diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..473de7c --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,164 @@ +version: "3.3" + +services: + ################################################ + #### Traefik Proxy Setup ##### + ############################################### + traefik: + image: traefik:v2.8 + restart: always + container_name: traefik + ports: + - "80:80" # <== http + - "8080:8080" # <== :8080 is where the dashboard runs on + - "443:443" # <== https + command: + #### These are the CLI commands that will configure Traefik and tell it how to work! #### + ## API Settings - https://docs.traefik.io/operations/api/, endpoints - https://docs.traefik.io/operations/api/#endpoints ## + - --api.insecure=true # <== Enabling insecure api, NOT RECOMMENDED FOR PRODUCTION + - --api.dashboard=true # <== Enabling the dashboard to view services, middlewares, routers, etc... + - --api.debug=true # <== Enabling additional endpoints for debugging and profiling + ## Log Settings (options: ERROR, DEBUG, PANIC, FATAL, WARN, INFO) - https://docs.traefik.io/observability/logs/ ## + - --log.level=DEBUG # <== Setting the level of the logs from traefik + ## Provider Settings - https://docs.traefik.io/providers/docker/#provider-configuration ## + - --providers.docker=true # <== Enabling docker as the provider for traefik + - --providers.docker.exposedbydefault=false # <== Don't expose every container to traefik, only expose enabled ones + - --providers.file.filename=/dynamic.yaml # <== Referring to a dynamic configuration file + - --providers.docker.network=web # <== Operate on the docker network named web + ## Entrypoints Settings - https://docs.traefik.io/routing/entrypoints/#configuration ## + - --entrypoints.web.address=:80 # <== Defining an entrypoint for port :80 named web + - --entrypoints.web-secured.address=:443 # <== Defining an entrypoint for https on port :443 named web-secured + ## Certificate Settings (Let's Encrypt) - https://docs.traefik.io/https/acme/#configuration-examples ## + - --certificatesresolvers.mytlschallenge.acme.tlschallenge=true # <== Enable TLS-ALPN-01 to generate and renew ACME certs + - --certificatesresolvers.mytlschallenge.acme.email=fransolet.thomas@gmail.com # <== Setting email for certs + - --certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json # <== Defining acme file to store cert information + volumes: + - ./letsencrypt:/letsencrypt # <== Volume for certs (TLS) + - /var/run/docker.sock:/var/run/docker.sock # <== Volume for docker admin + - ./dynamic.yaml:/dynamic.yaml # <== Volume for dynamic conf file, **ref: line 27 + networks: + - web # <== Placing traefik on the network named web, to access containers on this network + labels: + #### Labels define the behavior and rules of the traefik proxy for this container #### + - "traefik.enable=true" # <== Enable traefik on itself to view dashboard and assign subdomain to view it + - "traefik.http.routers.api.rule=Host(`monitor.mymuseum.be`)" # <== Setting the domain for the dashboard + - "traefik.http.routers.api.service=api@internal" # <== Enabling the api to be a service to access + - "traefik.http.routers.api.middlewares=redirect@file" # <== This is a middleware to redirect to https + - "traefik.http.routers.api-secured.rule=Host(`monitor.mymuseum.be`)" # <== Your Domain Name for the https rule + - "traefik.http.routers.api-secured.entrypoints=web-secured" # <== Defining entrypoint for https, **ref: line 31 + - "traefik.http.routers.api-secured.tls.certresolver=mytlschallenge" # <== Defining certsresolvers for https + - "traefik.http.routers.api-secured.service=api@internal" # <== Enabling the api to be a service to access + + ################################################ + #### Site Setup Container ##### + ############################################## + wordpress: # <== we aren't going to open :80 here because traefik is going to serve this on entrypoint 'web' + image: wordpress + depends_on: + - db + restart: always + container_name: wordpress + environment: + - WORDPRESS_DB_HOST=db:3306 + - WORDPRESS_DB_USER=$MYSQL_USER + - WORDPRESS_DB_PASSWORD=$MYSQL_PASSWORD + - WORDPRESS_DB_NAME=wordpress + volumes: + - wordpress:/var/www/html + networks: + - web + - backend + labels: + #### Labels define the behavior and rules of the traefik proxy for this container #### + - "traefik.enable=true" # <== Enable traefik to proxy this container + - "traefik.http.routers.nginx-web.rule=Host(`mymuseum.be`)" # <== Your Domain Name goes here for the http rule + - "traefik.http.routers.nginx-web.entrypoints=web" # <== Defining the entrypoint for http, **ref: line 30 + - "traefik.http.routers.nginx-web.middlewares=redirect@file" # <== This is a middleware to redirect to https + - "traefik.http.routers.nginx-secured.rule=Host(`mymuseum.be`)" # <== Your Domain Name for the https rule + - "traefik.http.routers.nginx-secured.entrypoints=web-secured" # <== Defining entrypoint for https, **ref: line 31 + - "traefik.http.routers.nginx-secured.tls.certresolver=mytlschallenge" # <== Defining certsresolvers for https + + managerService: + container_name: "manager-service" + image: registry.unov.be/managerservice:latest + networks: + - web + - backend + #ports: + # - 5005:5005 + volumes: + - /etc/managerservice + restart: always + labels: + - "traefik.enable=true" + - "traefik.http.routers.manager-service.rule=Host(`api.mymuseum.be`)" # <== Your Domain Name goes here for the http rule + - "traefik.http.routers.manager-service.entrypoints=web" # <== Defining the entrypoint for http, **ref: line 30 + - "traefik.http.routers.manager-service.middlewares=redirect@file" # <== This is a middleware to redirect to https + - "traefik.http.routers.manager-service-secured.rule=Host(`api.mymuseum.be`)" # <== Your Domain Name for the https rule + - "traefik.http.routers.manager-service-secured.entrypoints=web-secured" # <== Defining entrypoint for https, **ref: line 31 + - "traefik.http.routers.manager-service-secured.tls.certresolver=mytlschallenge" # <== Defining certsresolvers for https + + managerWeb: + container_name: "manager-web" + image: registry.unov.be/mymuseum/manager:latest + networks: + - web + volumes: + - /etc/managerweb + restart: always + labels: + - "traefik.enable=true" + - "traefik.http.routers.manager-web.rule=Host(`manager.mymuseum.be`)" # <== Your Domain Name goes here for the http rule + - "traefik.http.routers.manager-web.entrypoints=web" # <== Defining the entrypoint for http, **ref: line 30 + - "traefik.http.routers.manager-web.middlewares=redirect@file" # <== This is a middleware to redirect to https + - "traefik.http.routers.manager-web-secured.rule=Host(`manager.mymuseum.be`)" # <== Your Domain Name for the https rule + - "traefik.http.routers.manager-web-secured.entrypoints=web-secured" # <== Defining entrypoint for https, **ref: line 31 + - "traefik.http.routers.manager-web-secured.tls.certresolver=mytlschallenge" # <== Defining certsresolvers for https + + + ################################################ + #### DB Container not on traefik ##### + ############################################## + db: + image: mysql:8.0 + container_name: db + restart: unless-stopped + command: '--default-authentication-plugin=mysql_native_password' + env_file: .env + environment: + - MYSQL_DATABASE=wordpress + volumes: + - dbdata:/var/lib/mysql + networks: + - backend + + mongo: + image: mongo + container_name: "mongodb" + ports: + - 27017:27017 + volumes: + - ~/apps/mongo:/data/db + restart: always + labels: + - "traefik.enable=true" + - "traefik.tcp.routers.mongodb.rule=HostSNI(`mymuseum.be`)" + - "traefik.tcp.routers.mongo.entrypoints=mongo" + - "traefik.tcp.routers.mongo.tls=true" + - "traefik.tcp.services.mongo.loadbalancer.server.port=27017" + environment: + MONGO_INITDB_ROOT_USERNAME: $MONGODB_USERNAME + MONGO_INITDB_ROOT_PASSWORD: $MONGODB_PASSWORD + +networks: + web: + external: true + backend: + external: false + +volumes: + wordpress: + external: true + dbdata: + db: + external: true