Cian-H/I-Form_Research_Server_Stack
1
0
Fork 0
mirror of https://github.com/Cian-H/I-Form_Research_Server_Stack.git synced 2025-12-23 06:32:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Second attempt at using secret in elabftw

Browse Source
This commit is contained in:
Cian Hughes
2024-01-12 18:19:23 +00:00
parent 1dcdf80987
commit 0b6be53d30
6 changed files with 855 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
deploy
View File

@@ -81,9 +81,9 @@ def deploy_stack(username: str, password: str, stack_name: Optional[str] = "stac
stacks = portainer.StacksApi(client)
# Then, deploy the substacks using the API
print("Deploying substacks via portainer API")
portainer_deploy_stack("networks", stacks, endpoint_id)
portainer_deploy_stack("volumes", stacks, endpoint_id)
portainer_deploy_stack("backend", stacks, endpoint_id)
# portainer_deploy_stack("networks", stacks, endpoint_id)
# portainer_deploy_stack("volumes", stacks, endpoint_id)
# portainer_deploy_stack("backend", stacks, endpoint_id)
portainer_deploy_stack("frontend", stacks, endpoint_id)
print("Stack deployed!")

191
elab_db.yaml Normal file
View File

@@ -0,0 +1,191 @@
version: "3.8"
services:
mysql:
image: mysql:8.0
deploy:
replicas: 1
restart_policy:
condition: on-failure
healthcheck:
test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
timeout: 20s
retries: 10
cap_drop:
- AUDIT_WRITE
- MKNOD
- SYS_CHROOT
- SETFCAP
- NET_RAW
cap_add:
- SYS_NICE
# secrets:
# - elabftw_sql_key
environment:
MYSQL_DATABASE: "elabftw"
MYSQL_USER: "elabftw"
MYSQL_PASSWORD: "test" # MYSQL_PASSWORD_FILE: /run/secrets/elabftw_sql_key
MYSQL_ROOT_PASSWORD: "test" # MYSQL_RANDOM_ROOT_PASSWORD: 1
MYSQL_HOST: "172.252.0.3"
MYSQL_ROOT_HOST: "172.252.0.3" # Must allow root access from any host or won't work on swarm
TZ: "Europe/Paris"
volumes:
- elabftw_sql:/var/lib/mysql
networks:
test_net:
ipv4_address: "172.252.0.2"
# - i-form_research_server_stack
networks:
test_net:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.252.0.0/16
# This defines the NFS volumes for persistence
#! This requires nodes to be IP whitelisted in the NAS
volumes:
traefik:
driver: local
driver_opts:
type: nfs
device: ":volume1/traefik"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
letsencrypt:
driver: local
driver_opts:
type: nfs
device: ":volume1/letsencrypt"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
web:
driver: local
driver_opts:
type: nfs
device: ":volume1/web"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
grafana:
driver: local
driver_opts:
type: nfs
device: ":volume1/grafana"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_db:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/postgres_db"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_secrets:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/secrets"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_solr_data:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/solr-data"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_triggers:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/triggers"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_solr:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/solr"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_minio:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/minio-data"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_config:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/config"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_schema:
driver: local
driver_opts:
type: nfs
o: addr=192.168.1.237,nolock,soft,rw
device: ":volume1/dataverse/config/schema.xml"
# /opt/payara/appserver/glassfish/domains/domain1/config <- login config is here in container
dataverse_init:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/init.d"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_data:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/data"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_docroot:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/docroot"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
neo4j:
driver: local
driver_opts:
type: nfs
device: ":volume1/neo4j"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
senaite:
driver: local
driver_opts:
type: nfs
device: ":volume1/senaite"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
elabftw_uploads:
driver: local
driver_opts:
type: nfs
device: ":volume1/elabftw/uploads"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
elabftw_var:
driver: local
driver_opts:
type: nfs
device: ":volume1/elabftw/var"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
elabftw_etc:
driver: local
driver_opts:
type: nfs
device: ":volume1/elabftw/etc"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
elabftw_sql:
driver: local
driver_opts:
type: nfs
device: ":volume1/elabftw/sql"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
# secrets:
# elabftw_sql_key:
# external: true
# elabftw_secret_key:
# external: true
# dataverse_postgres_key:
# external: true

189
elab_web.yaml Normal file
View File

@@ -0,0 +1,189 @@
services:
elabftw:
image: elabftw/elabimg:latest
deploy:
replicas: 1
restart_policy:
condition: on-failure
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- FOWNER
- DAC_OVERRIDE
# secrets:
# - elabftw_sql_key
# - elabftw_secret_key
environment:
SECRET_KEY: def00000c729ff8686c923b5fd05bf1318920d8945ac75d2c5d8430e4cd6ac96620356faab74f9d601d74d7e5f9bb2dbafb4a12e66f4f250de172a126706a0f785aa1959 # /run/secrets/elabftw_secret_key
DB_HOST: "172.252.0.2"
DB_PORT: "3306"
DB_NAME: "elabftw"
DB_USER: "elabftw"
DB_PASSWORD: "test" # "/run/secrets/elabftw_sql_key"
# - DB_PASSWORD=$$DB_PASSWORD
# DB_CERT_PATH: "/mysql-cert/cert.pem"
PHP_TIMEZONE: "Europe/Paris"
TZ: "Europe/Paris"
SERVER_NAME: "I-Form eLabFTW"
SITE_URL: "127.0.0.1:443" # "elab.i-form.ie"
# DISABLE_HTTPS: 1
ENABLE_LETSENCRYPT: 0
ports:
# - "3148:443"
- "443:443"
volumes:
- elabftw_uploads:/elabftw/uploads
- elabftw_var:/var/elabftw
- elabftw_etc:/etc/elabftw
# if you have enabled letsencrypt, uncomment the line below
# path to the folder with TLS certificate + private key
# host:container
#- /etc/letsencrypt:/ssl
networks:
i-form_research_server_stack_test_net:
ipv4_address: "172.252.0.3"
# - i-form_research_server_stack
networks:
i-form_research_server_stack_test_net:
external: true
# This defines the NFS volumes for persistence
#! This requires nodes to be IP whitelisted in the NAS
volumes:
traefik:
driver: local
driver_opts:
type: nfs
device: ":volume1/traefik"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
letsencrypt:
driver: local
driver_opts:
type: nfs
device: ":volume1/letsencrypt"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
web:
driver: local
driver_opts:
type: nfs
device: ":volume1/web"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
grafana:
driver: local
driver_opts:
type: nfs
device: ":volume1/grafana"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_db:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/postgres_db"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_secrets:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/secrets"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_solr_data:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/solr-data"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_triggers:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/triggers"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_solr:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/solr"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_minio:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/minio-data"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_config:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/config"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_schema:
driver: local
driver_opts:
type: nfs
o: addr=192.168.1.237,nolock,soft,rw
device: ":volume1/dataverse/config/schema.xml"
# /opt/payara/appserver/glassfish/domains/domain1/config <- login config is here in container
dataverse_init:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/init.d"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_data:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/data"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
dataverse_docroot:
driver: local
driver_opts:
type: nfs
device: ":volume1/dataverse/docroot"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
neo4j:
driver: local
driver_opts:
type: nfs
device: ":volume1/neo4j"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
senaite:
driver: local
driver_opts:
type: nfs
device: ":volume1/senaite"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
elabftw_uploads:
driver: local
driver_opts:
type: nfs
device: ":volume1/elabftw/uploads"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
elabftw_var:
driver: local
driver_opts:
type: nfs
device: ":volume1/elabftw/var"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
elabftw_etc:
driver: local
driver_opts:
type: nfs
device: ":volume1/elabftw/etc"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
elabftw_sql:
driver: local
driver_opts:
type: nfs
device: ":volume1/elabftw/sql"
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"

457
elabftw-compose.yaml Normal file
View File

@@ -0,0 +1,457 @@
# docker-elabftw configuration file
# use : "docker-compose up -d" to start containers
# this config file contains all the possible configuration options, shown with default values
# https://hub.docker.com/r/elabftw/elabimg/
# https://www.elabftw.net
version: "3"
# our first container is nginx + php-fpm + elabftw
services:
web:
# the latest tag points to the latest stable version
# use the next tag to use alpha/beta version
# use a specific version to pin the image
# example: elabftw/elabimg:4.0.5
# default value: elabftw/elabimg:latest
image: elabftw/elabimg:latest
# this ensures the container will be restarted after a reboot of the server
# default value: always
restart: always
# comment this out if you use several containers with redis, as you can't have several containers with the same name
# default value: elabftw
container_name: elabftw
# make sure we wait for mysql to be available before starting
# comment this out if you're not using a mysql container
# note: the mysql container needs an healthcheck block for this to work
depends_on:
- mysql
# limit number of processes
# this option is commented out because it is not in v3 of compose files, only v2
# even though it works as expected in a v3 file with recent docker-compose
#pids_limit: 42
# add a security flag to prevent a process gaining new privileges
security_opt:
- no-new-privileges:true
# restrict capabilities of the root user to the strict minimum
# see CIS Docker Benchmark v1.5 5.3
# see ANSSI-FT-082 23/09/2020 R8
# WARNING: for Centos7/8, comment out these lines (cap_drop and cap_add)
# If you get this error in the logs:
# nginx: [emerg] bind() to 0.0.0.0:443 failed (13: Permission denied)
# comment out these lines!
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- FOWNER
- DAC_OVERRIDE
# environment variables passed to the container to configure options at run time (when container is started)
# commented variables are optional
environment:
#######################
# MYSQL CONFIGURATION #
#######################
# name of the MySQL server (by default "mysql" the name of the mysql container in default elabftw Docker configuration)
# you can put here the IP address of an existing MySQL server if you already have one running
# default value: mysql
- DB_HOST=mysql
# port on which the MySQL server is listening
# you probably don't need to modify this value
# default value: 3306
- DB_PORT=3306
# name of the MySQL database
# you probably don't need to modify this value
# default value: elabftw
- DB_NAME=elabftw
# MySQL user with write access to the previously named database
# you probably don't need to modify this value
# default value: elabftw
- DB_USER=elabftw
# MySQL password; a random password has been generated for you but feel free to change it if needed
# default value: generated randomly if you get the config from get.elabftw.net
#- DB_PASSWORD=secr3t
# Mysql Cert path: you only need this if you connect to a mysql server with tls
# Use a volume that points to /mysql-cert in the container
# optional
#- DB_CERT_PATH=/mysql-cert/cert.pem
#####################
# PHP CONFIGURATION #
#####################
# the timezone in which the server is
# better if changed (see list of available values: http://php.net/manual/en/timezones.php
- PHP_TIMEZONE=Europe/Paris
# again
- TZ=Europe/Paris
# optional: set the limit of simultaneous request that will be served
# see http://php.net/manual/en/install.fpm.configuration.php
# default value: 50
#- PHP_MAX_CHILDREN=50
# optional: adjust the max execution time of PHP scripts. Allows for bigger ZIP exports.
# default value: 120
#- PHP_MAX_EXECUTION_TIME=120
# optional: adjust the amount of memory available to PHP, increase it if you run into issues
# example value: 512M
# default value: 256M
#- MAX_PHP_MEMORY=256M
# optional: set a password to get access to /php-status, which will display various metrics about the php-fpm processes
# also works for /nginx-status, for metrics about nginx process
# if this is not set, a random password will be generated but never displayed, effectively disabling access to this endpoint
# the enpdoint can be accessed with the "elabftw" user, and the password you set below
# example value: my-cool-password
# default value: not set
#- STATUS_PASSWORD=
#########################
# ELABFTW CONFIGURATION #
#########################
# The secret key is used for encrypting the SMTP and Timestamping passwords
# A random one has been generated for you, if you wish to change it you can
# get another secret key from https://get.elabftw.net/?key
# if you don't want to get it from an external source you can also do that:
# docker run --rm -t --entrypoint '/bin/sh' elabftw/elabimg -c "php -d memory_limit=10M -d open_basedir='' bin/console tools:genkey"
# Note: the value MUST be generated as shown in the methods above.
# default value: generated randomly if you get the config from get.elabftw.net
# - SECRET_KEY=
# The canonical URL to the website, including port if not standard
# Use the user-facing URL here.
# example value: https://elab.uni-delta.fr
# example value: https://elab.uni-delta.fr:3148
- SITE_URL=http://127.0.0.1:443
# optional: adjust maximum size of uploaded files
# default value: 100M
#- MAX_UPLOAD_SIZE=100M
# optional: s3 storage credentials
#- ELAB_AWS_ACCESS_KEY=
#- ELAB_AWS_SECRET_KEY=
#######################
# NGINX CONFIGURATION #
#######################
# change to your server name in nginx config
# default value: localhost
# example value: elab.uni.edu
- SERVER_NAME=localhost
# optional: disable https, use this to have an http server listening on port 443
# useful if the SSL stack is handled by haproxy or something alike
# default value: false
- DISABLE_HTTPS=false
# set to true to use letsencrypt or other certificates
# note: does nothing if DISABLE_HTTPS is set to true
# default value: false
- ENABLE_LETSENCRYPT=false
# optional: enable ipv6 (make sure you have an AAAA dns record!)
# default value: false
#- ENABLE_IPV6=false
# optional: adjust the user/group that will own the uploaded files (and run the webserver)
# useful if your files are stored on an NFS mount point where the files ownership are imposed by the NFS server
# default value: nginx
# example value: nobody
#- ELABFTW_USER=nginx
# default value: nginx
# example value: nobody
#- ELABFTW_GROUP=nginx
# default value: 101
# example value: 65534
#- ELABFTW_USERID=101
# default value: 101
# example value: 65534
#- ELABFTW_GROUPID=101
# optional: enable if you want nginx to be configured with set_real_ip_from directives
# default value: false
#- SET_REAL_IP=false
# the IP address/addresses. Separate them with a , AND A SPACE. Several set_real_ip_from lines will be added to the nginx config. One for each.
# this does nothing if SET_REAL_IP is set to false
#- SET_REAL_IP_FROM=192.168.31.48, 192.168.0.42, 10.10.13.37
# optional: adjust the number of worker processes nginx will spawn
# default value: auto
# if auto doesn't work for you, use the number of cores available on the server (or less)
#- NGINX_WORK_PROC=auto
# optional: allow javascript code to call the API from an external service
# this will add a response header Access-Control-Allow-Origin with content of the env var as value
# mdn doc: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
# default: header not set (empty value)
# example value: app.example.org
# example value: *
#- ALLOW_ORIGIN=
# optional: define methods allowed to javascript code calling the API from an external service
# this will add a response header Access-Control-Allow-Methods with content of the env var as value
# mdn doc: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
# default: header not set (empty value)
# example value: GET, POST, PATCH
#- ALLOW_METHODS=
# optional: define headers allowed to javascript code calling the API from an external service
# this will add a response header Access-Control-Allow-Headers with content of the env var as value
# mdn doc: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
# default: header not set (empty value)
# example value: Content-Type, Authorization
#- ALLOW_HEADERS=
# optional: modify the keepalive_timeout value
# nginx doc: http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
# default: 10s
# example value: 5s
#- KEEPALIVE_TIMEOUT=10s
#######################
# REDIS CONFIGURATION #
#######################
# optional: use a redis server to store the PHP sessions
# default value: false
#- USE_REDIS=false
# optional: set an IP or hostname for the redis server
# default value: redis
#- REDIS_HOST=redis
# optional: set a custom port for redis
# default value: 6379
#- REDIS_PORT=6379
# optional: set a username for redis
# default value: <empty>
#- REDIS_USERNAME=
# optional: set a password for redis
# default value: <empty>
#- REDIS_PASSWORD=
######################
# LDAP CONFIGURATION #
######################
# optional: configure ldap certificate verification behavior: will create /etc/openldap/ldap.conf with TLS_REQCERT config line
# default value: false
# possible values: never, allow, try
#- LDAP_TLS_REQCERT=false
#################
# MISCELLANEOUS #
#################
# optional: be less verbose during init
# default value: false
#- SILENT_INIT=false
# optional: automatically install the database structure on container start
# default value: false
#- AUTO_DB_INIT=false
# optional: automatically update the database structure on container start
# default value: false
#- AUTO_DB_UPDATE=false
#######
# DEV #
#######
# set to true for development
# default value: false
#- DEV_MODE=false
ports:
# Important note about exposing ports: due to the way Docker deals with the host firewall, it is recommended to use '127.0.0.1:1234:443'
# if you only want to expose the service locally (on port 1234 in this example). See https://github.com/moby/moby/issues/22054
# Another option is to use the "expose" directive instead of "ports" and let your reverse proxy figure things out.
#
# if you want elabftw to run on a different port, change the first number
# host:container
- "443:443"
# if you are aiming for running multiple instances of this container you can put a range like so:
# - "3100-3200:443"
# use redis for session storage if that is the case, or configure your load balancer with sticky sessions
volumes:
# this is where you will keep the uploaded files persistently
# for Windows users it might look like this
# - D:\Users\Nico\elab-data\web:/elabftw/uploads
# host:container
- /var/elabftw/web:/elabftw/uploads
#
# TLS configuration
#
# Note: if your certificate is not from letsencrypt, make sure to have those two files:
#
# /etc/letsencrypt/live/SERVER_NAME/fullchain.pem
# /etc/letsencrypt/live/SERVER_NAME/privkey.pem
#
# in the folder /etc/letsencrypt (or any folder you like as long as you adapt the line below
# replace SERVER_NAME with the value of SERVER_NAME of course.
#
# if you have enabled letsencrypt, uncomment the line below
# path to the folder with TLS certificate + private key
# host:container
#- /etc/letsencrypt:/ssl
#
# MYSQL cert path
#- /path/to/cert/folder:/mysql-cert
networks:
- elabftw-net
# the mysql database image
# Note: if you already have a MySQL server running, you don't need to use this image, as you can use the already existing one
# In this case, add the IP address of the server in DB_HOST and comment out or remove this block
mysql:
image: mysql:8.0
restart: always
# fix issue with "The server requested authentication method unknown to the client [caching_sha2_password]"
# now commented out because no longer necessary
#command: --default-authentication-plugin=mysql_native_password
container_name: mysql
# add an healthcheck block so the web container knows when it is ready to accept connections
# use double $ here so env vars are correctly found
healthcheck:
test: "/usr/bin/mysql --user=$$MYSQL_USER --password=$$MYSQL_PASSWORD --execute 'SHOW DATABASES;'"
interval: 5s
timeout: 5s
retries: 20
# drop some capabilities
cap_drop:
- AUDIT_WRITE
- MKNOD
- SYS_CHROOT
- SETFCAP
- NET_RAW
cap_add:
- SYS_NICE
environment:
# need to change
#- MYSQL_ROOT_PASSWORD=secr3t
# no need to change
- MYSQL_DATABASE=elabftw
# no need to change
- MYSQL_USER=elabftw
# need to change IMPORTANT: this should be the same password as DB_PASSWORD from the elabftw container
#- MYSQL_PASSWORD=secr3t
# need to change, this is your timezone, see PHP_TIMEZONE from the elabftw container
- TZ=Europe/Paris
# Update this if you want to run the server on a different port than 3306.
# - MYSQL_TCP_PORT=3306
volumes:
# this is where you will keep the database persistently
# for Windows users it might look like this
# - D:\Users\Nico\elab-data\mysql:/var/lib/mysql
# host:container
- /var/elabftw/mysql:/var/lib/mysql
# The mysql container exposes 3306/33060. Though it does not make an operational difference,
# make sure to document your usage here.
expose:
- "3306"
networks:
- elabftw-net
# example of a redis container
# uncomment if you want to spawn a redis container to manage sessions
#redis:
# image: redis:6.0-alpine
# restart: always
# container_name: redis
# networks:
# - elabftw-net
# example of a keeex container (experimental!)
#keeex:
# image: repo.keeex.me/fkeeex_daemon:latest
# container_name: keeex
# restart: always
# environment:
# - FKEEEX_CONFIG_USER=user@example.org
# - FKEEEX_CONFIG_PASSWORD=
# # Set a random passphrase here. You can generate one with "openssl rand -base64 32".
# - FKEEEX_CONFIG_PASSPHRASE=
# expose:
# - 8080
# networks:
# - elabftw-net
###############################################################
# EVERYTHING BELOW THIS LINE IS FOR DEVELOPMENT PURPOSES ONLY #
# Except for the networks lines, so don't delete them! #
###############################################################
# PHPMYADMIN
# uncomment this part if you want to have phpmyadmin running too
#phpmyadmin:
# image: phpmyadmin/phpmyadmin
# container_name: phpmyadmin
# environment:
# - PMA_PORT=3307
# links:
# - mysql:db
# ports:
# - "8080:80"
# networks:
# - elabftw-net
# SWAGGER UI
# swagger allows you to consult the documentation generated by apidoc/v2/openapi.yaml
# running a local container is perfect to see the changes right after a change
#
#swagger:
# image: swaggerapi/swagger-ui:v5.0.0
# restart: always
# container_name: swagger-elab-local
# ports:
# - "8085:8080"
# volumes:
# - /path/to/local/elabftw/apidoc/v2:/usr/share/nginx/html/swagger:ro
# environment:
# - API_URL=swagger/openapi.yaml
# networks:
# - elabftw-net
# LDAP
# example for ldap server + admin interface
# uncomment if you want to work on LDAP authentication
#ldap:
# image: osixia/openldap:1.4.0
# container_name: ldap
# restart: always
# hostname: example.org
# environment:
# - LDAP_TLS_VERIFY_CLIENT=try
# - LDAP_OPENLDAP_UID=1000
# - LDAP_OPENLDAP_GID=1000
# ports:
# - "389:389"
# - "636:636"
# volumes:
# - /var/elabftw/ldap-data/ldap:/var/lib/ldap
# - /var/elabftw/ldap-data/slapd.d:/etc/ldap/slapd.d
# networks:
# - elabftw-net
#ldapadmin:
# image: osixia/phpldapadmin:0.9.0
# container_name: ldapadmin
# environment:
# - PHPLDAPADMIN_LDAP_HOSTS=ldap
# restart: always
# ports:
# - "6443:443"
# networks:
# - elabftw-net
# the internal elabftw network
networks:
elabftw-net:

2
frontend.yaml
View File

@@ -72,7 +72,7 @@ services:
- elabftw_sql_key
- elabftw_secret_key
environment:
SECRET_KEY: "${cat /run/secrets/elabftw_secret_key}"
SECRET_KEY: "$${cat /run/secrets/elabftw_secret_key}"
DB_HOST: "172.252.0.7"
DB_PORT: "3306"
DB_NAME: "elabftw"

14
ip_map.txt Normal file
View File

@@ -0,0 +1,14 @@
coredns: 172.252.0.2
traefik: 172.252.0.3
rsync: 172.252.0.4
portainer-agent: 172.252.0.5
dataverse_db: 172.252.0.6
mysql: 172.252.0.7 <- needs to be changed once elabftw is set
nginx: 172.252.0.8
solr: 172.252.0.9
minio: 172.252.0.10
dataverse: 172.252.0.11
grafana: 172.252.0.12
neodash: 172.252.0.13
senaite: 172.252.0.14
elabftw: 172.252.0.15