-stopped
|
||||||
|
command: server /data --address :9000 --console-address :9001
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD", "mc", "ready", "local"]
|
||||||
|
interval: 60s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 5
|
||||||
|
volumes:
|
||||||
|
- minio_data:/data
|
||||||
|
expose:
|
||||||
|
- 9000
|
||||||
|
- 9001
|
||||||
|
networks:
|
||||||
|
- net
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.minio-router.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.minio-router.rule=Host(`drive.${DOMAINNAME}`) || Host(`storage.${DOMAINNAME}`)"
|
||||||
|
- "traefik.http.routers.minio-router.middlewares=csrf@file"
|
||||||
|
- "traefik.http.routers.minio-router.tls.certresolver=letsencrypt"
|
||||||
|
- "traefik.http.routers.minio-router.service=minio_common_service"
|
||||||
|
- "traefik.http.services.minio_common_service.loadbalancer.server.port=9001"
|
||||||
|
- "traefik.http.routers.minio-api-router.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.minio-api-router.rule=Host(`minio.${DOMAINNAME}`) || Host(`s3.${DOMAINNAME}`)"
|
||||||
|
- "traefik.http.routers.minio-api-router.middlewares=csrf@file"
|
||||||
|
- "traefik.http.routers.minio-api-router.tls.certresolver=letsencrypt"
|
||||||
|
- "traefik.http.routers.minio-api-router.service=minio_api_service"
|
||||||
|
- "traefik.http.services.minio_api_service.loadbalancer.server.port=9000"
|
||||||
|
|
||||||
|
neo4j_server:
|
||||||
|
# Docker image to be used
|
||||||
|
image: ${NEO4J_DOCKER_IMAGE:-neo4j:latest}
|
||||||
|
restart: unless-stopped
|
||||||
|
# Environment variables
|
||||||
|
environment:
|
||||||
|
NEO4J_AUTH: neo4j/${NEO4J_PASSWORD:-12345678}
|
||||||
|
NEO4J_dbms.default_listen_address: "0.0.0.0"
|
||||||
|
NEO4J_dbms.default_advertised_address: "neo4j.${DOMAINNAME}"
|
||||||
|
NEO4J_dbms.connector.bolt.advertised_address: ":443"
|
||||||
|
NEO4J_PLUGINS: '["apoc"]'
|
||||||
|
NEO4J_dbms_security_procedures_unrestricted: "apoc.*"
|
||||||
|
NEO4J_dbms_security_procedures_allowlist: "apoc.*"
|
||||||
|
NEO4J_server_memory_pagecache_size: 512M
|
||||||
|
NEO4J_server_memory_heap_max__size: 2G
|
||||||
|
DOMAINNAME: ${DOMAINNAME}
|
||||||
|
user: "1000:1000"
|
||||||
|
depends_on:
|
||||||
|
- traefik
|
||||||
|
volumes:
|
||||||
|
- neo4j_data:/data
|
||||||
|
- neo4j_logs:/logs
|
||||||
|
# Expose ports
|
||||||
|
expose:
|
||||||
|
- 7474
|
||||||
|
- 7687
|
||||||
|
networks:
|
||||||
|
- net
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.neo4j-router.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.neo4j-router.rule=Host(`neo4j.${DOMAINNAME}`) && PathPrefix(`/neo4j`)||PathPrefix(`/browser`)"
|
||||||
|
- "traefik.http.routers.neo4j-router.middlewares=csrf@file, neo4j_strip@file"
|
||||||
|
- "traefik.http.routers.neo4j-router.tls.certresolver=letsencrypt"
|
||||||
|
- "traefik.http.routers.neo4j-router.service=neo4j_browser"
|
||||||
|
- "traefik.http.services.neo4j_browser.loadbalancer.server.port=7474"
|
||||||
|
- "traefik.http.routers.neo4j-bolt-router.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.neo4j-bolt-router.rule=Host(`neo4j.${DOMAINNAME}`)"
|
||||||
|
- "traefik.http.routers.neo4j-bolt-router.middlewares=csrf@file"
|
||||||
|
- "traefik.http.routers.neo4j-bolt-router.tls.certresolver=letsencrypt"
|
||||||
|
- "traefik.http.routers.neo4j-bolt-router.service=neo4j_bolt"
|
||||||
|
- "traefik.http.services.neo4j_bolt.loadbalancer.server.port=7687"
|
||||||
|
- "traefik.tcp.routers.neo4j-bolt-router.entrypoints=bolt-socket"
|
||||||
|
- "traefik.tcp.routers.neo4j-bolt-router.rule=HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)"
|
||||||
|
- "traefik.tcp.routers.neo4j-bolt-router.tls=true"
|
||||||
|
- "traefik.tcp.routers.neo4j-bolt-router.tls.certresolver=letsencrypt"
|
||||||
|
- "traefik.tcp.routers.neo4j-bolt-router.service=neo4j_bolt"
|
||||||
|
- "traefik.tcp.services.neo4j_bolt.loadbalancer.server.port=7687"
|
||||||
|
|
||||||
|
syncthing:
|
||||||
|
image: syncthing/syncthing
|
||||||
|
environment:
|
||||||
|
- PUID=1000
|
||||||
|
- PGID=1000
|
||||||
|
- DOMAINNAME=${DOMAINNAME}
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- ~/st-sync:/var/syncthing
|
||||||
|
ports:
|
||||||
|
- "8384:8384" # Web UI
|
||||||
|
- "22000:22000/tcp" # TCP file transfers
|
||||||
|
- "22000:22000/udp" # QUIC file transfers
|
||||||
|
- "21027:21027/udp" # Receive local discovery broadcasts
|
||||||
|
networks:
|
||||||
|
- net
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.syncthing.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.syncthing.rule=Host(`sync.${DOMAINNAME}`)"
|
||||||
|
- "traefik.http.routers.syncthing.middlewares=csrf@file"
|
||||||
|
- "traefik.http.routers.syncthing.tls.certresolver=letsencrypt"
|
||||||
|
- "traefik.http.routers.syncthing.service=syncthing_service"
|
||||||
|
- "traefik.http.services.syncthing_service.loadbalancer.server.port=8384"
|
||||||
|
|
||||||
|
dozzle:
|
||||||
|
image: amir20/dozzle:latest
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
- DOMAINNAME=${DOMAINNAME}
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
expose:
|
||||||
|
- 8080
|
||||||
|
networks:
|
||||||
|
- net
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.dozzle.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.dozzle.rule=Host(`log.${DOMAINNAME}`)"
|
||||||
|
- "traefik.http.routers.dozzle.middlewares=auth@file, csrf@file"
|
||||||
|
- "traefik.http.routers.dozzle.tls.certresolver=letsencrypt"
|
||||||
|
- "traefik.http.routers.dozzle.service=dozzle_service"
|
||||||
|
- "traefik.http.services.dozzle_service.loadbalancer.server.port=8080"
|
||||||
|
|
||||||
|
# WhoAmI - For Testing and Troubleshooting
|
||||||
|
whoami:
|
||||||
|
image: traefik/whoami
|
||||||
|
security_opt:
|
||||||
|
- no-new-privileges:true
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
- net
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.whoami-rtr.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.whoami-rtr.rule=Host(`whoami.$DOMAINNAME`)"
|
||||||
|
- "traefik.http.routers.whoami-rtr.middlewares=csrf@file"
|
||||||
|
- "traefik.http.routers.whoami-rtr.tls.certresolver=letsencrypt"
|
||||||
|
- "traefik.http.routers.whoami-rtr.service=whoami-svc"
|
||||||
|
- "traefik.http.services.whoami-svc.loadbalancer.server.port=80"
|
||||||
+69
-184
@@ -1,9 +1,3 @@
|
|||||||
volumes:
|
|
||||||
minio_data: {}
|
|
||||||
neo4j_data: {}
|
|
||||||
neo4j_logs: {}
|
|
||||||
postgres_data: {}
|
|
||||||
|
|
||||||
services:
|
services:
|
||||||
api_server:
|
api_server:
|
||||||
image: furyhawk/listen:latest
|
image: furyhawk/listen:latest
|
||||||
@@ -19,19 +13,22 @@ services:
|
|||||||
SECURITY__JWT_SECRET_KEY: ${SECURITY__JWT_SECRET_KEY}
|
SECURITY__JWT_SECRET_KEY: ${SECURITY__JWT_SECRET_KEY}
|
||||||
SECURITY__BACKEND_CORS_ORIGINS: ${SECURITY__BACKEND_CORS_ORIGINS}
|
SECURITY__BACKEND_CORS_ORIGINS: ${SECURITY__BACKEND_CORS_ORIGINS}
|
||||||
SECURITY__ALLOWED_HOSTS: ${SECURITY__ALLOWED_HOSTS}
|
SECURITY__ALLOWED_HOSTS: ${SECURITY__ALLOWED_HOSTS}
|
||||||
DOMAINNAME: ${DOMAINNAME}
|
DOMAIN: ${DOMAIN}
|
||||||
ports:
|
ports:
|
||||||
- "8000:8000"
|
- "8000:8000"
|
||||||
networks:
|
networks:
|
||||||
- net
|
- traefik-public
|
||||||
labels:
|
deploy:
|
||||||
- "traefik.enable=true"
|
labels:
|
||||||
- "traefik.http.routers.api_server.entrypoints=web-secure"
|
- traefik.enable=true
|
||||||
- "traefik.http.routers.api_server.rule=Host(`api.${DOMAINNAME}`)"
|
- traefik.docker.network=traefik-public
|
||||||
- "traefik.http.routers.api_server.middlewares=csrf@file, rate-limit@file"
|
- traefik.constraint-label=traefik-public
|
||||||
- "traefik.http.routers.api_server.tls.certresolver=letsencrypt"
|
- traefik.http.routers.api_server.entrypoints=https
|
||||||
- "traefik.http.routers.api_server.service=api_server_service"
|
- traefik.http.routers.api_server.rule=Host(`api.${DOMAIN}`)
|
||||||
- "traefik.http.services.api_server_service.loadbalancer.server.port=8000"
|
- traefik.http.routers.api_server.middlewares=rate-limit
|
||||||
|
- traefik.http.routers.api_server.tls.certresolver=le
|
||||||
|
- traefik.http.routers.api_server.service=api_server_service
|
||||||
|
- traefik.http.services.api_server_service.loadbalancer.server.port=8000
|
||||||
|
|
||||||
postgres:
|
postgres:
|
||||||
image: postgres
|
image: postgres
|
||||||
@@ -42,7 +39,6 @@ services:
|
|||||||
PGDATA: "/var/lib/postgresql/data"
|
PGDATA: "/var/lib/postgresql/data"
|
||||||
LANG: en_US.utf8
|
LANG: en_US.utf8
|
||||||
TZ: Asia/Singapore
|
TZ: Asia/Singapore
|
||||||
# DOMAINNAME: ${DOMAINNAME}
|
|
||||||
command: ["postgres", "-c", "log_connections=on"]
|
command: ["postgres", "-c", "log_connections=on"]
|
||||||
volumes:
|
volumes:
|
||||||
- postgres_data:/var/lib/postgresql/data
|
- postgres_data:/var/lib/postgresql/data
|
||||||
@@ -52,29 +48,17 @@ services:
|
|||||||
interval: 30s
|
interval: 30s
|
||||||
timeout: 10s
|
timeout: 10s
|
||||||
retries: 10
|
retries: 10
|
||||||
# ports:
|
|
||||||
# - "5432:5432"
|
|
||||||
expose:
|
|
||||||
- 5432
|
|
||||||
networks:
|
networks:
|
||||||
- net
|
- traefik-public
|
||||||
labels:
|
deploy:
|
||||||
- "traefik.enable=true"
|
labels:
|
||||||
- "traefik.tcp.routers.postgres.entrypoints=postgres-socket"
|
- traefik.enable=true
|
||||||
- "traefik.tcp.routers.postgres.rule=HostSNI(`*`)"
|
- traefik.docker.network=traefik-public
|
||||||
- "traefik.tcp.routers.postgres.service=postgres_service"
|
- traefik.constraint-label=traefik-public
|
||||||
- "traefik.tcp.services.postgres_service.loadbalancer.server.port=5432"
|
- traefik.tcp.routers.postgres.entrypoints=postgres-socket
|
||||||
# - "traefik.tcp.middlewares.test-inflightconn.inflightconn.amount=10"
|
- traefik.tcp.routers.postgres.rule=HostSNI(`*`)
|
||||||
# - "traefik.tcp.routers.postgres.rule=HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)"
|
- traefik.tcp.routers.postgres.service=postgres_service
|
||||||
# - "traefik.tcp.routers.postgres.tls=true"
|
- traefik.tcp.services.postgres_service.loadbalancer.server.port=5432
|
||||||
# - "traefik.tcp.routers.postgres.tls.certresolver=letsencrypt"
|
|
||||||
# - "traefik.tcp.routers.postgres.middlewares=test-inflightconn"
|
|
||||||
# - "traefik.http.routers.postgres.entrypoints=web-secure"
|
|
||||||
# - "traefik.http.routers.postgres.rule=Host(`db.${DOMAINNAME}`)"
|
|
||||||
# - "traefik.http.routers.postgres.middlewares=rate-limit@file, csrf@file"
|
|
||||||
# - "traefik.http.routers.postgres.tls.certresolver=letsencrypt"
|
|
||||||
# - "traefik.http.routers.postgres.service=postgres_service"
|
|
||||||
# - "traefik.http.services.postgres_service.loadbalancer.server.port=5432"
|
|
||||||
|
|
||||||
osrm-backend:
|
osrm-backend:
|
||||||
environment:
|
environment:
|
||||||
@@ -87,153 +71,46 @@ services:
|
|||||||
- OSRM_GEOFABRIK_PATH=${OSRM_GEOFABRIK_PATH}
|
- OSRM_GEOFABRIK_PATH=${OSRM_GEOFABRIK_PATH}
|
||||||
# Notify OSRM Manager to restart without stopping container
|
# Notify OSRM Manager to restart without stopping container
|
||||||
- OSRM_NOTIFY_FILEPATH=/data/osrm_notify.txt
|
- OSRM_NOTIFY_FILEPATH=/data/osrm_notify.txt
|
||||||
- DOMAINNAME=${DOMAINNAME}
|
- DOMAIN=${DOMAIN}
|
||||||
image: furyhawk/osrm-backend:${OSRM_VERSION:-latest}
|
image: furyhawk/osrm-backend:${OSRM_VERSION:-latest}
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
expose:
|
|
||||||
- ${OSRM_PORT:-5000}
|
|
||||||
networks:
|
networks:
|
||||||
- net
|
- traefik-public
|
||||||
labels:
|
deploy:
|
||||||
- "traefik.enable=true"
|
labels:
|
||||||
- "traefik.http.routers.osrm-backend.entrypoints=web-secure"
|
- traefik.enable=true
|
||||||
- "traefik.http.routers.osrm-backend.rule=Host(`osrm.${DOMAINNAME}`)"
|
- traefik.docker.network=traefik-public
|
||||||
- "traefik.http.routers.osrm-backend.middlewares=csrf@file"
|
- traefik.constraint-label=traefik-public
|
||||||
- "traefik.http.routers.osrm-backend.tls.certresolver=letsencrypt"
|
- traefik.http.routers.osrm-backend.entrypoints=https
|
||||||
- "traefik.http.routers.osrm-backend.service=osrm_backend_service"
|
- traefik.http.routers.osrm-backend.rule=Host(`osrm.${DOMAIN}`)
|
||||||
- "traefik.http.services.osrm_backend_service.loadbalancer.server.port=${OSRM_PORT:-5000}"
|
- traefik.http.routers.osrm-backend.middlewares=ratelimit
|
||||||
|
- traefik.http.routers.osrm-backend.tls.certresolver=le
|
||||||
minio-common:
|
- traefik.http.routers.osrm-backend.service=osrm_backend_service
|
||||||
image: minio/minio:latest
|
- traefik.http.services.osrm_backend_service.loadbalancer.server.port=${OSRM_PORT:-5000}
|
||||||
environment:
|
|
||||||
MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}"
|
|
||||||
MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:-minioadmin}"
|
|
||||||
MINIO_OPTS: "--console-address :9001"
|
|
||||||
MINIO_SERVER_URL: https://minio.${DOMAINNAME}
|
|
||||||
DOMAINNAME: ${DOMAINNAME}
|
|
||||||
# user: "1000:1000"
|
|
||||||
restart: unless-stopped
|
|
||||||
command: server /data --address :9000 --console-address :9001
|
|
||||||
healthcheck:
|
|
||||||
test: ["CMD", "mc", "ready", "local"]
|
|
||||||
interval: 60s
|
|
||||||
timeout: 5s
|
|
||||||
retries: 5
|
|
||||||
volumes:
|
|
||||||
- minio_data:/data
|
|
||||||
expose:
|
|
||||||
- 9000
|
|
||||||
- 9001
|
|
||||||
networks:
|
|
||||||
- net
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.minio-router.entrypoints=web-secure"
|
|
||||||
- "traefik.http.routers.minio-router.rule=Host(`drive.${DOMAINNAME}`) || Host(`storage.${DOMAINNAME}`)"
|
|
||||||
- "traefik.http.routers.minio-router.middlewares=csrf@file"
|
|
||||||
- "traefik.http.routers.minio-router.tls.certresolver=letsencrypt"
|
|
||||||
- "traefik.http.routers.minio-router.service=minio_common_service"
|
|
||||||
- "traefik.http.services.minio_common_service.loadbalancer.server.port=9001"
|
|
||||||
- "traefik.http.routers.minio-api-router.entrypoints=web-secure"
|
|
||||||
- "traefik.http.routers.minio-api-router.rule=Host(`minio.${DOMAINNAME}`) || Host(`s3.${DOMAINNAME}`)"
|
|
||||||
- "traefik.http.routers.minio-api-router.middlewares=csrf@file"
|
|
||||||
- "traefik.http.routers.minio-api-router.tls.certresolver=letsencrypt"
|
|
||||||
- "traefik.http.routers.minio-api-router.service=minio_api_service"
|
|
||||||
- "traefik.http.services.minio_api_service.loadbalancer.server.port=9000"
|
|
||||||
|
|
||||||
neo4j_server:
|
|
||||||
# Docker image to be used
|
|
||||||
image: ${NEO4J_DOCKER_IMAGE:-neo4j:latest}
|
|
||||||
restart: unless-stopped
|
|
||||||
# Environment variables
|
|
||||||
environment:
|
|
||||||
NEO4J_AUTH: neo4j/${NEO4J_PASSWORD:-12345678}
|
|
||||||
NEO4J_dbms.default_listen_address: "0.0.0.0"
|
|
||||||
NEO4J_dbms.default_advertised_address: "neo4j.${DOMAINNAME}"
|
|
||||||
NEO4J_dbms.connector.bolt.advertised_address: ":443"
|
|
||||||
NEO4J_PLUGINS: '["apoc"]'
|
|
||||||
NEO4J_dbms_security_procedures_unrestricted: "apoc.*"
|
|
||||||
NEO4J_dbms_security_procedures_allowlist: "apoc.*"
|
|
||||||
NEO4J_server_memory_pagecache_size: 512M
|
|
||||||
NEO4J_server_memory_heap_max__size: 2G
|
|
||||||
DOMAINNAME: ${DOMAINNAME}
|
|
||||||
user: "1000:1000"
|
|
||||||
depends_on:
|
|
||||||
- traefik
|
|
||||||
volumes:
|
|
||||||
- neo4j_data:/data
|
|
||||||
- neo4j_logs:/logs
|
|
||||||
# Expose ports
|
|
||||||
expose:
|
|
||||||
- 7474
|
|
||||||
- 7687
|
|
||||||
networks:
|
|
||||||
- net
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.neo4j-router.entrypoints=web-secure"
|
|
||||||
- "traefik.http.routers.neo4j-router.rule=Host(`neo4j.${DOMAINNAME}`) && PathPrefix(`/neo4j`)||PathPrefix(`/browser`)"
|
|
||||||
- "traefik.http.routers.neo4j-router.middlewares=csrf@file, neo4j_strip@file"
|
|
||||||
- "traefik.http.routers.neo4j-router.tls.certresolver=letsencrypt"
|
|
||||||
- "traefik.http.routers.neo4j-router.service=neo4j_browser"
|
|
||||||
- "traefik.http.services.neo4j_browser.loadbalancer.server.port=7474"
|
|
||||||
- "traefik.http.routers.neo4j-bolt-router.entrypoints=web-secure"
|
|
||||||
- "traefik.http.routers.neo4j-bolt-router.rule=Host(`neo4j.${DOMAINNAME}`)"
|
|
||||||
- "traefik.http.routers.neo4j-bolt-router.middlewares=csrf@file"
|
|
||||||
- "traefik.http.routers.neo4j-bolt-router.tls.certresolver=letsencrypt"
|
|
||||||
- "traefik.http.routers.neo4j-bolt-router.service=neo4j_bolt"
|
|
||||||
- "traefik.http.services.neo4j_bolt.loadbalancer.server.port=7687"
|
|
||||||
- "traefik.tcp.routers.neo4j-bolt-router.entrypoints=bolt-socket"
|
|
||||||
- "traefik.tcp.routers.neo4j-bolt-router.rule=HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)"
|
|
||||||
- "traefik.tcp.routers.neo4j-bolt-router.tls=true"
|
|
||||||
- "traefik.tcp.routers.neo4j-bolt-router.tls.certresolver=letsencrypt"
|
|
||||||
- "traefik.tcp.routers.neo4j-bolt-router.service=neo4j_bolt"
|
|
||||||
- "traefik.tcp.services.neo4j_bolt.loadbalancer.server.port=7687"
|
|
||||||
|
|
||||||
syncthing:
|
|
||||||
image: syncthing/syncthing
|
|
||||||
environment:
|
|
||||||
- PUID=1000
|
|
||||||
- PGID=1000
|
|
||||||
- DOMAINNAME=${DOMAINNAME}
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- ~/st-sync:/var/syncthing
|
|
||||||
ports:
|
|
||||||
- "8384:8384" # Web UI
|
|
||||||
- "22000:22000/tcp" # TCP file transfers
|
|
||||||
- "22000:22000/udp" # QUIC file transfers
|
|
||||||
- "21027:21027/udp" # Receive local discovery broadcasts
|
|
||||||
networks:
|
|
||||||
- net
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.syncthing.entrypoints=web-secure"
|
|
||||||
- "traefik.http.routers.syncthing.rule=Host(`sync.${DOMAINNAME}`)"
|
|
||||||
- "traefik.http.routers.syncthing.middlewares=csrf@file"
|
|
||||||
- "traefik.http.routers.syncthing.tls.certresolver=letsencrypt"
|
|
||||||
- "traefik.http.routers.syncthing.service=syncthing_service"
|
|
||||||
- "traefik.http.services.syncthing_service.loadbalancer.server.port=8384"
|
|
||||||
|
|
||||||
dozzle:
|
dozzle:
|
||||||
image: amir20/dozzle:latest
|
image: amir20/dozzle:latest
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
- DOMAINNAME=${DOMAINNAME}
|
- DOMAIN=${DOMAIN}
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
expose:
|
|
||||||
- 8080
|
|
||||||
networks:
|
networks:
|
||||||
- net
|
- traefik-public
|
||||||
labels:
|
deploy:
|
||||||
- "traefik.enable=true"
|
placement:
|
||||||
- "traefik.http.routers.dozzle.entrypoints=web-secure"
|
constraints:
|
||||||
- "traefik.http.routers.dozzle.rule=Host(`log.${DOMAINNAME}`)"
|
- node.role == manager
|
||||||
- "traefik.http.routers.dozzle.middlewares=auth@file, csrf@file"
|
labels:
|
||||||
- "traefik.http.routers.dozzle.tls.certresolver=letsencrypt"
|
- traefik.enable=true
|
||||||
- "traefik.http.routers.dozzle.service=dozzle_service"
|
- traefik.docker.network=traefik-public
|
||||||
- "traefik.http.services.dozzle_service.loadbalancer.server.port=8080"
|
- traefik.constraint-label=traefik-public
|
||||||
|
- traefik.http.routers.dozzle.entrypoints=https
|
||||||
|
- traefik.http.routers.dozzle.rule=Host(`log.${DOMAIN}`)
|
||||||
|
- traefik.http.routers.dozzle.middlewares=auth@file
|
||||||
|
- traefik.http.routers.dozzle.tls.certresolver=le
|
||||||
|
- traefik.http.routers.dozzle.service=dozzle_service
|
||||||
|
- traefik.http.services.dozzle_service.loadbalancer.server.port=8080
|
||||||
|
|
||||||
# WhoAmI - For Testing and Troubleshooting
|
# WhoAmI - For Testing and Troubleshooting
|
||||||
whoami:
|
whoami:
|
||||||
@@ -242,12 +119,20 @@ services:
|
|||||||
- no-new-privileges:true
|
- no-new-privileges:true
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
- net
|
- traefik-public
|
||||||
labels:
|
deploy:
|
||||||
- "traefik.enable=true"
|
labels:
|
||||||
- "traefik.http.routers.whoami-rtr.entrypoints=web-secure"
|
- traefik.enable=true
|
||||||
- "traefik.http.routers.whoami-rtr.rule=Host(`whoami.$DOMAINNAME`)"
|
- traefik.docker.network=traefik-public
|
||||||
- "traefik.http.routers.whoami-rtr.middlewares=csrf@file"
|
- traefik.constraint-label=traefik-public
|
||||||
- "traefik.http.routers.whoami-rtr.tls.certresolver=letsencrypt"
|
- traefik.http.routers.whoami-rtr.entrypoints=https
|
||||||
- "traefik.http.routers.whoami-rtr.service=whoami-svc"
|
- traefik.http.routers.whoami-rtr.rule=Host(`whoami.$DOMAIN`)
|
||||||
- "traefik.http.services.whoami-svc.loadbalancer.server.port=80"
|
- traefik.http.routers.whoami-rtr.tls.certresolver=le
|
||||||
|
- traefik.http.routers.whoami-rtr.service=whoami-svc
|
||||||
|
- traefik.http.services.whoami-svc.loadbalancer.server.port=80
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
postgres_data: {}
|
||||||
|
networks:
|
||||||
|
traefik-public:
|
||||||
|
external: true
|
||||||
|
|||||||
Reference in New Issue
Block a user