-
Notifications
You must be signed in to change notification settings - Fork 3
/
compose.yml
40 lines (36 loc) · 1.27 KB
/
compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
secrets:
# HACK: the /dev/null default is because a value must be provided no matter
# what, but I don't want these envvars to be mandatory by default. Shouldn't
# need envvars to e.g. `docker compose exec` or `docker compose run`!
tls-cert-file:
file: "${TLS_CERT_FILE:-/dev/null}"
tls-key-file:
file: "${TLS_KEY_FILE:-/dev/null}"
services:
usaon-benefit-tool:
image: "nsidc/usaon-benefit-tool:${USAON_BENEFIT_TOOL_VERSION:-latest}"
container_name: "usaon-benefit-tool"
# Resources
ports:
- "443:5000"
environment:
# Flask Dance recommends setting this in production:
# https://flask-dance.readthedocs.io/en/v0.8.0/quickstarts/google.html#code
OAUTHLIB_RELAX_TOKEN_SCOPE: "1"
# If this envvar is set on the host, pass it through. If "true", our app
# (actually, Werkzeug does it for us) looks for `X-FORWARDED-PREFIX`
# header to determine the base path for the app.
USAON_BENEFIT_TOOL_PROXY:
# Number of Gunicorn workers to spin up
NUM_WORKERS:
secrets:
- source: "tls-cert-file"
target: "site.crt"
- source: "tls-key-file"
target: "site.key"
# Policies
restart: "unless-stopped"
logging:
options:
max-size: "20m"
max-file: "5"