services: api_server: image: furyhawk/listen:latest restart: always depends_on: - postgres_db environment: DATABASE__HOSTNAME: 192.168.50.220 DATABASE__USERNAME: ${POSTGRES_USER} DATABASE__PASSWORD: ${POSTGRES_PASSWORD} DATABASE__PORT: ${DATABASE__PORT} DATABASE__DB: ${DATABASE__DB} SECURITY__JWT_SECRET_KEY: ${SECURITY__JWT_SECRET_KEY} SECURITY__BACKEND_CORS_ORIGINS: ${SECURITY__BACKEND_CORS_ORIGINS} SECURITY__ALLOWED_HOSTS: ${SECURITY__ALLOWED_HOSTS} DOMAIN: ${DOMAIN} networks: - net - traefik-public deploy: labels: - traefik.enable=true - traefik.swarm.network=traefik-public - traefik.constraint-label=traefik-public - traefik.http.routers.api_server.entrypoints=https - traefik.http.routers.api_server.rule=Host(`api.${DOMAIN}`) - traefik.http.routers.api_server.tls.certresolver=le - traefik.http.routers.api_server.service=api_server_service # - traefik.http.routers.api_local_server.entrypoints=https # - traefik.http.routers.api_local_server.rule=Host(`api.${LOCALDOMAIN}`) # - traefik.http.routers.api_local_server.tls=true # - traefik.http.routers.api_local_server.service=api_server_service - traefik.http.services.api_server_service.loadbalancer.server.port=8000 dozzle: image: amir20/dozzle:latest restart: always environment: - DOMAIN=${DOMAIN} # - DOZZLE_REMOTE_HOST=tcp://-doz_proxy:2375,tcp://-doz_proxy:2375,etc... volumes: - /var/run/docker.sock:/var/run/docker.sock:ro networks: - traefik-public deploy: placement: constraints: - node.role == manager labels: - traefik.enable=true - traefik.swarm.network=traefik-public - traefik.constraint-label=traefik-public - traefik.http.routers.dozzle.entrypoints=https - traefik.http.routers.dozzle.rule=Host(`log.${DOMAIN}`) - traefik.http.routers.dozzle.priority=10 - traefik.http.routers.dozzle.middlewares=admin-auth@swarm - traefik.http.routers.dozzle.tls.certresolver=le - traefik.http.routers.dozzle.service=dozzle_service - traefik.http.routers.dozzle_local.entrypoints=https - traefik.http.routers.dozzle_local.rule=Host(`log.${LOCALDOMAIN}`) - traefik.http.routers.dozzle_local.priority=10 - traefik.http.routers.dozzle_local.middlewares=admin-auth@swarm - traefik.http.routers.dozzle_local.tls=true - traefik.http.routers.dozzle_local.service=dozzle_service - traefik.http.routers.dozzle_auth.entrypoints=https - traefik.http.services.dozzle_service.loadbalancer.server.port=8080 # - traefik.http.routers.dozzle_auth.rule="Host(`log.${DOMAIN}`) && PathPrefix(`/outpost.goauthentik.io/`)" # - traefik.http.routers.dozzle_auth.priority=20 # - traefik.http.routers.dozzle_auth.tls.certresolver=le # - traefik.http.routers.dozzle_auth.service=authentik_svc # - traefik.http.services.authentik_svc.loadbalancer.servers.url="http://authentik-server:9000/outpost.goauthentik.io" # minio-common: # image: minio/minio:latest # environment: # MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}" # MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:-minioadmin}" # # MINIO_OPTS: "--console-address :9001" # # MINIO_SERVER_URL: https://drive.${DOMAIN} # DOMAIN: ${DOMAIN} # restart: unless-stopped # command: server /data --address ":9000" --console-address ":9001" # healthcheck: # test: ["CMD", "mc", "ready", "local"] # interval: 60s # timeout: 5s # retries: 5 # volumes: # - minio_data:/data # expose: # - 9000 # - 9001 # networks: # - traefik-public # deploy: # labels: # - traefik.enable=true # - traefik.swarm.network=traefik-public # - traefik.constraint-label=traefik-public # - traefik.http.routers.minio-router.entrypoints=https # - traefik.http.routers.minio-router.rule=Host(`drive.${DOMAIN}`) || Host(`storage.${DOMAIN}`) # - traefik.http.routers.minio-router.tls.certresolver=le # - traefik.http.routers.minio-router.service=minio_common_service # - traefik.http.services.minio_common_service.loadbalancer.server.port=9001 # - traefik.http.routers.minio-api-router.entrypoints=https # - traefik.http.routers.minio-api-router.rule=Host(`minio.${DOMAIN}`) || Host(`s3.${DOMAIN}`) # - traefik.http.routers.minio-api-router.tls.certresolver=le # - traefik.http.routers.minio-api-router.service=minio_api_service # - traefik.http.services.minio_api_service.loadbalancer.server.port=9000 # grant the necessary permissions to RUSTFS volumes path # rustfs_perms: # image: alpine # user: root # volumes: # - /var/data/rustfs:/fix_path # command: chown -R 10001:10001 /fix_path # # RustFS main service rustfs: security_opt: - "no-new-privileges:true" image: rustfs/rustfs:latest container_name: rustfs-server expose: - "9000" # S3 API port - "9001" # Console port environment: - RUSTFS_VOLUMES=/data/rustfs{0..3} # Define 4 storage volumes - RUSTFS_ADDRESS=0.0.0.0:9000 - RUSTFS_CONSOLE_ADDRESS=0.0.0.0:9001 - RUSTFS_CONSOLE_ENABLE=true - RUSTFS_CORS_ALLOWED_ORIGINS=* - RUSTFS_CONSOLE_CORS_ALLOWED_ORIGINS=* - RUSTFS_ACCESS_KEY=${POSTGRES_USER} - RUSTFS_SECRET_KEY=${POSTGRES_PASSWORD} - RUSTFS_OBS_LOGGER_LEVEL=info - RUSTFS_UNSAFE_BYPASS_DISK_CHECK=${RUSTFS_UNSAFE_BYPASS_DISK_CHECK:-true} # - RUSTFS_TLS_PATH=/opt/tls # - RUSTFS_OBS_ENDPOINT=http://otel-collector:4318 volumes: - rustfs_data:/data - rustfs_logs:/app/logs # - rustfs_certs:/opt/tls # TLS configuration, you should create tls directory and put your tls files in it and then specify the path here networks: - traefik-public restart: unless-stopped healthcheck: test: [ "CMD", "sh", "-c", "curl -f http://127.0.0.1:9000/health && curl -f http://127.0.0.1:9001/rustfs/console/health" ] interval: 30s timeout: 10s retries: 3 start_period: 40s # depends_on: # - rustfs_perms # otel-collector: # condition: service_started # required: false deploy: labels: - traefik.enable=true - traefik.swarm.network=traefik-public - traefik.constraint-label=traefik-public - traefik.http.routers.rustfs-router.entrypoints=https - traefik.http.routers.rustfs-router.rule=Host(`drive.${DOMAIN}`) || Host(`storage.${DOMAIN}`) - traefik.http.routers.rustfs-router.tls.certresolver=le - traefik.http.routers.rustfs-router.service=rustfs_service - traefik.http.services.rustfs_service.loadbalancer.server.port=9001 - traefik.http.routers.rustfs-api-router.entrypoints=https - traefik.http.routers.rustfs-api-router.rule=Host(`s3.${DOMAIN}`) - traefik.http.routers.rustfs-api-router.tls.certresolver=le - traefik.http.routers.rustfs-api-router.service=rustfs_api_service - traefik.http.services.rustfs_api_service.loadbalancer.server.port=9000 osrm-backend: environment: # OSRM manager setup - OSRM_ALGORITHM=mld - OSRM_THREADS=2 - OSRM_PORT=${OSRM_PORT:-5000} - OSRM_PROFILE=/opt/car.lua - OSRM_MAP_NAME=${OSRM_MAP_NAME} - OSRM_GEOFABRIK_PATH=${OSRM_GEOFABRIK_PATH} # Notify OSRM Manager to restart without stopping container - OSRM_NOTIFY_FILEPATH=/data/osrm_notify.txt - DOMAIN=${DOMAIN} image: furyhawk/osrm-backend:${OSRM_VERSION:-latest} restart: unless-stopped networks: - traefik-public deploy: labels: - traefik.enable=true - traefik.swarm.network=traefik-public - traefik.constraint-label=traefik-public - traefik.http.routers.osrm-backend.entrypoints=https - traefik.http.routers.osrm-backend.rule=Host(`osrm.${DOMAIN}`) - traefik.http.routers.osrm-backend.middlewares=rate-limit - traefik.http.routers.osrm-backend.tls.certresolver=le - traefik.http.routers.osrm-backend.service=osrm_backend_service # - traefik.http.routers.osrm-local-backend.entrypoints=https # - traefik.http.routers.osrm-local-backend.rule=Host(`osrm.${LOCALDOMAIN}`) # - traefik.http.routers.osrm-local-backend.middlewares=rate-limit # - traefik.http.routers.osrm-local-backend.tls=true # - traefik.http.routers.osrm-local-backend.service=osrm_backend_service - traefik.http.services.osrm_backend_service.loadbalancer.server.port=${OSRM_PORT:-5000} # postgres_db: # image: postgres:16 # environment: # POSTGRES_DB: ${POSTGRES_DB} # POSTGRES_USER: ${POSTGRES_USER} # POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} # PGDATA: "/var/lib/postgresql/data" # LANG: en_US.utf8 # TZ: Asia/Singapore # command: ["postgres", "-c", "log_connections=on"] # volumes: # - postgres_data:/var/lib/postgresql/data # # - ./config/postgresql.conf:/etc/postgresql.conf # healthcheck: # test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] # interval: 30s # timeout: 10s # retries: 10 # ports: # - target: 5432 # published: 5432 # mode: host # networks: # - net # - traefik-public # deploy: # placement: # constraints: # - node.labels.postgres.postgres_data == true # labels: # - traefik.enable=false # - traefik.swarm.network=traefik-public # - traefik.constraint-label=traefik-public # - traefik.tcp.routers.postgres.entrypoints=postgres-socket # - traefik.tcp.routers.postgres.rule=HostSNI(`*`) # - traefik.tcp.routers.postgres.service=postgres_service # - traefik.tcp.services.postgres_service.loadbalancer.server.port=5432 postgres_db: image: postgres:18-alpine environment: POSTGRES_DB: ${POSTGRES_DB} POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} PGDATA: "/var/lib/postgresql" LANG: en_US.utf8 TZ: Asia/Singapore command: ["postgres", "-c", "log_connections=on"] volumes: - postgres_data18:/var/lib/postgresql # - ./config/postgresql.conf:/etc/postgresql.conf healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] interval: 30s timeout: 10s retries: 10 ports: - target: 5432 published: 5432 mode: host networks: - net - traefik-public deploy: placement: constraints: - node.labels.postgres.postgres_data == true labels: - traefik.enable=false - traefik.swarm.network=traefik-public - traefik.constraint-label=traefik-public # - traefik.tcp.routers.postgres.entrypoints=postgres-socket # - traefik.tcp.routers.postgres.rule=HostSNI(`*`) # - traefik.tcp.routers.postgres.service=postgres_service # - traefik.tcp.services.postgres_service.loadbalancer.server.port=5432 # WhoAmI - For Testing and Troubleshooting whoami: image: traefik/whoami security_opt: - no-new-privileges:true restart: unless-stopped networks: - traefik-public deploy: labels: - traefik.enable=true - traefik.swarm.network=traefik-public - traefik.constraint-label=traefik-public - traefik.http.routers.whoami-rtr.entrypoints=https - traefik.http.routers.whoami-rtr.rule=Host(`whoami.$DOMAIN`) - traefik.http.routers.whoami-rtr.tls.certresolver=le - traefik.http.routers.whoami-rtr.service=whoami-svc - traefik.http.routers.whoami-local-rtr.entrypoints=https - traefik.http.routers.whoami-local-rtr.rule=Host(`whoami.$LOCALDOMAIN`) - traefik.http.routers.whoami-local-rtr.tls=true - traefik.http.routers.whoami-local-rtr.service=whoami-svc - traefik.http.services.whoami-svc.loadbalancer.server.port=80 volumes: # minio_data: {} # neo4j_data: {} # neo4j_logs: {} rustfs_data: {} rustfs_logs: {} # rustfs_certs: {} postgres_data: {} postgres_data18: {} networks: net: driver: overlay attachable: true traefik-public: external: true