docker-compose.prod.yml 3.1 KB
Newer Older
Jacob Priddy's avatar
Jacob Priddy committed
1
version: '3.8'
Jacob Priddy's avatar
Jacob Priddy committed
2 3 4

networks:
  doorcode:
Jacob Priddy's avatar
Jacob Priddy committed
5
    attachable: true
Jacob Priddy's avatar
Jacob Priddy committed
6 7 8

secrets:
  webserver_cert:
Jacob Priddy's avatar
Jacob Priddy committed
9
    name: webserver_cert-${CI_JOB_ID}
Jacob Priddy's avatar
Jacob Priddy committed
10
    file: $WEBSERVER_CERT
Jacob Priddy's avatar
Jacob Priddy committed
11
  webserver_key:
Jacob Priddy's avatar
Jacob Priddy committed
12
    name: webserver_key-${CI_JOB_ID}
Jacob Priddy's avatar
Jacob Priddy committed
13
    file: $WEBSERVER_KEY
Jacob Priddy's avatar
Jacob Priddy committed
14
  root_cert:
Jacob Priddy's avatar
Jacob Priddy committed
15
    name: root_cert-${CI_JOB_ID}
Jacob Priddy's avatar
Jacob Priddy committed
16
    file: $ROOT_CERT
17
  wwu_webserver_cert:
Jacob Priddy's avatar
Jacob Priddy committed
18
    name: wwu_webserver_cert-${CI_JOB_ID}
Jacob Priddy's avatar
Jacob Priddy committed
19
    file: $WWU_WEBSERVER_CERT
20
  wwu_webserver_key:
Jacob Priddy's avatar
Jacob Priddy committed
21
    name: wwu_webserver_key-${CI_JOB_ID}
Jacob Priddy's avatar
Jacob Priddy committed
22
    file: $WWU_WEBSERVER_KEY
23
  wwu_root_cert:
Jacob Priddy's avatar
Jacob Priddy committed
24
    name: wwu_root_cert-${CI_JOB_ID}
Jacob Priddy's avatar
Jacob Priddy committed
25
    file: $WWU_ROOT_CERT
Jacob Priddy's avatar
Jacob Priddy committed
26
  postgres_password:
27
    name: postgres_password
Jacob Priddy's avatar
Jacob Priddy committed
28
    file: $POSTGRES_PASSWORD
Jacob Priddy's avatar
Jacob Priddy committed
29 30

volumes:
31
  doorcode_db:
Jacob Priddy's avatar
Jacob Priddy committed
32 33 34
    external: true
  doorcode_pgadmin-data:
    external: true
Jacob Priddy's avatar
Jacob Priddy committed
35 36 37

services:
  webserver:
Jacob Priddy's avatar
Jacob Priddy committed
38
    image: $NGINX_IMAGE_NAME
Jacob Priddy's avatar
Jacob Priddy committed
39
    healthcheck:
Jacob Priddy's avatar
Jacob Priddy committed
40
      test: [ "CMD", "curl", "--fail", "--insecure", "--silent", "https://localhost/health" ]
Jacob Priddy's avatar
Jacob Priddy committed
41 42 43
      interval: 30s
      timeout: 3s
      retries: 3
Jacob Priddy's avatar
Jacob Priddy committed
44 45 46 47
    secrets:
      - webserver_cert
      - webserver_key
      - root_cert
48 49 50
      - wwu_webserver_cert
      - wwu_webserver_key
      - wwu_root_cert
Jacob Priddy's avatar
Jacob Priddy committed
51
    ports:
52
      - '4433:4433'
Jacob Priddy's avatar
Jacob Priddy committed
53 54
      - '443:443'
      - '80:80'
Jacob Priddy's avatar
Jacob Priddy committed
55
    volumes:
Jacob Priddy's avatar
Jacob Priddy committed
56 57 58
      - $PROJ_DIR/simple-saml/cert:/var/simplesamlphp/cert:ro
      - $PROJ_DIR/simple-saml/config:/var/simplesamlphp/config:ro
      - $PROJ_DIR/simple-saml/metadata:/var/simplesamlphp/metadata
59 60 61 62
    logging:
      options:
        max-size: "10m"
        max-file: "3"
Jacob Priddy's avatar
Jacob Priddy committed
63 64
    networks:
      - doorcode
Jacob Priddy's avatar
Jacob Priddy committed
65 66 67 68 69 70 71 72
    deploy:
      update_config:
        order: start-first
        failure_action: rollback
        delay: 5s
      rollback_config:
        parallelism: 0
        order: stop-first
Jacob Priddy's avatar
Jacob Priddy committed
73
  postgres:
74
    image: postgres:13-alpine
75 76
    secrets:
      - postgres_password
Jacob Priddy's avatar
Jacob Priddy committed
77
    volumes:
78
      - doorcode_db:/var/lib/postgresql/data
Jacob Priddy's avatar
Jacob Priddy committed
79 80 81 82
    environment:
      POSTGRES_USER: web
      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
      POSTGRES_DB: doorcode
Jacob Priddy's avatar
Jacob Priddy committed
83
      TZ: America/Los_Angeles
84 85 86 87
    logging:
      options:
        max-size: "10m"
        max-file: "3"
Jacob Priddy's avatar
Jacob Priddy committed
88 89 90
    networks:
      - doorcode
  dbadmin:
91
    image: dpage/pgadmin4:4.30
Jacob Priddy's avatar
Jacob Priddy committed
92
    volumes:
Jacob Priddy's avatar
Jacob Priddy committed
93
      - doorcode_pgadmin-data:/var/lib/pgadmin
Jacob Priddy's avatar
Jacob Priddy committed
94
    environment:
Jacob Priddy's avatar
Jacob Priddy committed
95 96
      PGADMIN_DEFAULT_EMAIL: admin@elock
      PGADMIN_DEFAULT_PASSWORD: Please change the default password.
97 98 99 100
    logging:
      options:
        max-size: "10m"
        max-file: "3"
Jacob Priddy's avatar
Jacob Priddy committed
101 102 103
    networks:
      - doorcode
  api:
Jacob Priddy's avatar
Jacob Priddy committed
104
    image: $DOORCODE_IMAGE_NAME
Jacob Priddy's avatar
Jacob Priddy committed
105 106 107 108 109 110 111
    environment:
      TZ: America/Los_Angeles
    healthcheck:
      test: [ "CMD", "/healthcheck.sh" ]
      interval: 30s
      timeout: 3s
      retries: 3
Jacob Priddy's avatar
Jacob Priddy committed
112
    volumes:
Jacob Priddy's avatar
Jacob Priddy committed
113 114 115 116
      - $PROJ_DIR/controller-bins:/var/www/backend/storage/app/controller/binaries:ro
      - $PROJ_DIR/simple-saml/cert:/var/simplesamlphp/cert:ro
      - $PROJ_DIR/simple-saml/config:/var/simplesamlphp/config:ro
      - $PROJ_DIR/simple-saml/metadata:/var/simplesamlphp/metadata
117 118 119 120
    logging:
      options:
        max-size: "10m"
        max-file: "3"
Jacob Priddy's avatar
Jacob Priddy committed
121 122
    networks:
      - doorcode
Jacob Priddy's avatar
Jacob Priddy committed
123 124 125 126 127 128 129 130
    deploy:
      update_config:
        order: start-first
        failure_action: rollback
        delay: 5s
      rollback_config:
        parallelism: 0
        order: stop-first