add secrets
This commit is contained in:
parent
f1d76714be
commit
04df81ea8f
|
@ -6,3 +6,7 @@ DOMAIN=limesurvey.example.com
|
|||
#EXTRA_DOMAINS=', `www.limesurvey.example.com`'
|
||||
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||
SECRET_LIMESURVEY_ADMIN_PASSWORD_VERSION=v1
|
44
compose.yml
44
compose.yml
|
@ -11,10 +11,20 @@ services:
|
|||
- internal
|
||||
environment:
|
||||
- "DB_HOST=${STACK_NAME}_db"
|
||||
- "DB_PASSWORD=secret"
|
||||
- "ADMIN_PASSWORD=foobar"
|
||||
- "DB_PASSWORD_FILE=/run/secrets/db_password"
|
||||
- "ADMIN_PASSWORD_FILE=/run/secrets/limesurvey_admin_password"
|
||||
- "PUBLIC_URL=https://${DOMAIN}"
|
||||
- "BASE_URL=https://${DOMAIN}"
|
||||
configs:
|
||||
- source: entrypoint
|
||||
target: /usr/local/bin/custom-entrypoint.sh
|
||||
mode: 0555
|
||||
secrets:
|
||||
- db_password
|
||||
- limesurvey_admin_password
|
||||
entrypoint: /usr/local/bin/custom-entrypoint.sh
|
||||
volumes:
|
||||
- app:/var/www/html/upload/surveys
|
||||
deploy:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
|
@ -27,6 +37,12 @@ services:
|
|||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
- "coop-cloud.${STACK_NAME}.version="
|
||||
healthcheck:
|
||||
test: ["CMD", "curl", "-f", "http://localhost:8080"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 1m
|
||||
db:
|
||||
image: mysql:5.7
|
||||
networks:
|
||||
|
@ -34,15 +50,35 @@ services:
|
|||
environment:
|
||||
- "MYSQL_USER=limesurvey"
|
||||
- "MYSQL_DATABASE=limesurvey"
|
||||
- "MYSQL_PASSWORD=secret"
|
||||
- "MYSQL_ROOT_PASSWORD=secret"
|
||||
- "MYSQL_PASSWORD_FILE=/run/secrets/db_password"
|
||||
- "MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password"
|
||||
volumes:
|
||||
- mariadb:/var/lib/mysql
|
||||
secrets:
|
||||
- db_password
|
||||
- db_root_password
|
||||
|
||||
volumes:
|
||||
app:
|
||||
mariadb:
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
internal:
|
||||
|
||||
configs:
|
||||
entrypoint:
|
||||
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
||||
file: entrypoint.sh
|
||||
|
||||
secrets:
|
||||
db_root_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
|
||||
db_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
||||
limesurvey_admin_password:
|
||||
external: true
|
||||
name: ${STACK_NAME}_limesurvey_admin_password_${SECRET_LIMESURVEY_ADMIN_PASSWORD_VERSION}
|
|
@ -0,0 +1,29 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eu
|
||||
|
||||
file_env() {
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
local val="$def"
|
||||
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
file_env "ADMIN_PASSWORD"
|
||||
file_env "DB_PASSWORD"
|
||||
bash -c "/usr/local/bin/entrypoint.sh apache2-foreground"
|
Loading…
Reference in New Issue