-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
152 lines (144 loc) · 3.63 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
version: '3.3'
services:
database:
restart: always
image: mariadb:10.0.23
deploy:
placement:
constraints:
- node.labels.database == true
command: mysqld --character-set-server=utf8 --collation-server=utf8_unicode_ci --init-connect='SET NAMES UTF8;' --innodb-flush-log-at-trx-commit=0
environment:
- MYSQL_ROOT_PASSWORD
- MYSQL_DATABASE
volumes:
- db:/var/lib/mysql
adminer:
restart: always
image: adminer
deploy:
placement:
constraints:
- node.labels.database == true
depends_on:
- database
registry:
restart: always
image: registry
deploy:
placement:
constraints:
- node.labels.registry == true
ports:
- 5000:5000
environment:
REGISTRY_STORAGE_DELETE_ENABLED: "true"
# SSL
REGISTRY_HTTP_TLS_CERTIFICATE: /run/secrets/cert.crt
REGISTRY_HTTP_TLS_KEY: /run/secrets/privkey.key
# Authentication
REGISTRY_AUTH_TOKEN_REALM: https://${MACHINE_FQDN}/v2/token
REGISTRY_AUTH_TOKEN_SERVICE: ${MACHINE_FQDN}
REGISTRY_AUTH_TOKEN_ISSUER: ${MACHINE_FQDN}
REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /run/secrets/cert.crt
# Portus endpoint
REGISTRY_NOTIFICATIONS_ENDPOINTS: >
- name: portus
url: https://${MACHINE_FQDN}/v2/webhooks/events
timeout: 2000ms
threshold: 5
backoff: 1s
secrets:
- cert.crt
- privkey.key
volumes:
- /registry:/var/lib/registry
portus:
restart: always
image: opensuse/portus:2.3
deploy:
placement:
constraints:
- node.labels.portus == true
ports:
- 3000:3000
environment:
- PORTUS_MACHINE_FQDN_VALUE=${MACHINE_FQDN}
- PORTUS_DELETE_ENABLED=true
- PORTUS_REGISTRY_JWT_EXPIRATION_TIME_VALUE=150
# DB
- PORTUS_DB_HOST=database
- PORTUS_DB_DATABASE=${MYSQL_DATABASE}
- PORTUS_DB_PASSWORD=${MYSQL_ROOT_PASSWORD}
- PORTUS_DB_POOL=5
# Secrets
- PORTUS_SECRET_KEY_BASE
- PORTUS_KEY_PATH=/run/secrets/privkey.key
- PORTUS_PASSWORD
# SSL
- PORTUS_PUMA_TLS_KEY=/run/secrets/privkey.key
- PORTUS_PUMA_TLS_CERT=/run/secrets/cert.crt
secrets:
- cert.crt
- privkey.key
volumes:
- static:/srv/Portus/public
depends_on:
- database
- registry
background:
restart: always
image: opensuse/portus:2.3
deploy:
placement:
constraints:
- node.labels.portus == true
environment:
- PORTUS_MACHINE_FQDN_VALUE=${MACHINE_FQDN}
- CCONFIG_PREFIX=PORTUS
- PORTUS_BACKGROUND=true
- PORTUS_BACKGROUND_REGISTRY_ENABLED=true
- PORTUS_BACKGROUND_SYNC_ENABLED=true
- PORTUS_BACKGROUND_SYNC_STRATEGY=update-delete
# DB
- PORTUS_DB_HOST=database
- PORTUS_DB_DATABASE=${MYSQL_DATABASE}
- PORTUS_DB_PASSWORD=${MYSQL_ROOT_PASSWORD}
- PORTUS_DB_POOL=5
# Secrets
- PORTUS_SECRET_KEY_BASE
- PORTUS_KEY_PATH=/run/secrets/privkey.key
- PORTUS_PASSWORD
secrets:
- cert.crt
- privkey.key
depends_on:
- database
- registry
- portus
nginx:
restart: always
image: nels/docker-nginx
deploy:
placement:
constraints:
- node.labels.portus == true
ports:
- 80:80
- 443:443
volumes:
- static:/srv/Portus/public:ro
secrets:
- cert.crt
- privkey.key
depends_on:
- registry
- portus
volumes:
db:
static:
secrets:
cert.crt:
external: true
privkey.key:
external: true