forked from coop-cloud/hedgedoc
107 lines
3.4 KiB
YAML
107 lines
3.4 KiB
YAML
version: "3.8"
|
|
services:
|
|
app:
|
|
image: quay.io/hedgedoc/hedgedoc:1.9.8
|
|
environment:
|
|
- CMD_USECDN=false
|
|
- CMD_URL_ADDPORT=false
|
|
- CMD_DOMAIN=$DOMAIN
|
|
- CMD_PROTOCOL_USESSL=true
|
|
- CMD_HSTS_ENABLE=false
|
|
- CMD_DB_NAME=codimd
|
|
- CMD_DB_USER=codimd
|
|
- CMD_DB_HOST=db
|
|
- CMD_DB_PASSWORD_FILE=/run/secrets/db_password
|
|
- CMD_ALLOW_ANONYMOUS
|
|
- CMD_ALLOW_ANONYMOUS_EDITS
|
|
- CMD_ALLOW_EMAIL_REGISTER
|
|
- CMD_ALLOW_FREEURL
|
|
- CMD_ALLOW_GRAVATAR
|
|
- CMD_ALLOW_ORIGIN
|
|
- CMD_COOKIE_POLICY
|
|
- CMD_CSP_ADD_DISQUS
|
|
- CMD_CSP_ADD_GOOGLE_ANALYTICS
|
|
- CMD_CSP_ENABLE
|
|
- CMD_CSP_REPORTURI
|
|
- CMD_DEFAULT_PERMISSION
|
|
- CMD_EMAIL
|
|
- CMD_SESSION_LIFE
|
|
- DOCUMENT_MAX_LENGTH
|
|
depends_on:
|
|
- db
|
|
networks:
|
|
- proxy
|
|
- internal
|
|
volumes:
|
|
- codimd_uploads:/home/hackmd/app/public/uploads
|
|
secrets:
|
|
- db_password
|
|
entrypoint: /docker-entrypoint.sh
|
|
configs:
|
|
- source: entrypoint_conf
|
|
target: /docker-entrypoint.sh
|
|
mode: 0555
|
|
- source: config_json
|
|
target: /files/config.json
|
|
mode: 0555
|
|
deploy:
|
|
restart_policy:
|
|
condition: on-failure
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=proxy"
|
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
|
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
|
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
|
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
|
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
|
- coop-cloud.${STACK_NAME}.version=0.5.1+1.9.8
|
|
healthcheck:
|
|
test: "nodejs -e \"http.get('http://localhost:3000', (res) => { console.log('status: ', res.statusCode); if (res.statusCode == 200) { process.exit(0); } else { process.exit(1); } });\""
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 10
|
|
start_period: 1m
|
|
db:
|
|
image: postgres:11.20-alpine
|
|
environment:
|
|
- POSTGRES_USER=codimd
|
|
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
|
|
- POSTGRES_DB=codimd
|
|
volumes:
|
|
- "postgres:/var/lib/postgresql/data"
|
|
secrets:
|
|
- db_password
|
|
networks:
|
|
- internal
|
|
deploy:
|
|
labels:
|
|
backupbot.backup: "true"
|
|
backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
|
|
backupbot.backup.post-hook: "rm -rf /tmp/backup"
|
|
backupbot.backup.path: "/tmp/backup/"
|
|
backupbot.restore: "true"
|
|
backupbot.restore.post-hook: "sh -c 'psql -U $${POSTGRES_USER} -d $${POSTGRES_DB} < ./backup.sql && rm -f ./backup.sql'"
|
|
volumes:
|
|
postgres:
|
|
codimd_uploads:
|
|
secrets:
|
|
db_password:
|
|
external: true
|
|
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
internal:
|
|
configs:
|
|
config_json:
|
|
name: ${STACK_NAME}_config_${ENTRYPOINT_CONF_VERSION}
|
|
file: config.json.tmpl
|
|
template_driver: golang
|
|
entrypoint_conf:
|
|
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}
|
|
file: entrypoint.sh.tmpl
|
|
template_driver: golang
|