diff --git a/deploy b/deploy index 1eda117..89c84e0 100755 --- a/deploy +++ b/deploy @@ -81,9 +81,9 @@ def deploy_stack(username: str, password: str, stack_name: Optional[str] = "stac stacks = portainer.StacksApi(client) # Then, deploy the substacks using the API print("Deploying substacks via portainer API") - portainer_deploy_stack("networks", stacks, endpoint_id) - portainer_deploy_stack("volumes", stacks, endpoint_id) - portainer_deploy_stack("backend", stacks, endpoint_id) + # portainer_deploy_stack("networks", stacks, endpoint_id) + # portainer_deploy_stack("volumes", stacks, endpoint_id) + # portainer_deploy_stack("backend", stacks, endpoint_id) portainer_deploy_stack("frontend", stacks, endpoint_id) print("Stack deployed!") diff --git a/elab_db.yaml b/elab_db.yaml new file mode 100644 index 0000000..088486f --- /dev/null +++ b/elab_db.yaml @@ -0,0 +1,191 @@ +version: "3.8" + +services: + mysql: + image: mysql:8.0 + deploy: + replicas: 1 + restart_policy: + condition: on-failure + healthcheck: + test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"] + timeout: 20s + retries: 10 + cap_drop: + - AUDIT_WRITE + - MKNOD + - SYS_CHROOT + - SETFCAP + - NET_RAW + cap_add: + - SYS_NICE + # secrets: + # - elabftw_sql_key + environment: + MYSQL_DATABASE: "elabftw" + MYSQL_USER: "elabftw" + MYSQL_PASSWORD: "test" # MYSQL_PASSWORD_FILE: /run/secrets/elabftw_sql_key + MYSQL_ROOT_PASSWORD: "test" # MYSQL_RANDOM_ROOT_PASSWORD: 1 + MYSQL_HOST: "172.252.0.3" + MYSQL_ROOT_HOST: "172.252.0.3" # Must allow root access from any host or won't work on swarm + TZ: "Europe/Paris" + volumes: + - elabftw_sql:/var/lib/mysql + networks: + test_net: + ipv4_address: "172.252.0.2" + # - i-form_research_server_stack + + +networks: + test_net: + driver: bridge + ipam: + driver: default + config: + - subnet: 172.252.0.0/16 + +# This defines the NFS volumes for persistence +#! This requires nodes to be IP whitelisted in the NAS +volumes: + traefik: + driver: local + driver_opts: + type: nfs + device: ":volume1/traefik" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + letsencrypt: + driver: local + driver_opts: + type: nfs + device: ":volume1/letsencrypt" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + web: + driver: local + driver_opts: + type: nfs + device: ":volume1/web" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + grafana: + driver: local + driver_opts: + type: nfs + device: ":volume1/grafana" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_db: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/postgres_db" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_secrets: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/secrets" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_solr_data: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/solr-data" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_triggers: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/triggers" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_solr: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/solr" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_minio: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/minio-data" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_config: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/config" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_schema: + driver: local + driver_opts: + type: nfs + o: addr=192.168.1.237,nolock,soft,rw + device: ":volume1/dataverse/config/schema.xml" + # /opt/payara/appserver/glassfish/domains/domain1/config <- login config is here in container + dataverse_init: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/init.d" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_data: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/data" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_docroot: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/docroot" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + neo4j: + driver: local + driver_opts: + type: nfs + device: ":volume1/neo4j" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + senaite: + driver: local + driver_opts: + type: nfs + device: ":volume1/senaite" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + elabftw_uploads: + driver: local + driver_opts: + type: nfs + device: ":volume1/elabftw/uploads" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + elabftw_var: + driver: local + driver_opts: + type: nfs + device: ":volume1/elabftw/var" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + elabftw_etc: + driver: local + driver_opts: + type: nfs + device: ":volume1/elabftw/etc" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + elabftw_sql: + driver: local + driver_opts: + type: nfs + device: ":volume1/elabftw/sql" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + +# secrets: +# elabftw_sql_key: +# external: true +# elabftw_secret_key: +# external: true +# dataverse_postgres_key: +# external: true \ No newline at end of file diff --git a/elab_web.yaml b/elab_web.yaml new file mode 100644 index 0000000..0393e44 --- /dev/null +++ b/elab_web.yaml @@ -0,0 +1,189 @@ +services: + elabftw: + image: elabftw/elabimg:latest + deploy: + replicas: 1 + restart_policy: + condition: on-failure + cap_drop: + - ALL + cap_add: + - CHOWN + - SETGID + - SETUID + - FOWNER + - DAC_OVERRIDE + # secrets: + # - elabftw_sql_key + # - elabftw_secret_key + environment: + SECRET_KEY: def00000c729ff8686c923b5fd05bf1318920d8945ac75d2c5d8430e4cd6ac96620356faab74f9d601d74d7e5f9bb2dbafb4a12e66f4f250de172a126706a0f785aa1959 # /run/secrets/elabftw_secret_key + DB_HOST: "172.252.0.2" + DB_PORT: "3306" + DB_NAME: "elabftw" + DB_USER: "elabftw" + DB_PASSWORD: "test" # "/run/secrets/elabftw_sql_key" + # - DB_PASSWORD=$$DB_PASSWORD + # DB_CERT_PATH: "/mysql-cert/cert.pem" + PHP_TIMEZONE: "Europe/Paris" + TZ: "Europe/Paris" + SERVER_NAME: "I-Form eLabFTW" + SITE_URL: "127.0.0.1:443" # "elab.i-form.ie" + # DISABLE_HTTPS: 1 + ENABLE_LETSENCRYPT: 0 + ports: + # - "3148:443" + - "443:443" + volumes: + - elabftw_uploads:/elabftw/uploads + - elabftw_var:/var/elabftw + - elabftw_etc:/etc/elabftw + # if you have enabled letsencrypt, uncomment the line below + # path to the folder with TLS certificate + private key + # host:container + #- /etc/letsencrypt:/ssl + networks: + i-form_research_server_stack_test_net: + ipv4_address: "172.252.0.3" + # - i-form_research_server_stack + +networks: + i-form_research_server_stack_test_net: + external: true + +# This defines the NFS volumes for persistence +#! This requires nodes to be IP whitelisted in the NAS +volumes: + traefik: + driver: local + driver_opts: + type: nfs + device: ":volume1/traefik" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + letsencrypt: + driver: local + driver_opts: + type: nfs + device: ":volume1/letsencrypt" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + web: + driver: local + driver_opts: + type: nfs + device: ":volume1/web" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + grafana: + driver: local + driver_opts: + type: nfs + device: ":volume1/grafana" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_db: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/postgres_db" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_secrets: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/secrets" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_solr_data: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/solr-data" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_triggers: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/triggers" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_solr: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/solr" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_minio: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/minio-data" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_config: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/config" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_schema: + driver: local + driver_opts: + type: nfs + o: addr=192.168.1.237,nolock,soft,rw + device: ":volume1/dataverse/config/schema.xml" + # /opt/payara/appserver/glassfish/domains/domain1/config <- login config is here in container + dataverse_init: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/init.d" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_data: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/data" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + dataverse_docroot: + driver: local + driver_opts: + type: nfs + device: ":volume1/dataverse/docroot" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + neo4j: + driver: local + driver_opts: + type: nfs + device: ":volume1/neo4j" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + senaite: + driver: local + driver_opts: + type: nfs + device: ":volume1/senaite" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + elabftw_uploads: + driver: local + driver_opts: + type: nfs + device: ":volume1/elabftw/uploads" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + elabftw_var: + driver: local + driver_opts: + type: nfs + device: ":volume1/elabftw/var" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + elabftw_etc: + driver: local + driver_opts: + type: nfs + device: ":volume1/elabftw/etc" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" + elabftw_sql: + driver: local + driver_opts: + type: nfs + device: ":volume1/elabftw/sql" + o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" \ No newline at end of file diff --git a/elabftw-compose.yaml b/elabftw-compose.yaml new file mode 100644 index 0000000..13c8c3c --- /dev/null +++ b/elabftw-compose.yaml @@ -0,0 +1,457 @@ +# docker-elabftw configuration file +# use : "docker-compose up -d" to start containers +# this config file contains all the possible configuration options, shown with default values +# https://hub.docker.com/r/elabftw/elabimg/ +# https://www.elabftw.net +version: "3" + +# our first container is nginx + php-fpm + elabftw +services: + web: + # the latest tag points to the latest stable version + # use the next tag to use alpha/beta version + # use a specific version to pin the image + # example: elabftw/elabimg:4.0.5 + # default value: elabftw/elabimg:latest + image: elabftw/elabimg:latest + # this ensures the container will be restarted after a reboot of the server + # default value: always + restart: always + # comment this out if you use several containers with redis, as you can't have several containers with the same name + # default value: elabftw + container_name: elabftw + # make sure we wait for mysql to be available before starting + # comment this out if you're not using a mysql container + # note: the mysql container needs an healthcheck block for this to work + depends_on: + - mysql + + # limit number of processes + # this option is commented out because it is not in v3 of compose files, only v2 + # even though it works as expected in a v3 file with recent docker-compose + #pids_limit: 42 + + # add a security flag to prevent a process gaining new privileges + security_opt: + - no-new-privileges:true + + # restrict capabilities of the root user to the strict minimum + # see CIS Docker Benchmark v1.5 5.3 + # see ANSSI-FT-082 23/09/2020 R8 + # WARNING: for Centos7/8, comment out these lines (cap_drop and cap_add) + # If you get this error in the logs: + # nginx: [emerg] bind() to 0.0.0.0:443 failed (13: Permission denied) + # comment out these lines! + cap_drop: + - ALL + cap_add: + - CHOWN + - SETGID + - SETUID + - FOWNER + - DAC_OVERRIDE + + # environment variables passed to the container to configure options at run time (when container is started) + # commented variables are optional + environment: + ####################### + # MYSQL CONFIGURATION # + ####################### + # name of the MySQL server (by default "mysql" the name of the mysql container in default elabftw Docker configuration) + # you can put here the IP address of an existing MySQL server if you already have one running + # default value: mysql + - DB_HOST=mysql + + # port on which the MySQL server is listening + # you probably don't need to modify this value + # default value: 3306 + - DB_PORT=3306 + + # name of the MySQL database + # you probably don't need to modify this value + # default value: elabftw + - DB_NAME=elabftw + + # MySQL user with write access to the previously named database + # you probably don't need to modify this value + # default value: elabftw + - DB_USER=elabftw + + # MySQL password; a random password has been generated for you but feel free to change it if needed + # default value: generated randomly if you get the config from get.elabftw.net + #- DB_PASSWORD=secr3t + + # Mysql Cert path: you only need this if you connect to a mysql server with tls + # Use a volume that points to /mysql-cert in the container + # optional + #- DB_CERT_PATH=/mysql-cert/cert.pem + + ##################### + # PHP CONFIGURATION # + ##################### + # the timezone in which the server is + # better if changed (see list of available values: http://php.net/manual/en/timezones.php + - PHP_TIMEZONE=Europe/Paris + # again + - TZ=Europe/Paris + + # optional: set the limit of simultaneous request that will be served + # see http://php.net/manual/en/install.fpm.configuration.php + # default value: 50 + #- PHP_MAX_CHILDREN=50 + + # optional: adjust the max execution time of PHP scripts. Allows for bigger ZIP exports. + # default value: 120 + #- PHP_MAX_EXECUTION_TIME=120 + + # optional: adjust the amount of memory available to PHP, increase it if you run into issues + # example value: 512M + # default value: 256M + #- MAX_PHP_MEMORY=256M + + # optional: set a password to get access to /php-status, which will display various metrics about the php-fpm processes + # also works for /nginx-status, for metrics about nginx process + # if this is not set, a random password will be generated but never displayed, effectively disabling access to this endpoint + # the enpdoint can be accessed with the "elabftw" user, and the password you set below + # example value: my-cool-password + # default value: not set + #- STATUS_PASSWORD= + + ######################### + # ELABFTW CONFIGURATION # + ######################### + # The secret key is used for encrypting the SMTP and Timestamping passwords + # A random one has been generated for you, if you wish to change it you can + # get another secret key from https://get.elabftw.net/?key + # if you don't want to get it from an external source you can also do that: + # docker run --rm -t --entrypoint '/bin/sh' elabftw/elabimg -c "php -d memory_limit=10M -d open_basedir='' bin/console tools:genkey" + # Note: the value MUST be generated as shown in the methods above. + # default value: generated randomly if you get the config from get.elabftw.net + # - SECRET_KEY= + + # The canonical URL to the website, including port if not standard + # Use the user-facing URL here. + # example value: https://elab.uni-delta.fr + # example value: https://elab.uni-delta.fr:3148 + - SITE_URL=http://127.0.0.1:443 + + # optional: adjust maximum size of uploaded files + # default value: 100M + #- MAX_UPLOAD_SIZE=100M + + # optional: s3 storage credentials + #- ELAB_AWS_ACCESS_KEY= + #- ELAB_AWS_SECRET_KEY= + + ####################### + # NGINX CONFIGURATION # + ####################### + # change to your server name in nginx config + # default value: localhost + # example value: elab.uni.edu + - SERVER_NAME=localhost + + # optional: disable https, use this to have an http server listening on port 443 + # useful if the SSL stack is handled by haproxy or something alike + # default value: false + - DISABLE_HTTPS=false + + # set to true to use letsencrypt or other certificates + # note: does nothing if DISABLE_HTTPS is set to true + # default value: false + - ENABLE_LETSENCRYPT=false + + # optional: enable ipv6 (make sure you have an AAAA dns record!) + # default value: false + #- ENABLE_IPV6=false + + # optional: adjust the user/group that will own the uploaded files (and run the webserver) + # useful if your files are stored on an NFS mount point where the files ownership are imposed by the NFS server + # default value: nginx + # example value: nobody + #- ELABFTW_USER=nginx + # default value: nginx + # example value: nobody + #- ELABFTW_GROUP=nginx + # default value: 101 + # example value: 65534 + #- ELABFTW_USERID=101 + # default value: 101 + # example value: 65534 + #- ELABFTW_GROUPID=101 + + # optional: enable if you want nginx to be configured with set_real_ip_from directives + # default value: false + #- SET_REAL_IP=false + # the IP address/addresses. Separate them with a , AND A SPACE. Several set_real_ip_from lines will be added to the nginx config. One for each. + # this does nothing if SET_REAL_IP is set to false + #- SET_REAL_IP_FROM=192.168.31.48, 192.168.0.42, 10.10.13.37 + + # optional: adjust the number of worker processes nginx will spawn + # default value: auto + # if auto doesn't work for you, use the number of cores available on the server (or less) + #- NGINX_WORK_PROC=auto + + # optional: allow javascript code to call the API from an external service + # this will add a response header Access-Control-Allow-Origin with content of the env var as value + # mdn doc: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin + # default: header not set (empty value) + # example value: app.example.org + # example value: * + #- ALLOW_ORIGIN= + + # optional: define methods allowed to javascript code calling the API from an external service + # this will add a response header Access-Control-Allow-Methods with content of the env var as value + # mdn doc: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods + # default: header not set (empty value) + # example value: GET, POST, PATCH + #- ALLOW_METHODS= + + # optional: define headers allowed to javascript code calling the API from an external service + # this will add a response header Access-Control-Allow-Headers with content of the env var as value + # mdn doc: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers + # default: header not set (empty value) + # example value: Content-Type, Authorization + #- ALLOW_HEADERS= + + # optional: modify the keepalive_timeout value + # nginx doc: http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout + # default: 10s + # example value: 5s + #- KEEPALIVE_TIMEOUT=10s + + ####################### + # REDIS CONFIGURATION # + ####################### + # optional: use a redis server to store the PHP sessions + # default value: false + #- USE_REDIS=false + # optional: set an IP or hostname for the redis server + # default value: redis + #- REDIS_HOST=redis + # optional: set a custom port for redis + # default value: 6379 + #- REDIS_PORT=6379 + # optional: set a username for redis + # default value: + #- REDIS_USERNAME= + # optional: set a password for redis + # default value: + #- REDIS_PASSWORD= + + ###################### + # LDAP CONFIGURATION # + ###################### + # optional: configure ldap certificate verification behavior: will create /etc/openldap/ldap.conf with TLS_REQCERT config line + # default value: false + # possible values: never, allow, try + #- LDAP_TLS_REQCERT=false + + ################# + # MISCELLANEOUS # + ################# + # optional: be less verbose during init + # default value: false + #- SILENT_INIT=false + + # optional: automatically install the database structure on container start + # default value: false + #- AUTO_DB_INIT=false + + # optional: automatically update the database structure on container start + # default value: false + #- AUTO_DB_UPDATE=false + + ####### + # DEV # + ####### + # set to true for development + # default value: false + #- DEV_MODE=false + + ports: + # Important note about exposing ports: due to the way Docker deals with the host firewall, it is recommended to use '127.0.0.1:1234:443' + # if you only want to expose the service locally (on port 1234 in this example). See https://github.com/moby/moby/issues/22054 + # Another option is to use the "expose" directive instead of "ports" and let your reverse proxy figure things out. + # + # if you want elabftw to run on a different port, change the first number + # host:container + - "443:443" + # if you are aiming for running multiple instances of this container you can put a range like so: + # - "3100-3200:443" + # use redis for session storage if that is the case, or configure your load balancer with sticky sessions + volumes: + # this is where you will keep the uploaded files persistently + # for Windows users it might look like this + # - D:\Users\Nico\elab-data\web:/elabftw/uploads + # host:container + - /var/elabftw/web:/elabftw/uploads + # + # TLS configuration + # + # Note: if your certificate is not from letsencrypt, make sure to have those two files: + # + # /etc/letsencrypt/live/SERVER_NAME/fullchain.pem + # /etc/letsencrypt/live/SERVER_NAME/privkey.pem + # + # in the folder /etc/letsencrypt (or any folder you like as long as you adapt the line below + # replace SERVER_NAME with the value of SERVER_NAME of course. + # + # if you have enabled letsencrypt, uncomment the line below + # path to the folder with TLS certificate + private key + # host:container + #- /etc/letsencrypt:/ssl + # + # MYSQL cert path + #- /path/to/cert/folder:/mysql-cert + + networks: + - elabftw-net + + # the mysql database image + # Note: if you already have a MySQL server running, you don't need to use this image, as you can use the already existing one + # In this case, add the IP address of the server in DB_HOST and comment out or remove this block + mysql: + image: mysql:8.0 + restart: always + # fix issue with "The server requested authentication method unknown to the client [caching_sha2_password]" + # now commented out because no longer necessary + #command: --default-authentication-plugin=mysql_native_password + container_name: mysql + # add an healthcheck block so the web container knows when it is ready to accept connections + # use double $ here so env vars are correctly found + healthcheck: + test: "/usr/bin/mysql --user=$$MYSQL_USER --password=$$MYSQL_PASSWORD --execute 'SHOW DATABASES;'" + interval: 5s + timeout: 5s + retries: 20 + # drop some capabilities + cap_drop: + - AUDIT_WRITE + - MKNOD + - SYS_CHROOT + - SETFCAP + - NET_RAW + cap_add: + - SYS_NICE + environment: + # need to change + #- MYSQL_ROOT_PASSWORD=secr3t + # no need to change + - MYSQL_DATABASE=elabftw + # no need to change + - MYSQL_USER=elabftw + # need to change IMPORTANT: this should be the same password as DB_PASSWORD from the elabftw container + #- MYSQL_PASSWORD=secr3t + # need to change, this is your timezone, see PHP_TIMEZONE from the elabftw container + - TZ=Europe/Paris + # Update this if you want to run the server on a different port than 3306. + # - MYSQL_TCP_PORT=3306 + + volumes: + # this is where you will keep the database persistently + # for Windows users it might look like this + # - D:\Users\Nico\elab-data\mysql:/var/lib/mysql + # host:container + - /var/elabftw/mysql:/var/lib/mysql + # The mysql container exposes 3306/33060. Though it does not make an operational difference, + # make sure to document your usage here. + expose: + - "3306" + networks: + - elabftw-net + + # example of a redis container + # uncomment if you want to spawn a redis container to manage sessions + #redis: + # image: redis:6.0-alpine + # restart: always + # container_name: redis + # networks: + # - elabftw-net + + # example of a keeex container (experimental!) + #keeex: + # image: repo.keeex.me/fkeeex_daemon:latest + # container_name: keeex + # restart: always + # environment: + # - FKEEEX_CONFIG_USER=user@example.org + # - FKEEEX_CONFIG_PASSWORD= + # # Set a random passphrase here. You can generate one with "openssl rand -base64 32". + # - FKEEEX_CONFIG_PASSPHRASE= + # expose: + # - 8080 + # networks: + # - elabftw-net + + ############################################################### + # EVERYTHING BELOW THISĀ LINE IS FORĀ DEVELOPMENT PURPOSES ONLY # + # Except for the networks lines, so don't delete them! # + ############################################################### + + # PHPMYADMIN + # uncomment this part if you want to have phpmyadmin running too + #phpmyadmin: + # image: phpmyadmin/phpmyadmin + # container_name: phpmyadmin + # environment: + # - PMA_PORT=3307 + # links: + # - mysql:db + # ports: + # - "8080:80" + # networks: + # - elabftw-net + + # SWAGGER UI + # swagger allows you to consult the documentation generated by apidoc/v2/openapi.yaml + # running a local container is perfect to see the changes right after a change + # + #swagger: + # image: swaggerapi/swagger-ui:v5.0.0 + # restart: always + # container_name: swagger-elab-local + # ports: + # - "8085:8080" + # volumes: + # - /path/to/local/elabftw/apidoc/v2:/usr/share/nginx/html/swagger:ro + # environment: + # - API_URL=swagger/openapi.yaml + # networks: + # - elabftw-net + + # LDAP + # example for ldap server + admin interface + # uncomment if you want to work on LDAP authentication + #ldap: + # image: osixia/openldap:1.4.0 + # container_name: ldap + # restart: always + # hostname: example.org + # environment: + # - LDAP_TLS_VERIFY_CLIENT=try + # - LDAP_OPENLDAP_UID=1000 + # - LDAP_OPENLDAP_GID=1000 + # ports: + # - "389:389" + # - "636:636" + # volumes: + # - /var/elabftw/ldap-data/ldap:/var/lib/ldap + # - /var/elabftw/ldap-data/slapd.d:/etc/ldap/slapd.d + # networks: + # - elabftw-net + #ldapadmin: + # image: osixia/phpldapadmin:0.9.0 + # container_name: ldapadmin + # environment: + # - PHPLDAPADMIN_LDAP_HOSTS=ldap + # restart: always + # ports: + # - "6443:443" + # networks: + # - elabftw-net + +# the internal elabftw network +networks: + elabftw-net: diff --git a/frontend.yaml b/frontend.yaml index 58ad4a0..22a8e06 100644 --- a/frontend.yaml +++ b/frontend.yaml @@ -72,7 +72,7 @@ services: - elabftw_sql_key - elabftw_secret_key environment: - SECRET_KEY: "${cat /run/secrets/elabftw_secret_key}" + SECRET_KEY: "$${cat /run/secrets/elabftw_secret_key}" DB_HOST: "172.252.0.7" DB_PORT: "3306" DB_NAME: "elabftw" diff --git a/ip_map.txt b/ip_map.txt new file mode 100644 index 0000000..ab38c6c --- /dev/null +++ b/ip_map.txt @@ -0,0 +1,14 @@ +coredns: 172.252.0.2 +traefik: 172.252.0.3 +rsync: 172.252.0.4 +portainer-agent: 172.252.0.5 +dataverse_db: 172.252.0.6 +mysql: 172.252.0.7 <- needs to be changed once elabftw is set +nginx: 172.252.0.8 +solr: 172.252.0.9 +minio: 172.252.0.10 +dataverse: 172.252.0.11 +grafana: 172.252.0.12 +neodash: 172.252.0.13 +senaite: 172.252.0.14 +elabftw: 172.252.0.15 \ No newline at end of file