--- version: "3.8" services: app: image: ${APP_DOCKER_IMAGE} logging: driver: "json-file" options: max-size: "10m" max-file: "10" depends_on: - db environment: - POSTGRES_HOST=${STACK_NAME}_db - POSTGRES_USER=postgres - POSTGRES_DB=bonfire_db - PUBLIC_PORT=443 - MIX_ENV=prod - HOSTNAME - INVITE_ONLY - INSTANCE_DESCRIPTION - DISABLE_DB_AUTOMIGRATION - UPLOAD_LIMIT - INVITE_KEY - LANG - SEEDS_USER - ERLANG_COOKIE - REPLACE_OS_VARS - LIVEVIEW_ENABLED - APP_NAME - PLUG_SERVER - DB_SLOW_QUERY_MS - DB_STATEMENT_TIMEOUT - MAIL_BACKEND - MAIL_DOMAIN - MAIL_FROM # for Mailgun - MAIL_KEY - MAIL_BASE_URI # for SMTP - MAIL_SERVER - MAIL_USER - MAIL_PASSWORD - SENTRY_DSN - OTEL_ENABLED - OTEL_SERVICE_NAME - OTEL_HONEYCOMB_API_KEY - OTEL_LIGHTSTEP_API_KEY - WEB_PUSH_SUBJECT - WEB_PUSH_PUBLIC_KEY - WEB_PUSH_PRIVATE_KEY - MAPBOX_API_KEY - GEOLOCATE_OPENCAGEDATA - GITHUB_TOKEN - UPLOADS_S3_BUCKET - UPLOADS_S3_ACCESS_KEY_ID - UPLOADS_S3_SECRET_ACCESS_KEY - UPLOADS_S3_REGION - UPLOADS_S3_HOST - UPLOADS_S3_SCHEME - UPLOADS_S3_URL - ORCID_CLIENT_ID - ORCID_CLIENT_SECRET secrets: - postgres_password - secret_key_base - signing_salt - encryption_salt - meili_master_key - seeds_pw - livebook_password volumes: - upload-data:/opt/app/data/uploads networks: - proxy - internal entrypoint: ["/docker-entrypoint.sh", "./bin/bonfire", "start"] configs: - source: app_entrypoint target: /docker-entrypoint.sh mode: 0555 deploy: restart_policy: condition: on-failure labels: - "traefik.enable=true" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=4000" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" #- "traefik.http.routers.${STACK_NAME}.middlewares=error-pages-middleware" #- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" ## Redirect from EXTRA_DOMAINS to DOMAIN #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" # healthcheck: # test: ["CMD", "curl", "-f", "http://localhost"] # interval: 30s # timeout: 10s # retries: 10 # start_period: 1m db: image: ${DB_DOCKER_IMAGE} environment: # - POSTGRES_PASSWORD - POSTGRES_USER=postgres - POSTGRES_DB=bonfire_db - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password secrets: - postgres_password volumes: - db-data:/var/lib/postgresql/data # - type: tmpfs # target: /dev/shm # tmpfs: # size: 1096000000 # (about 1GB) networks: - internal # shm_size: ${DB_MEMORY_LIMIT} # tmpfs: # - /tmp:size=${DB_MEMORY_LIMIT} #entrypoint: ['tail', '-f', '/dev/null'] # uncomment when the Postgres DB is corrupted and won't start volumes: db-data: upload-data: networks: proxy: external: true internal: configs: app_entrypoint: name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION} file: entrypoint.sh.tmpl template_driver: golang secrets: postgres_password: external: true name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION} secret_key_base: external: true name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION} signing_salt: external: true name: ${STACK_NAME}_signing_salt_${SECRET_SIGNING_SALT_VERSION} encryption_salt: external: true name: ${STACK_NAME}_encryption_salt_${SECRET_ENCRYPTION_SALT_VERSION} meili_master_key: external: true name: ${STACK_NAME}_meili_master_key_${SECRET_MEILI_MASTER_KEY_VERSION} seeds_pw: external: true name: ${STACK_NAME}_seeds_pw_${SECRET_SEEDS_PW_VERSION} livebook_password: external: true name: ${STACK_NAME}_livebook_password_${SECRET_LIVEBOOK_PASSWORD_VERSION}