191 lines
5.2 KiB
YAML
191 lines
5.2 KiB
YAML
---
|
|
version: "3.8"
|
|
|
|
services:
|
|
app:
|
|
image: bonfirenetworks/bonfire:${APP_VERSION:-1.0.4}-${APP_FLAVOUR:-social}-${APP_PLATFORM:-amd64}
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "10"
|
|
depends_on:
|
|
- db
|
|
environment:
|
|
- PUBLIC_PORT=443
|
|
- MIX_ENV=prod
|
|
|
|
- HOSTNAME=${DOMAIN}
|
|
- INSTANCE_DESCRIPTION
|
|
- DISABLE_DB_AUTOMIGRATION
|
|
- UPLOAD_LIMIT
|
|
- INVITE_KEY
|
|
- LANG=${LANG:-en_US.UTF-8}
|
|
- SEEDS_USER=${SEEDS_USER:-root}
|
|
- ERLANG_COOKIE=${ERLANG_COOKIE:-bonfire_cookie}
|
|
- REPLACE_OS_VARS=${REPLACE_OS_VARS:-true}
|
|
- LIVEVIEW_ENABLED=${LIVEVIEW_ENABLED:-true}
|
|
- APP_NAME={APP_NAME:-Bonfire}
|
|
- PLUG_SERVER
|
|
- WITH_LV_NATIVE=${WITH_LV_NATIVE:-0}
|
|
- WITH_IMAGE_VIX=${WITH_IMAGE_VIX:-1}
|
|
- WITH_AI=${WITH_AI:-0}
|
|
- LIVE_DASHBOARD_LOGGER=${LIVE_DASHBOARD_LOGGER:-false}
|
|
|
|
- DB_SLOW_QUERY_MS
|
|
- DB_STATEMENT_TIMEOUT
|
|
- DB_MIGRATE_INDEXES_CONCURRENTLY
|
|
|
|
- MAIL_BACKEND=${MAIL_BACKEND:-none}
|
|
- MAIL_DOMAIN
|
|
- MAIL_FROM
|
|
- MAIL_KEY
|
|
- MAIL_PROJECT_ID
|
|
- MAIL_PRIVATE_KEY
|
|
- MAIL_BASE_URI
|
|
- MAIL_REGION
|
|
- MAIL_SERVER
|
|
- MAIL_USER
|
|
- MAIL_PASSWORD
|
|
- MAIL_PORT
|
|
- MAIL_TLS
|
|
- MAIL_SSL
|
|
- MAIL_SMTP_AUTH
|
|
- MAIL_RETRIES
|
|
- MAIL_ARGS
|
|
|
|
- SENTRY_DSN
|
|
- OTEL_ENABLED
|
|
- OTEL_SERVICE_NAME
|
|
- OTEL_HONEYCOMB_API_KEY
|
|
- OTEL_LIGHTSTEP_API_KEY
|
|
|
|
- WEB_PUSH_SUBJECT
|
|
- WEB_PUSH_PUBLIC_KEY
|
|
- WEB_PUSH_PRIVATE_KEY
|
|
|
|
- AKISMET_API_KEY
|
|
- MAPBOX_API_KEY
|
|
- GEOLOCATE_OPENCAGEDATA
|
|
- GITHUB_TOKEN
|
|
|
|
- UPLOADS_S3_BUCKET
|
|
- UPLOADS_S3_ACCESS_KEY_ID
|
|
- UPLOADS_S3_SECRET_ACCESS_KEY
|
|
- UPLOADS_S3_REGION
|
|
- UPLOADS_S3_HOST
|
|
- UPLOADS_S3_SCHEME
|
|
- UPLOADS_S3_URL
|
|
- UPLOADS_S3_DEFAULT_URL
|
|
- UPLOADS_S3_URL_EXPIRATION_TTL
|
|
- AWS_ROLE_ARN
|
|
- AWS_WEB_IDENTITY_TOKEN_FILE
|
|
|
|
- ENABLE_SSO_PROVIDER
|
|
- OAUTH_ISSUER
|
|
|
|
- OPENID_1_DISPLAY_NAME
|
|
- OPENID_1_DISCOVERY
|
|
- OPENID_1_CLIENT_ID
|
|
- OPENID_1_CLIENT_SECRET
|
|
- OPENID_1_SCOPE
|
|
- OPENID_1_RESPONSE_TYPE
|
|
- OPENID_1_ENABLE_SIGNUP
|
|
|
|
- OAUTH_1_DISPLAY_NAME
|
|
- OAUTH_1_CLIENT_ID
|
|
- OAUTH_1_CLIENT_SECRET
|
|
- OAUTH_1_AUTHORIZE_URI
|
|
- OAUTH_1_ACCESS_TOKEN_URI
|
|
- OAUTH_1_USER_INFO_URI
|
|
- OAUTH_1_ENABLE_SIGNUP
|
|
|
|
- GITHUB_APP_CLIENT_ID
|
|
- GITHUB_CLIENT_SECRET
|
|
|
|
- ORCID_CLIENT_ID
|
|
- ORCID_CLIENT_SECRET
|
|
|
|
- GHOST_URL
|
|
- GHOST_CONTENT_API_KEY
|
|
- GHOST_ADMIN_API_KEY
|
|
- IFRAME_ALLOWED_ORIGINS
|
|
|
|
secrets:
|
|
- secret_key_base
|
|
- signing_salt
|
|
- encryption_salt
|
|
- meili_master_key
|
|
- seeds_pw
|
|
- livebook_password
|
|
volumes:
|
|
- upload-data:/opt/app/data/uploads
|
|
# - backup-data:/opt/app/data/backup
|
|
networks:
|
|
- proxy
|
|
- internal
|
|
entrypoint: ["/docker-entrypoint.sh", "./bin/bonfire", "start"]
|
|
configs:
|
|
- source: app_entrypoint
|
|
target: /docker-entrypoint.sh
|
|
mode: 0555
|
|
deploy:
|
|
restart_policy:
|
|
condition: on-failure
|
|
labels:
|
|
- "backupbot.backup=${ENABLE_BACKUPS:-true}"
|
|
#- backupbot.backup.volumes.upload-data: "true"
|
|
#- backupbot.backup.volumes.upload-data.path: "/opt/app/data/uploads"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=4000"
|
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
#- "traefik.http.routers.${STACK_NAME}.middlewares=error-pages-middleware"
|
|
#- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
|
#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
|
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
|
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:4000"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 10
|
|
start_period: 15s
|
|
|
|
volumes:
|
|
db-data:
|
|
upload-data:
|
|
# backup-data:
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
internal:
|
|
|
|
configs:
|
|
app_entrypoint:
|
|
name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION:-v3}
|
|
file: entrypoint.sh.tmpl
|
|
template_driver: golang
|
|
|
|
secrets:
|
|
secret_key_base:
|
|
external: true
|
|
name: ${STACK_NAME}_secret_key_base_${SECRET_SECRET_KEY_BASE_VERSION:-v1}
|
|
signing_salt:
|
|
external: true
|
|
name: ${STACK_NAME}_signing_salt_${SECRET_SIGNING_SALT_VERSION:-v1}
|
|
encryption_salt:
|
|
external: true
|
|
name: ${STACK_NAME}_encryption_salt_${SECRET_ENCRYPTION_SALT_VERSION:-v1}
|
|
meili_master_key:
|
|
external: true
|
|
name: ${STACK_NAME}_meili_master_key_${SECRET_MEILI_MASTER_KEY_VERSION:-v1}
|
|
seeds_pw:
|
|
external: true
|
|
name: ${STACK_NAME}_seeds_pw_${SECRET_SEEDS_PW_VERSION:-v1}
|
|
livebook_password:
|
|
external: true
|
|
name: ${STACK_NAME}_livebook_password_${SECRET_LIVEBOOK_PASSWORD_VERSION:-v1}
|