forked from coop-cloud/wekan
118 lines
3.1 KiB
YAML
118 lines
3.1 KiB
YAML
version: '3.8'
|
|
services:
|
|
db:
|
|
image: mongo:6.0
|
|
environment:
|
|
- LOGO_IMG_URL
|
|
- LOGO_LINK_URL
|
|
command: mongod --oplogSize 128 --quiet
|
|
volumes:
|
|
- wekan-db:/data/db
|
|
networks:
|
|
- internal
|
|
healthcheck:
|
|
test: echo 'db.runCommand("ping").ok' | mongosh localhost:27017/test --quiet
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 10
|
|
start_period: 1m
|
|
deploy:
|
|
labels:
|
|
backupbot.backup: "${ENABLE_BACKUPS:-true}"
|
|
backupbot.backup.pre-hook: "mongodump --archive=/data/db/wekan.db"
|
|
backupbot.backup.volumes.wekan-db.path: "wekan.db"
|
|
backupbot.restore.post-hook: 'mongorestore --drop --archive=/data/db/wekan.db'
|
|
|
|
app:
|
|
image: quay.io/wekan/wekan:v7.97
|
|
environment:
|
|
- MONGO_URL=mongodb://db:27017/wekan
|
|
- NODE_OPTIONS="--max_old_space_size=4096"
|
|
- DOMAIN
|
|
- ROOT_URL
|
|
- DEBUG
|
|
- MAIL_URL
|
|
- MAIL_FROM
|
|
- WITH_API
|
|
- RICHER_CARD_COMMENT_EDITOR
|
|
- CORS
|
|
- CORS_ALLOW_HEADERS
|
|
- CORS_EXPOSE_HEADERS
|
|
- PASSWORD_LOGIN_ENABLED
|
|
- OAUTH2_ENABLED
|
|
- OAUTH2_LOGIN_STYLE
|
|
- OAUTH2_CLIENT_ID
|
|
- OAUTH2_SECRET_FILE=/run/secrets/oauth2_secret
|
|
- OAUTH2_SERVER_URL
|
|
- OAUTH2_AUTH_ENDPOINT
|
|
- OAUTH2_USERINFO_ENDPOINT
|
|
- OAUTH2_TOKEN_ENDPOINT
|
|
- OAUTH2_REQUEST_PERMISSIONS
|
|
- OAUTH2_ID_MAP
|
|
- OAUTH2_USERNAME_MAP
|
|
- OAUTH2_FULLNAME_MAP
|
|
- OAUTH2_EMAIL_MAP
|
|
- DEFAULT_AUTHENTICATION_METHOD
|
|
- PROPAGATE_OIDC_DATA
|
|
- OIDC_REDIRECTION_ENABLED
|
|
- WRITABLE_PATH=/data
|
|
volumes:
|
|
- wekan-files:/data:rw
|
|
networks:
|
|
- internal
|
|
- proxy
|
|
depends_on:
|
|
- db
|
|
healthcheck:
|
|
test: bash /build/healthcheck.sh
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 10
|
|
start_period: 3m
|
|
secrets:
|
|
- oauth2_secret
|
|
configs:
|
|
- source: healthcheck_sh
|
|
target: /build/healthcheck.sh
|
|
mode: 0555
|
|
- source: entrypoint
|
|
target: /home/wekan/app/docker-entrypoint.sh
|
|
mode: 0555
|
|
entrypoint: /home/wekan/app/docker-entrypoint.sh
|
|
deploy:
|
|
update_config:
|
|
failure_action: rollback
|
|
order: start-first
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=proxy"
|
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
- "coop-cloud.${STACK_NAME}.version=3.4.0+v7.97"
|
|
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
|
|
|
volumes:
|
|
wekan-db:
|
|
wekan-files:
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
internal:
|
|
|
|
configs:
|
|
healthcheck_sh:
|
|
name: ${STACK_NAME}_healthcheck_sh
|
|
file: healthcheck.sh
|
|
entrypoint:
|
|
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
|
file: entrypoint.sh.tmpl
|
|
template_driver: golang
|
|
|
|
secrets:
|
|
oauth2_secret:
|
|
name: ${STACK_NAME}_oauth2_secret_${SECRET_OAUTH2_SECRET_VERSION}
|
|
external: true
|