furyhawk/cloudy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor traefik and dozzle service configurations in docker-compose.yml

Browse Source
This commit is contained in:
Teck Meng
2024-05-29 14:21:59 +08:00
parent dc55872b5d
commit 9b1fafa848
2 changed files with 69 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files
compose/services.yml
+68 -4
View File
@@ -7,7 +7,6 @@ volumes:
services:
api_server:
image: furyhawk/listen:latest
container_name: api_server
restart: always
depends_on:
- postgres
@@ -20,14 +19,22 @@ services:
SECURITY__JWT_SECRET_KEY: ${SECURITY__JWT_SECRET_KEY}
SECURITY__BACKEND_CORS_ORIGINS: ${SECURITY__BACKEND_CORS_ORIGINS}
SECURITY__ALLOWED_HOSTS: ${SECURITY__ALLOWED_HOSTS}
DOMAINNAME: ${DOMAINNAME}
ports:
- "8000:8000"
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.api_server.entrypoints=web-secure"
- "traefik.http.routers.api_server.rule=Host(`api.${DOMAINNAME}`)"
- "traefik.http.routers.api_server.middlewares=auth@file, csrf@file, rate-limit@file"
- "traefik.http.routers.api_server.tls.certresolver=letsencrypt"
- "traefik.http.routers.api_server.service=api_server_service"
- "traefik.http.services.api_server_service.loadbalancer.server.port=8000"
postgres:
image: postgres
container_name: postgres
environment:
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
@@ -35,6 +42,7 @@ services:
PGDATA: "/var/lib/postgresql/data"
LANG: en_US.utf8
TZ: Asia/Singapore
DOMAINNAME: ${DOMAINNAME}
command: ["postgres", "-c", "log_connections=on"]
volumes:
- postgres_data:/var/lib/postgresql/data
@@ -48,6 +56,14 @@ services:
- "5432:5432"
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.postgres.entrypoints=web-secure"
- "traefik.http.routers.postgres.rule=Host(`db.${DOMAINNAME}`)"
- "traefik.http.routers.postgres.middlewares=rate-limit@file, csrf@file"
- "traefik.http.routers.postgres.tls.certresolver=letsencrypt"
- "traefik.http.routers.postgres.service=postgres_service"
- "traefik.http.services.postgres_service.loadbalancer.server.port=5432"
osrm-backend:
environment:
@@ -60,22 +76,30 @@ services:
- OSRM_GEOFABRIK_PATH=${OSRM_GEOFABRIK_PATH}
# Notify OSRM Manager to restart without stopping container
- OSRM_NOTIFY_FILEPATH=/data/osrm_notify.txt
- DOMAINNAME=${DOMAINNAME}
image: furyhawk/osrm-backend:${OSRM_VERSION:-latest}
container_name: osrm_backend
restart: unless-stopped
expose:
- ${OSRM_PORT:-5000}
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.osrm-backend.entrypoints=web-secure"
- "traefik.http.routers.osrm-backend.rule=Host(`osrm.${DOMAINNAME}`)"
- "traefik.http.routers.osrm-backend.middlewares=csrf@file"
- "traefik.http.routers.osrm-backend.tls.certresolver=letsencrypt"
- "traefik.http.routers.osrm-backend.service=osrm_backend_service"
- "traefik.http.services.osrm_backend_service.loadbalancer.server.port=${OSRM_PORT:-5000}"
minio-common:
image: minio/minio:latest
container_name: minio_server
environment:
MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}"
MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:-minioadmin}"
MINIO_OPTS: "--console-address :9001"
MINIO_SERVER_URL: https://drive.furyhawk.lol
DOMAINNAME: ${DOMAINNAME}
# user: "1000:1000"
restart: unless-stopped
command: server /data --address :9000 --console-address :9001
@@ -91,6 +115,20 @@ services:
- 9001
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.minio-router.entrypoints=web-secure"
- "traefik.http.routers.minio-router.rule=Host(`drive.${DOMAINNAME}`) || Host(`storage.${DOMAINNAME}`)"
- "traefik.http.routers.minio-router.middlewares=auth@file, csrf@file"
- "traefik.http.routers.minio-router.tls.certresolver=letsencrypt"
- "traefik.http.routers.minio-router.service=minio_common_service"
- "traefik.http.services.minio_common_service.loadbalancer.server.port=9001"
- "traefik.http.routers.minio-api-router.entrypoints=web-secure"
- "traefik.http.routers.minio-api-router.rule=Host(`minio.${DOMAINNAME}`) || Host(`s3.${DOMAINNAME}`)"
- "traefik.http.routers.minio-api-router.middlewares=csrf@file"
- "traefik.http.routers.minio-api-router.tls.certresolver=letsencrypt"
- "traefik.http.routers.minio-api-router.service=minio_api_service"
- "traefik.http.services.minio_api_service.loadbalancer.server.port=9000"
neo4j_server:
# Docker image to be used
@@ -126,6 +164,7 @@ services:
environment:
- PUID=1000
- PGID=1000
- DOMAINNAME=${DOMAINNAME}
restart: unless-stopped
volumes:
- ~/st-sync:/var/syncthing
@@ -136,6 +175,14 @@ services:
- "21027:21027/udp" # Receive local discovery broadcasts
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.syncthing.entrypoints=web-secure"
- "traefik.http.routers.syncthing.rule=Host(`sync.${DOMAINNAME}`)"
- "traefik.http.routers.syncthing.middlewares=csrf@file"
- "traefik.http.routers.syncthing.tls.certresolver=letsencrypt"
- "traefik.http.routers.syncthing.service=syncthing_service"
- "traefik.http.services.syncthing_service.loadbalancer.server.port=8384"
dozzle:
image: amir20/dozzle:latest
@@ -157,6 +204,23 @@ services:
- "traefik.http.routers.dozzle.service=dozzle_service"
- "traefik.http.services.dozzle_service.loadbalancer.server.port=8080"
# WhoAmI - For Testing and Troubleshooting
whoami:
image: traefik/whoami
container_name: whoami
security_opt:
- no-new-privileges:true
restart: unless-stopped
networks:
- net
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami-rtr.entrypoints=web-secure"
- "traefik.http.routers.whoami-rtr.rule=Host(`whoami.$DOMAINNAME`)"
- "traefik.http.routers.whoami-rtr.middlewares=csrf@file"
- "traefik.http.routers.whoami-rtr.service=whoami-svc"
- "traefik.http.services.whoami-svc.loadbalancer.server.port=80"
# kestra:
# image: kestra/kestra:latest-full
# container_name: kestra
compose/traefik/traefik.yml
+1 -72
View File
@@ -36,9 +36,6 @@ entryPoints:
bolt-socket:
address: ":7687"
# osrm:
# address: ":5000"
certificatesResolvers:
letsencrypt:
# https://docs.traefik.io/master/https/acme/#lets-encrypt
@@ -103,17 +100,6 @@ http:
certResolver: letsencrypt
service: adminer_app
api-router:
entryPoints:
- web-secure
rule: "Host(`api.furyhawk.lol`)"
middlewares:
- auth
- csrf
tls:
certResolver: letsencrypt
service: api_server
chat-router:
entryPoints:
- web-secure
@@ -236,26 +222,6 @@ http:
certResolver: letsencrypt
service: thelounge_app
minio-router:
entryPoints:
- web-secure
rule: "Host(`drive.furyhawk.lol`) || Host(`storage.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: minio_server
minio-api-router:
entryPoints:
- web-secure
rule: "Host(`minio.furyhawk.lol`) || Host(`s3.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: minio_service
neo4j-router:
entryPoints:
- web-secure
@@ -321,27 +287,6 @@ http:
certResolver: letsencrypt
service: mqttx-web
osrm-router:
entryPoints:
- "web-secure"
rule: "Host(`osrm.furyhawk.lol`)"
# - "osrm"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: osrm_service
syncthing-router:
entryPoints:
- web-secure
rule: "Host(`sync.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: syncthing_app
bai-router:
entryPoints:
- web-secure
@@ -420,7 +365,7 @@ http:
rate-limit:
rateLimit:
average: 384
burst: 64
burst: 128
period: 10s
# redirect to resume
@@ -466,10 +411,6 @@ http:
services:
osrm_service:
loadBalancer:
servers:
- url: http://osrm_backend:5000
adminer_app:
loadBalancer:
servers:
@@ -522,14 +463,6 @@ http:
loadBalancer:
servers:
- url: http://meshtastic_web:8080
minio_server:
loadBalancer:
servers:
- url: http://minio_server:9001
minio_service:
loadBalancer:
servers:
- url: http://minio_server:9000
neo4j-browser:
loadBalancer:
servers:
@@ -572,10 +505,6 @@ http:
loadBalancer:
servers:
- url: http://mqttx_web:80
syncthing_app:
loadBalancer:
servers:
- url: http://syncthing:8384
site_server:
loadBalancer:
servers: