services: api_server: image: furyhawk/listen:v0.1.17 restart: always depends_on: - postgres_db environment: DATABASE__HOSTNAME: 192.168.50.220 DATABASE__USERNAME: ${POSTGRES_USER} DATABASE__PASSWORD: ${POSTGRES_PASSWORD} DATABASE__PORT: ${DATABASE__PORT} DATABASE__DB: ${DATABASE__DB} SECURITY__JWT_SECRET_KEY: ${SECURITY__JWT_SECRET_KEY} SECURITY__BACKEND_CORS_ORIGINS: ${SECURITY__BACKEND_CORS_ORIGINS} SECURITY__ALLOWED_HOSTS: ${SECURITY__ALLOWED_HOSTS} DOMAIN: ${DOMAIN} networks: - net - traefik-public deploy: labels: - traefik.enable=true - traefik.swarm.network=traefik-public - traefik.constraint-label=traefik-public - traefik.http.routers.api_server.entrypoints=https - traefik.http.routers.api_server.rule=Host(`api.${DOMAIN}`) - traefik.http.routers.api_server.tls.certresolver=le - traefik.http.routers.api_server.service=api_server_service # - traefik.http.routers.api_local_server.entrypoints=https # - traefik.http.routers.api_local_server.rule=Host(`api.${LOCALDOMAIN}`) # - traefik.http.routers.api_local_server.tls=true # - traefik.http.routers.api_local_server.service=api_server_service - traefik.http.services.api_server_service.loadbalancer.server.port=8000 dozzle: image: amir20/dozzle:latest restart: always environment: - DOMAIN=${DOMAIN} # - DOZZLE_REMOTE_HOST=tcp://-doz_proxy:2375,tcp://-doz_proxy:2375,etc... volumes: - /var/run/docker.sock:/var/run/docker.sock:ro networks: - traefik-public deploy: placement: constraints: - node.role == manager labels: - traefik.enable=true - traefik.swarm.network=traefik-public - traefik.constraint-label=traefik-public - traefik.http.routers.dozzle.entrypoints=https - traefik.http.routers.dozzle.rule=Host(`log.${DOMAIN}`) - traefik.http.routers.dozzle.priority=10 - traefik.http.routers.dozzle.middlewares=admin-auth@swarm - traefik.http.routers.dozzle.tls.certresolver=le - traefik.http.routers.dozzle.service=dozzle_service - traefik.http.routers.dozzle_local.entrypoints=https - traefik.http.routers.dozzle_local.rule=Host(`log.${LOCALDOMAIN}`) - traefik.http.routers.dozzle_local.priority=10 - traefik.http.routers.dozzle_local.middlewares=admin-auth@swarm - traefik.http.routers.dozzle_local.tls=true - traefik.http.routers.dozzle_local.service=dozzle_service - traefik.http.routers.dozzle_auth.entrypoints=https - traefik.http.services.dozzle_service.loadbalancer.server.port=8080 # - traefik.http.routers.dozzle_auth.rule="Host(`log.${DOMAIN}`) && PathPrefix(`/outpost.goauthentik.io/`)" # - traefik.http.routers.dozzle_auth.priority=20 # - traefik.http.routers.dozzle_auth.tls.certresolver=le # - traefik.http.routers.dozzle_auth.service=authentik_svc # - traefik.http.services.authentik_svc.loadbalancer.servers.url="http://authentik-server:9000/outpost.goauthentik.io" minio-common: image: minio/minio:latest environment: MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}" MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:-minioadmin}" MINIO_OPTS: "--console-address :9001" MINIO_SERVER_URL: https://drive.${DOMAIN} DOMAIN: ${DOMAIN} restart: unless-stopped command: server /data --address :9000 --console-address :9001 healthcheck: test: ["CMD", "mc", "ready", "local"] interval: 60s timeout: 5s retries: 5 volumes: - minio_data:/data expose: - 9000 - 9001 networks: - traefik-public deploy: labels: - traefik.enable=true - traefik.swarm.network=traefik-public - traefik.constraint-label=traefik-public - traefik.http.routers.minio-router.entrypoints=https - traefik.http.routers.minio-router.rule=Host(`drive.${DOMAIN}`) || Host(`storage.${DOMAIN}`) - traefik.http.routers.minio-router.tls.certresolver=le - traefik.http.routers.minio-router.service=minio_common_service - traefik.http.services.minio_common_service.loadbalancer.server.port=9001 - traefik.http.routers.minio-api-router.entrypoints=https - traefik.http.routers.minio-api-router.rule=Host(`minio.${DOMAIN}`) || Host(`s3.${DOMAIN}`) - traefik.http.routers.minio-api-router.tls.certresolver=le - traefik.http.routers.minio-api-router.service=minio_api_service # - traefik.http.routers.minio-local-router.entrypoints=https # - traefik.http.routers.minio-local-router.rule=Host(`drive.${LOCALDOMAIN}`) || Host(`storage.${LOCALDOMAIN}`) # - traefik.http.routers.minio-local-router.tls=true # - traefik.http.routers.minio-local-router.service=minio_common_service # - traefik.http.routers.minio-api-local-router.entrypoints=https # - traefik.http.routers.minio-api-local-router.rule=Host(`minio.${LOCALDOMAIN}`) || Host(`s3.${LOCALDOMAIN}`) # - traefik.http.routers.minio-api-local-router.tls=true # - traefik.http.routers.minio-api-local-router.service=minio_api_service - traefik.http.services.minio_api_service.loadbalancer.server.port=9000 osrm-backend: environment: # OSRM manager setup - OSRM_ALGORITHM=mld - OSRM_THREADS=2 - OSRM_PORT=${OSRM_PORT:-5000} - OSRM_PROFILE=/opt/car.lua - OSRM_MAP_NAME=${OSRM_MAP_NAME} - OSRM_GEOFABRIK_PATH=${OSRM_GEOFABRIK_PATH} # Notify OSRM Manager to restart without stopping container - OSRM_NOTIFY_FILEPATH=/data/osrm_notify.txt - DOMAIN=${DOMAIN} image: furyhawk/osrm-backend:${OSRM_VERSION:-latest} restart: unless-stopped networks: - traefik-public deploy: labels: - traefik.enable=true - traefik.swarm.network=traefik-public - traefik.constraint-label=traefik-public - traefik.http.routers.osrm-backend.entrypoints=https - traefik.http.routers.osrm-backend.rule=Host(`osrm.${DOMAIN}`) - traefik.http.routers.osrm-backend.middlewares=rate-limit - traefik.http.routers.osrm-backend.tls.certresolver=le - traefik.http.routers.osrm-backend.service=osrm_backend_service # - traefik.http.routers.osrm-local-backend.entrypoints=https # - traefik.http.routers.osrm-local-backend.rule=Host(`osrm.${LOCALDOMAIN}`) # - traefik.http.routers.osrm-local-backend.middlewares=rate-limit # - traefik.http.routers.osrm-local-backend.tls=true # - traefik.http.routers.osrm-local-backend.service=osrm_backend_service - traefik.http.services.osrm_backend_service.loadbalancer.server.port=${OSRM_PORT:-5000} postgres_db: image: postgres:16 environment: POSTGRES_DB: ${POSTGRES_DB} POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} PGDATA: "/var/lib/postgresql/data" LANG: en_US.utf8 TZ: Asia/Singapore command: ["postgres", "-c", "log_connections=on"] volumes: - postgres_data:/var/lib/postgresql/data # - ./config/postgresql.conf:/etc/postgresql.conf healthcheck: test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] interval: 30s timeout: 10s retries: 10 networks: - net - traefik-public deploy: placement: constraints: - node.labels.postgres.postgres_data == true labels: - traefik.enable=false - traefik.swarm.network=traefik-public - traefik.constraint-label=traefik-public - traefik.tcp.routers.postgres.entrypoints=postgres-socket - traefik.tcp.routers.postgres.rule=HostSNI(`*`) - traefik.tcp.routers.postgres.service=postgres_service - traefik.tcp.services.postgres_service.loadbalancer.server.port=5432 # WhoAmI - For Testing and Troubleshooting whoami: image: traefik/whoami security_opt: - no-new-privileges:true restart: unless-stopped networks: - traefik-public deploy: labels: - traefik.enable=true - traefik.swarm.network=traefik-public - traefik.constraint-label=traefik-public - traefik.http.routers.whoami-rtr.entrypoints=https - traefik.http.routers.whoami-rtr.rule=Host(`whoami.$DOMAIN`) - traefik.http.routers.whoami-rtr.tls.certresolver=le - traefik.http.routers.whoami-rtr.service=whoami-svc - traefik.http.routers.whoami-local-rtr.entrypoints=https - traefik.http.routers.whoami-local-rtr.rule=Host(`whoami.$LOCALDOMAIN`) - traefik.http.routers.whoami-local-rtr.tls=true - traefik.http.routers.whoami-local-rtr.service=whoami-svc - traefik.http.services.whoami-svc.loadbalancer.server.port=80 volumes: minio_data: {} # neo4j_data: {} # neo4j_logs: {} postgres_data: {} networks: net: driver: overlay attachable: true traefik-public: external: true