jhb2345
/
server


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229
							version: '3.7'

# Environment variables are replaced with definitions in .env, when run with:
#
#  env $(cat .env | grep ^[A-Z] | xargs) docker stack deploy --compose-file docker-compose.yml server

networks:
  default:
    driver: overlay

volumes:
  traefik-certs: {}

services:
  traefik:
    image: traefik:v2.6.6
    ports:
      - 80:80
      - 443:443
    deploy:
      #replicas: 2  # https://youtu.be/btHpHjabRcc
      placement:
        constraints:
          - node.role == manager
      labels:
        - traefik.enable=true

        # Enable the dashboard UI
        - traefik.http.routers.api.rule=Host(`board.${DOMAIN}`)
        - traefik.http.routers.api.service=api@internal
        - traefik.http.routers.api.middlewares=auth
        - traefik.http.routers.api.tls=true
        - "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_API_USERS}"
        # Dummy service for Swarm port detection. The port can be any valid integer value.
        - traefik.http.services.dummy-svc.loadbalancer.server.port=9999

        - traefik.http.routers.traefik.tls=true

        # Use LS to get/renew certs for the TLD & subdomains
        - traefik.http.routers.traefik.tls.certresolver=le
        - traefik.http.routers.traefik.tls.domains[0].main=${DOMAIN}
        - traefik.http.routers.traefik.tls.domains[0].sans=*.${DOMAIN}

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${CONTAINERS_DIR}/traefik/static.toml:/static.toml
      # cert storage can't be shared: https://doc.traefik.io/traefik/https/acme/#storage
      - traefik-certs:/certificates
    command:
      # Require a "traefik.enable=true" label
      - --providers.docker.exposedbydefault=false

      - --providers.docker.swarmmode=true

      # HTTP redirects to HTTPS
      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.permanent=false
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https

      - --entrypoints.websecure.address=:443

      # Auto cert renewal via cloudflare
      - --certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL}
      - --certificatesresolvers.le.acme.storage=/certificates/acme.json
      - --certificatesresolvers.le.acme.dnschallenge.provider=cloudflare
      - --certificatesresolvers.le.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
      # debug, uncomment for testing
      #- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
      #- --log.level=DEBUG

      - --accesslog=true
      - --log=true

      # Enable the traefik dashboard
      - --api=true

      - --providers.file.filename=/static.toml
    environment:
      - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
      - CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY}

  #jekyll:
  #  image: jibby0/docker-jekyll-webhook:test
  #  deploy:
  #    placement:
  #      # TODO I don't know why the 2nd replica 502s all the time if I don't do this
  #      constraints:
  #        - node.labels.cpu-intensive == true
  #    replicas: 2
  #    labels:
  #      - traefik.enable=true
  #      - traefik.http.routers.jekyll.tls=true
  #      - traefik.http.routers.jekyll.rule=Host(`${DOMAIN}`)
  #      - traefik.http.services.jekyll.loadbalancer.server.port=80
  #  environment:
  #    - TZ=America/New_York
  #    - WEBHOOK_SECRET=${WEBHOOK_SECRET}
  #    - REPO=https://github.com/jibby0/blog.git
  #  restart: always
  #  volumes:
  #    - ${CONTAINERS_DIR}/jekyll/vendor_cache:/vendor

  # postgres:
  #   image: postgres:13.2
  #   deploy:
  #     placement:
  #       constraints:
  #         - node.labels.cpu-intensive == true
  #   volumes:
  #     - ${CONTAINERS_DIR}/postgres/data:/var/lib/postgresql/data
  #     - ${CONTAINERS_DIR}/postgres/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
  #   environment:
  #     - POSTGRES_USER=${POSTGRES_USER}
  #     - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
  #   restart: always

  #nextcloud:
  #  image: nextcloud:23.0.0
  #  deploy:
  #    placement:
  #      constraints:
  #        - node.labels.cpu-intensive == true
  #    labels:
  #      - traefik.enable=true
  #      - traefik.http.routers.nextcloud.tls=true
  #      - traefik.http.routers.nextcloud.rule=Host(`nextcloud.${DOMAIN}`)
  #      - traefik.http.services.nextcloud.loadbalancer.server.port=80
  #  expose:
  #    - "80"
  #  links:
  #    - postgres
  #    - redis
  #  volumes:
  #    - ${CONTAINERS_DIR}/nextcloud:/var/www/html
  #  environment:
  #    - REDIS_HOST=redis
  #  restart: always

  #redis:
  #  image: redis:6.2.6
  #  deploy:
  #    placement:
  #      constraints:
  #        - node.labels.cpu-intensive == true
  #  command: redis-server --save 60 1 --loglevel warning
  #  volumes:
  #    - ${CONTAINERS_DIR}/redis:/data
  #  restart: always

  # gogs:
  #   image: gogs/gogs:0.12.0
  #   deploy:
  #     labels:
  #       - traefik.enable=true
  #       - traefik.http.routers.gogs.tls=true
  #       - traefik.http.routers.gogs.rule=Host(`gogs.${DOMAIN}`)
  #       - traefik.http.services.gogs.loadbalancer.server.port=3000
  #   expose:
  #     - "3000"
  #   volumes:
  #     - ${CONTAINERS_DIR}/gogs:/data
  #   # NOTE: My gogs instance isn't happy with postgres. For now, it's a small server
  #   # and sqlite is fine, but I should fix this eventually.
  #   #links:
  #   #  - postgres
  #   restart: always

  # matrix:
  #   image: matrixdotorg/synapse:v1.55.2
  #   deploy:
  #     placement:
  #       constraints:
  #         - node.labels.cpu-intensive == true
  #     labels:
  #       - traefik.enable=true
  #       - traefik.http.routers.matrix.tls=true
  #       - traefik.http.routers.matrix.rule=Host(`matrix.${DOMAIN}`)
  #       - traefik.http.services.matrix.loadbalancer.server.port=8008
  #   expose:
  #     - "8008"
  #   links:
  #     - postgres
  #   volumes:
  #     - ${CONTAINERS_DIR}/matrix:/data
  #   restart: always

  # matrix_wellknown:
  #   image: adrianrudnik/matrix-wellknown-server:1.0.1
  #   volumes:
  #     - ${CONTAINERS_DIR}/matrix/wellknown:/var/schema
  #   deploy:
  #     labels:
  #       - traefik.enable=true
  #       - traefik.http.routers.matrix-wellknown.tls=true
  #       - traefik.http.routers.matrix-wellknown.rule=Host(`matrix.${DOMAIN}`) && PathPrefix(`/.well-known/matrix/`)
  #       - traefik.http.services.matrix-wellknown.loadbalancer.server.port=8080
  #   expose:
  #     - "8080"

  # selfoss:
  #   image: jibby0/selfoss:2.18
  #   deploy:
  #     # TODO `postgres` is only accesssible on the same node ????
  #     placement:
  #       constraints:
  #         - node.labels.media-encoding == true
  #     labels:
  #       - traefik.enable=true
  #       - traefik.http.routers.selfoss.tls=true
  #       - traefik.http.routers.selfoss.rule=Host(`selfoss.${DOMAIN}`)
  #       - traefik.http.services.selfoss.loadbalancer.server.port=8888
  #   expose:
  #     - "8888"
  #   links:
  #     - postgres
  #   volumes:
  #     - ${CONTAINERS_DIR}/selfoss:/selfoss/data
  #   environment:
  #     - CRON_PERIOD=5m
  #   restart: always