170 lines
4.3 KiB
YAML
170 lines
4.3 KiB
YAML
---
|
|
version: "3.8"
|
|
|
|
services:
|
|
|
|
app:
|
|
image: fung.uy/mycosystems/liberaforms:v4.7.0
|
|
configs:
|
|
- source: entrypoint
|
|
mode: 555
|
|
target: /custom-entrypoint.sh
|
|
entrypoint: /custom-entrypoint.sh
|
|
command: "/usr/bin/supervisord -n"
|
|
healthcheck:
|
|
test: ["CMD", "python", "-c", "import requests; print(requests.get('http://localhost:5000/').status_code)"]
|
|
timeout: 45s
|
|
interval: 10s
|
|
retries: 10
|
|
start_period: 1m
|
|
environment:
|
|
- ENABLE_LDAP=False
|
|
- FLASK_DEBUG=False
|
|
- FLASK_CONFIG=production
|
|
- DB_HOST=db
|
|
- DB_USER=liberaforms
|
|
- DB_PASSWORD_FILE=/run/secrets/db_password
|
|
- DB_NAME=liberaforms
|
|
- BASE_URL=https://${DOMAIN}
|
|
- SERVER_NAME=${DOMAIN}
|
|
- ROOT_USER=${ADMIN_USER}
|
|
- TMP_DIR=/tmp
|
|
- SECRET_KEY_FILE=/run/secrets/secret_key
|
|
- SESSION_TYPE=filesystem
|
|
- LOG_LEVEL=INFO
|
|
- LOG_DIR=/app/logs
|
|
- GUNICORN_WORKERS=${GUNICORN_WORKERS:-3}
|
|
- DEFAULT_LANGUAGE
|
|
- SECRET_KEY
|
|
- TOKEN_EXPIRATION
|
|
- DEFAULT_TIMEZONE
|
|
- ENABLE_UPLOADS
|
|
- TOTAL_UPLOADS_LIMIT
|
|
- DEFAULT_USER_UPLOADS_LIMIT
|
|
- ENABLE_REMOTE_STORAGE=False
|
|
- MAX_MEDIA_SIZE
|
|
- MAX_ATTACHMENT_SIZE
|
|
- ENABLE_PROMETHEUS_METRICS
|
|
- ENABLE_RSS_FEED
|
|
- LDAP_SERVER
|
|
- LDAP_ANONYMOUS_BIND
|
|
- LDAP_BIND_ACCOUNT
|
|
- LDAP_BIND_PASSWORD
|
|
- LDAP_USER_DN_LIST
|
|
- LDAP_SEARCH_BASE_DN
|
|
- LDAP_FILTER
|
|
- LDAP_MAIL_ATTRIB
|
|
- LDAP_RECOVER_PASSWD_URL
|
|
- E2EE_MODE
|
|
- CRYPTO_KEY_VERSION
|
|
deploy:
|
|
labels:
|
|
- "coop-cloud.${STACK_NAME}.version=1.0.1+v4.7.0"
|
|
- "backupbot.backup=true"
|
|
- "backupbot.backup.volumes.uploads=true"
|
|
- "backupbot.backup.volumes.log=false"
|
|
- "backupbot.backup.volumes.static=false"
|
|
volumes:
|
|
- uploads:/app/uploads
|
|
- log:/app/logs
|
|
- static:/app/liberaforms/static
|
|
- cryptokey:/cryptokey
|
|
secrets:
|
|
- db_password
|
|
- secret_key
|
|
networks:
|
|
internal:
|
|
aliases:
|
|
- "${STACK_NAME}-app"
|
|
|
|
proxy:
|
|
image: nginx:stable
|
|
networks:
|
|
- internal
|
|
- proxy
|
|
volumes:
|
|
- uploads:/liberaforms/uploads:ro
|
|
- static:/liberaforms/static:ro
|
|
environment:
|
|
- STACK_NAME
|
|
configs:
|
|
- source: nginx_conf
|
|
mode: 555
|
|
target: /etc/nginx/conf.d/default.conf
|
|
deploy:
|
|
restart_policy:
|
|
condition: on-failure
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
healthcheck:
|
|
test: [ "CMD", "curl", "-f", "http://localhost" ]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 10
|
|
start_period: 1m
|
|
|
|
db:
|
|
image: postgres:17
|
|
configs:
|
|
- source: pg_backup
|
|
target: /pg_backup.sh
|
|
mode: 0555
|
|
healthcheck:
|
|
test: [ "CMD", "pg_isready", "-q", "-d", "postgres", "-U", "liberaforms" ]
|
|
timeout: 45s
|
|
interval: 10s
|
|
retries: 10
|
|
environment:
|
|
POSTGRES_USER: liberaforms
|
|
POSTGRES_DB: liberaforms
|
|
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
|
|
deploy:
|
|
labels:
|
|
backupbot.backup.pre-hook: "/pg_backup.sh backup"
|
|
backupbot.backup.volumes.db.path: "backup.sql"
|
|
backupbot.restore.post-hook: "/pg_backup.sh restore"
|
|
volumes:
|
|
- db:/var/lib/postgresql/data
|
|
secrets:
|
|
- db_password
|
|
networks:
|
|
- internal
|
|
|
|
secrets:
|
|
db_password:
|
|
external: true
|
|
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
|
secret_key:
|
|
external: true
|
|
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
|
|
|
|
volumes:
|
|
uploads:
|
|
static:
|
|
log:
|
|
db:
|
|
cryptokey:
|
|
|
|
|
|
networks:
|
|
internal:
|
|
proxy:
|
|
external: true
|
|
|
|
configs:
|
|
entrypoint:
|
|
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
|
file: entrypoint.sh.tmpl
|
|
template_driver: golang
|
|
nginx_conf:
|
|
name: ${STACK_NAME}_nginx_conf_${NGINX_CONFIG_VERSION}
|
|
file: nginx.conf
|
|
template_driver: golang
|
|
pg_backup:
|
|
name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
|
|
file: pg_backup.sh
|