docker-compose.prod.yml 3.23 KB
Newer Older
Jacob Priddy's avatar
Jacob Priddy committed
1
version: '3.8'
Jacob Priddy's avatar
Jacob Priddy committed
2 3 4

networks:
  doorcode:
Jacob Priddy's avatar
Jacob Priddy committed
5
    attachable: true
Jacob Priddy's avatar
Jacob Priddy committed
6 7 8

secrets:
  webserver_cert:
Jacob Priddy's avatar
Jacob Priddy committed
9
    name: webserver_cert-${CI_JOB_ID}
Jacob Priddy's avatar
Jacob Priddy committed
10
    file: $WEBSERVER_CERT
Jacob Priddy's avatar
Jacob Priddy committed
11
  webserver_key:
Jacob Priddy's avatar
Jacob Priddy committed
12
    name: webserver_key-${CI_JOB_ID}
Jacob Priddy's avatar
Jacob Priddy committed
13
    file: $WEBSERVER_KEY
Jacob Priddy's avatar
Jacob Priddy committed
14
  root_cert:
Jacob Priddy's avatar
Jacob Priddy committed
15
    name: root_cert-${CI_JOB_ID}
Jacob Priddy's avatar
Jacob Priddy committed
16
    file: $ROOT_CERT
17
  wwu_webserver_cert:
Jacob Priddy's avatar
Jacob Priddy committed
18
    name: wwu_webserver_cert-${CI_JOB_ID}
Jacob Priddy's avatar
Jacob Priddy committed
19
    file: $WWU_WEBSERVER_CERT
20
  wwu_webserver_key:
Jacob Priddy's avatar
Jacob Priddy committed
21
    name: wwu_webserver_key-${CI_JOB_ID}
Jacob Priddy's avatar
Jacob Priddy committed
22
    file: $WWU_WEBSERVER_KEY
23
  wwu_root_cert:
Jacob Priddy's avatar
Jacob Priddy committed
24
    name: wwu_root_cert-${CI_JOB_ID}
Jacob Priddy's avatar
Jacob Priddy committed
25
    file: $WWU_ROOT_CERT
Jacob Priddy's avatar
Jacob Priddy committed
26
  postgres_password:
27
    name: postgres_password
Jacob Priddy's avatar
Jacob Priddy committed
28
    file: $POSTGRES_PASSWORD
Jacob Priddy's avatar
Jacob Priddy committed
29 30

volumes:
31
  doorcode_db:
Jacob Priddy's avatar
Jacob Priddy committed
32 33 34
    external: true
  doorcode_pgadmin-data:
    external: true
Jacob Priddy's avatar
Jacob Priddy committed
35 36 37

services:
  webserver:
Jacob Priddy's avatar
Jacob Priddy committed
38
    image: $NGINX_IMAGE_NAME
Jacob Priddy's avatar
Jacob Priddy committed
39
    healthcheck:
Jacob Priddy's avatar
Jacob Priddy committed
40
      test: [ "CMD", "curl", "--fail", "--insecure", "--silent", "https://localhost/health" ]
Jacob Priddy's avatar
Jacob Priddy committed
41 42 43
      interval: 30s
      timeout: 3s
      retries: 3
Jacob Priddy's avatar
Jacob Priddy committed
44 45 46 47
    secrets:
      - webserver_cert
      - webserver_key
      - root_cert
48 49 50
      - wwu_webserver_cert
      - wwu_webserver_key
      - wwu_root_cert
Jacob Priddy's avatar
Jacob Priddy committed
51
    ports:
Jacob Priddy's avatar
Jacob Priddy committed
52 53
      - target: 4433
        published: 4433
Jacob Priddy's avatar
Jacob Priddy committed
54
        mode: host
Jacob Priddy's avatar
Jacob Priddy committed
55 56
      - target: 443
        published: 443
Jacob Priddy's avatar
Jacob Priddy committed
57
        mode: host
Jacob Priddy's avatar
Jacob Priddy committed
58 59
      - target: 80
        published: 80
Jacob Priddy's avatar
Jacob Priddy committed
60
        mode: host
Jacob Priddy's avatar
Jacob Priddy committed
61
    volumes:
Jacob Priddy's avatar
Jacob Priddy committed
62 63 64
      - $PROJ_DIR/simple-saml/cert:/var/simplesamlphp/cert:ro
      - $PROJ_DIR/simple-saml/config:/var/simplesamlphp/config:ro
      - $PROJ_DIR/simple-saml/metadata:/var/simplesamlphp/metadata
65 66 67 68
    logging:
      options:
        max-size: "10m"
        max-file: "3"
Jacob Priddy's avatar
Jacob Priddy committed
69 70
    networks:
      - doorcode
Jacob Priddy's avatar
Jacob Priddy committed
71 72 73 74 75 76 77 78
    deploy:
      update_config:
        order: start-first
        failure_action: rollback
        delay: 5s
      rollback_config:
        parallelism: 0
        order: stop-first
Jacob Priddy's avatar
Jacob Priddy committed
79
  postgres:
80
    image: postgres:13-alpine
81 82
    secrets:
      - postgres_password
Jacob Priddy's avatar
Jacob Priddy committed
83
    volumes:
84
      - doorcode_db:/var/lib/postgresql/data
Jacob Priddy's avatar
Jacob Priddy committed
85 86 87 88
    environment:
      POSTGRES_USER: web
      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
      POSTGRES_DB: doorcode
Jacob Priddy's avatar
Jacob Priddy committed
89
      TZ: America/Los_Angeles
90 91 92 93
    logging:
      options:
        max-size: "10m"
        max-file: "3"
Jacob Priddy's avatar
Jacob Priddy committed
94 95 96
    networks:
      - doorcode
  dbadmin:
Jacob Priddy's avatar
Jacob Priddy committed
97
    image: dpage/pgadmin4:4.29
Jacob Priddy's avatar
Jacob Priddy committed
98
    volumes:
Jacob Priddy's avatar
Jacob Priddy committed
99
      - doorcode_pgadmin-data:/var/lib/pgadmin
Jacob Priddy's avatar
Jacob Priddy committed
100
    environment:
Jacob Priddy's avatar
Jacob Priddy committed
101 102
      PGADMIN_DEFAULT_EMAIL: admin@elock
      PGADMIN_DEFAULT_PASSWORD: Please change the default password.
103 104 105 106
    logging:
      options:
        max-size: "10m"
        max-file: "3"
Jacob Priddy's avatar
Jacob Priddy committed
107 108 109
    networks:
      - doorcode
  api:
Jacob Priddy's avatar
Jacob Priddy committed
110
    image: $DOORCODE_IMAGE_NAME
Jacob Priddy's avatar
Jacob Priddy committed
111 112 113 114 115 116 117
    environment:
      TZ: America/Los_Angeles
    healthcheck:
      test: [ "CMD", "/healthcheck.sh" ]
      interval: 30s
      timeout: 3s
      retries: 3
Jacob Priddy's avatar
Jacob Priddy committed
118
    volumes:
Jacob Priddy's avatar
Jacob Priddy committed
119 120 121 122
      - $PROJ_DIR/controller-bins:/var/www/backend/storage/app/controller/binaries:ro
      - $PROJ_DIR/simple-saml/cert:/var/simplesamlphp/cert:ro
      - $PROJ_DIR/simple-saml/config:/var/simplesamlphp/config:ro
      - $PROJ_DIR/simple-saml/metadata:/var/simplesamlphp/metadata
123 124 125 126
    logging:
      options:
        max-size: "10m"
        max-file: "3"
Jacob Priddy's avatar
Jacob Priddy committed
127 128
    networks:
      - doorcode
Jacob Priddy's avatar
Jacob Priddy committed
129 130 131 132 133 134 135 136
    deploy:
      update_config:
        order: start-first
        failure_action: rollback
        delay: 5s
      rollback_config:
        parallelism: 0
        order: stop-first