-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathopennews.yml
105 lines (84 loc) · 3.04 KB
/
opennews.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# https://traefik.io/blog/traefik-2-0-docker-101-fc2893944b9d/
# https://juliensalinas.com/en/traefik-reverse-proxy-docker-compose-docker-swarm-nlpcloud/
version: "3.9"
# Define networks
networks:
# Use the external network "traefik-public", shared with other
# services that need to be publicly available via this Traefik
traefik-public:
external: true
# Local network
opennews:
# Define volumes
volumes:
redis:
# Use external Docker secrets
secrets:
vault_token:
external: true
vault_keys_csv:
external: true
services:
# Service for the OpenNews api
api:
image: spamz23/opennews:api
# Command to start the server at port 8000
command: gunicorn opennews.wsgi:application -b 0.0.0.0:8000
deploy:
labels:
- traefik.enable=true
# Use the traefik-public network
- traefik.docker.network=traefik-public
# Add required label for traefik (Traefik will only use services with this label)
- traefik.constraint-label=traefik-public
# Routing
- traefik.http.routers.opennews-api.tls=true
- traefik.http.routers.opennews-api.entrypoints=websecure
- traefik.http.routers.opennews-api.rule=Host(`api.onews.dsilva.dev`)
- traefik.http.services.opennews-api.loadbalancer.server.port=8000
networks:
# Use the public network created to be shared between Traefik and
# any other service that needs to be publicly available with HTTPS
- traefik-public
- opennews
environment:
# Use production settings
DJANGO_SETTINGS_MODULE: opennews.settings.production
VAULT_URL: http://vault:8200/
VAULT_TOKEN: /run/secrets/vault_token # --------|
VAULT_KEYS_CSV: /run/secrets/vault_keys_csv # --|-->File location of Docker secret
CELERY_BROKER_URL: redis://redis:6379/ # -----|
CELERY_RESULT_BACKEND: redis://redis:6379/ #--|--> 'redis' (instead of e.g. localhost) because it is the name of the redis service
# Mount secrets from Swarm Manager
secrets:
- vault_token
- vault_keys_csv
# Redis database to serve as a message broker between backend
# and celeris worker
redis:
image: "redis:alpine"
volumes:
- "redis:/data"
# Add to local network
networks:
- opennews
# Celery background worker
celery:
image: spamz23/opennews:api
command: celery -A opennews worker -l info
environment:
# Use production settings
DJANGO_SETTINGS_MODULE: opennews.settings.production
VAULT_URL: http://vault:8200/
VAULT_TOKEN: /run/secrets/vault_token # --------|
VAULT_KEYS_CSV: /run/secrets/vault_keys_csv # --|-->File location of Docker secret
CELERY_BROKER_URL: redis://redis:6379/ # -----|
CELERY_RESULT_BACKEND: redis://redis:6379/ #--|--> 'redis' (instead of e.g. localhost) because it is the name of the redis service
# Add to local network and public network
networks:
- opennews
- traefik-public
# Mount secrets from Swarm Manager
secrets:
- vault_token
- vault_keys_csv