110 lines
2.9 KiB
YAML
110 lines
2.9 KiB
YAML
version: '3.8'
|
|
services:
|
|
db:
|
|
image: mongo:5.0
|
|
command: mongod --oplogSize 128 --quiet
|
|
volumes:
|
|
- wekan-db:/data/db
|
|
networks:
|
|
- internal
|
|
healthcheck:
|
|
test: echo 'db.runCommand("ping").ok' | mongo localhost:27017/test --quiet
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 10
|
|
start_period: 1m
|
|
deploy:
|
|
labels:
|
|
backupbot.backup: "true"
|
|
backupbot.backup.pre-hook: "mongodump --archive=/data/db/wekan.db"
|
|
backupbot.backup.post-hook: "rm -rf /data/db/wekan.db"
|
|
backupbot.backup.path: "/data/db/wekan.db"
|
|
|
|
app:
|
|
image: quay.io/wekan/wekan:v7.30
|
|
environment:
|
|
- MONGO_URL=mongodb://db:27017/wekan
|
|
- DOMAIN
|
|
- ROOT_URL
|
|
- DEBUG
|
|
- MAIL_URL
|
|
- MAIL_FROM
|
|
- WITH_API
|
|
- RICHER_CARD_COMMENT_EDITOR
|
|
- CORS
|
|
- CORS_ALLOW_HEADERS
|
|
- CORS_EXPOSE_HEADERS
|
|
- PASSWORD_LOGIN_ENABLED
|
|
- OAUTH2_ENABLED
|
|
- OAUTH2_LOGIN_STYLE
|
|
- OAUTH2_CLIENT_ID
|
|
- OAUTH2_SECRET_FILE=/run/secrets/oauth2_secret
|
|
- OAUTH2_SERVER_URL
|
|
- OAUTH2_AUTH_ENDPOINT
|
|
- OAUTH2_USERINFO_ENDPOINT
|
|
- OAUTH2_TOKEN_ENDPOINT
|
|
- OAUTH2_REQUEST_PERMISSIONS
|
|
- OAUTH2_ID_MAP
|
|
- OAUTH2_USERNAME_MAP
|
|
- OAUTH2_FULLNAME_MAP
|
|
- OAUTH2_EMAIL_MAP
|
|
- DEFAULT_AUTHENTICATION_METHOD
|
|
- PROPAGATE_OIDC_DATA
|
|
- OIDC_REDIRECTION_ENABLED
|
|
networks:
|
|
- internal
|
|
- proxy
|
|
depends_on:
|
|
- db
|
|
healthcheck:
|
|
test: node /build/healthcheck.js # no curl for healthcheck in wekan container
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 10
|
|
start_period: 1m
|
|
secrets:
|
|
- oauth2_secret
|
|
configs:
|
|
- source: healthcheck_js
|
|
target: /build/healthcheck.js
|
|
mode: 0555
|
|
- source: entrypoint
|
|
target: /home/wekan/app/docker-entrypoint.sh
|
|
mode: 0555
|
|
entrypoint: /home/wekan/app/docker-entrypoint.sh
|
|
deploy:
|
|
update_config:
|
|
failure_action: rollback
|
|
order: start-first
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=proxy"
|
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
- "coop-cloud.${STACK_NAME}.version=2.1.0+v7.30"
|
|
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
|
|
|
volumes:
|
|
wekan-db:
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
internal:
|
|
|
|
configs:
|
|
healthcheck_js:
|
|
name: ${STACK_NAME}_healthcheck_js
|
|
file: healthcheck.js
|
|
entrypoint:
|
|
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
|
file: entrypoint.sh.tmpl
|
|
template_driver: golang
|
|
|
|
secrets:
|
|
oauth2_secret:
|
|
name: ${STACK_NAME}_oauth2_secret_${SECRET_OAUTH2_SECRET_VERSION}
|
|
external: true
|