diff --git a/.env.sample b/.env.sample index b95b70b..6a3cb60 100644 --- a/.env.sample +++ b/.env.sample @@ -9,5 +9,5 @@ LETS_ENCRYPT_ENV=production SECRET_DB_PASSWORD_VERSION=v1 -RAILS_TRUSTED_PROXIES=['127.0.0.1', '::1', 'your-traefik_app'] +#RAILS_TRUSTED_PROXIES=['127.0.0.1', '::1', 'your-traefik_app'] X_FRAME_OPTIONS_ALLOW_FROM=none diff --git a/compose.yml b/compose.yml index 5008497..5fb5631 100644 --- a/compose.yml +++ b/compose.yml @@ -1,13 +1,51 @@ --- version: "3.8" -services: - zammad-backup: - image: zammad/zammad-docker-compose:zammad-postgresql-5.2.3-19 - command: ["zammad-backup"] +x-shared: + zammad-service: &zammad-service + environment: &zammad-environment + MEMCACHE_SERVERS: zammad-memcached:11211 + POSTGRESQL_DB: zammad_production + POSTGRESQL_HOST: zammad-postgresql + POSTGRESQL_USER: zammad + POSTGRESQL_PASS_FILE: /run/secrets/db_password + POSTGRESQL_PORT: 5432 + POSTGRESQL_OPTIONS: ?pool=50 + POSTGRESQL_DB_CREATE: + REDIS_URL: redis://zammad-redis:6379 + # Backup settings + BACKUP_DIR: "/var/tmp/zammad" + BACKUP_TIME: "${BACKUP_TIME:-03:00}" + #BACKUP_SLEEP: 86400 + HOLD_DAYS: 10 + TZ: "${TZ:-Europe/Berlin}" + # Allow passing in these variables via .env: + AUTOWIZARD_JSON: + AUTOWIZARD_RELATIVE_PATH: + ELASTICSEARCH_ENABLED: + ELASTICSEARCH_HOST: + ELASTICSEARCH_PORT: + ELASTICSEARCH_SCHEMA: + ELASTICSEARCH_NAMESPACE: + ELASTICSEARCH_REINDEX: + ELASTICSEARCH_SSL_VERIFY: + NGINX_PORT: + NGINX_SERVER_NAME: + NGINX_SERVER_SCHEME: https + RAILS_TRUSTED_PROXIES: + ZAMMAD_WEB_CONCURRENCY: + ZAMMAD_SESSION_JOBS: + ZAMMAD_PROCESS_SCHEDULED: + ZAMMAD_PROCESS_DELAYED_JOBS_WORKERS: + image: ghcr.io/zammad/zammad:6.3.1-95 + restart: on-failure + volumes: + - zammad-storage:/opt/zammad/storage + #old: - zammad-data:/opt/zammad depends_on: - - zammad-railsserver + - zammad-memcached - zammad-postgresql + - zammad-redis entrypoint: /custom-entrypoint.sh configs: - source: entrypoint @@ -15,148 +53,117 @@ services: mode: 0555 secrets: - db_password - environment: - - BACKUP_SLEEP=86400 - - HOLD_DAYS=10 - - POSTGRESQL_USER=zammad - - POSTGRESQL_PASS_FILE=/run/secrets/db_password + +services: + zammad-backup: + <<: *zammad-service + command: ["zammad-backup"] volumes: - zammad-backup:/var/tmp/zammad - - zammad-data:/opt/zammad + - zammad-storage:/opt/zammad/storage:ro + #old: - zammad-data:/opt/zammad + user: 0:0 deploy: labels: - "backupbot.backup=true" - "backupbot.backup.path=/var/tmp/zammad" zammad-elasticsearch: - image: zammad/zammad-docker-compose:zammad-elasticsearch-5.2.3-19 + image: bitnami/elasticsearch:8.14.3 + restart: on-failure + volumes: + - elasticsearch-data:/bitnami/elasticsearch/data environment: - discovery.type=single-node - volumes: - - elasticsearch-data:/usr/share/elasticsearch/data deploy: resources: limits: memory: 4G reservations: memory: 2G - + zammad-init: - image: zammad/zammad-docker-compose:zammad-5.2.3-19 + <<: *zammad-service command: ["zammad-init"] depends_on: - zammad-postgresql - entrypoint: /custom-entrypoint.sh - configs: - - source: entrypoint - target: /custom-entrypoint.sh - mode: 0555 - secrets: - - db_password - environment: - - MEMCACHE_SERVERS=zammad-memcached:11211 - - POSTGRESQL_USER=zammad - - POSTGRESQL_PASS_FILE=/run/secrets/db_password - - REDIS_URL=redis://zammad-redis:6379 - volumes: - - zammad-data:/opt/zammad - deploy: - restart_policy: - condition: on-failure + restart: on-failure + user: 0:0 + #deploy: + # restart_policy: + # condition: on-failure zammad-memcached: command: memcached -m 256M - image: memcached:1.6.17-alpine + image: memcached:1.6.29-alpine + restart: on-failure app: - image: zammad/zammad-docker-compose:zammad-5.2.3-19 + <<: *zammad-service command: ["zammad-nginx"] + #expose: + # - 8080 + #ports: + # - "8080:8080" depends_on: - zammad-railsserver - volumes: - - zammad-data:/opt/zammad networks: - proxy - default - environment: - - NGINX_SERVER_SCHEME=https - - RAILS_TRUSTED_PROXIES - - X_FRAME_OPTIONS_ALLOW_FROM deploy: - restart_policy: - condition: on-failure labels: - "traefik.enable=true" + - "traefik.docker.network=proxy" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-frameOptions" - - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=allow-from *.local-it.cloud" + - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect,${STACK_NAME}-frameOptions" + - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" + - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" + - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN" - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}" - ## Redirect from EXTRA_DOMAINS to DOMAIN - #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - - "coop-cloud.${STACK_NAME}.version=0.1.0+zammad-5.2.3-19" + - "coop-cloud.${STACK_NAME}.version=1.0.0+6.3.1-95" + - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" zammad-postgresql: - image: zammad/zammad-docker-compose:zammad-postgresql-5.2.3-19 + image: postgres:15.7-alpine environment: - - POSTGRES_USER=zammad - - POSTGRES_PASSWORD_FILE=/run/secrets/db_password - secrets: - - db_password + POSTGRES_DB: zammad_production + POSTGRES_USER: zammad + POSTGRES_PASSWORD_FILE: /run/secrets/db_password + restart: on-failure volumes: - postgresql-data:/var/lib/postgresql/data + secrets: + - db_password zammad-railsserver: - image: zammad/zammad-docker-compose:zammad-5.2.3-19 + <<: *zammad-service command: ["zammad-railsserver"] - depends_on: - - zammad-memcached - - zammad-postgresql - - zammad-redis - environment: - - MEMCACHE_SERVERS=zammad-memcached:11211 - - REDIS_URL=redis://zammad-redis:6379 - volumes: - - zammad-data:/opt/zammad + zammad-redis: - image: redis:6.2.7-alpine + image: redis:7.2.5-alpine + restart: on-failure + volumes: + - redis-data:/data zammad-scheduler: - image: zammad/zammad-docker-compose:zammad-5.2.3-19 + <<: *zammad-service command: ["zammad-scheduler"] - depends_on: - - zammad-memcached - - zammad-railsserver - - zammad-redis - environment: - - MEMCACHE_SERVERS=zammad-memcached:11211 - - REDIS_URL=redis://zammad-redis:6379 - volumes: - - zammad-data:/opt/zammad zammad-websocket: - image: zammad/zammad-docker-compose:zammad-5.2.3-19 + <<: *zammad-service command: ["zammad-websocket"] - depends_on: - - zammad-memcached - - zammad-railsserver - - zammad-redis - environment: - - MEMCACHE_SERVERS=zammad-memcached:11211 - - REDIS_URL=redis://zammad-redis:6379 - volumes: - - zammad-data:/opt/zammad volumes: elasticsearch-data: postgresql-data: + redis-data: zammad-backup: - zammad-data: + zammad-storage: + #zammad-data: networks: default: diff --git a/release/1.0.0+6.3.1-95 b/release/1.0.0+6.3.1-95 new file mode 100644 index 0000000..0134e3f --- /dev/null +++ b/release/1.0.0+6.3.1-95 @@ -0,0 +1 @@ +New Major Version, breaking change! Backup and restore your database. \ No newline at end of file