version: "3.8" services: ###~~~~~~ First, we should plan our network management services ~~~~~~### # Obviously, we should add the portainer agent service for managing swarm resources portainer_agent: image: portainer/agent:latest environment: AGENT_CLUSTER_ADDR: tasks.portainer_agent AGENT_PORT: 9001 # ports: # - "8000:8000" # - "9443:9443" volumes: - /var/run/docker.sock:/var/run/docker.sock - /var/lib/docker/volumes:/var/lib/docker/volumes networks: i-form_research_server_stack: ipv4_address: "172.252.1.5" ###~~~~~~ Then, we will need numerous databases for our various services ~~~~~~### # We want neo4j as a graph database that can easily be used by other services neo4j: image: neo4j:latest ports: - "7474:7474" - "7687:7687" volumes: - stack_neo4j:/data deploy: replicas: 1 restart_policy: condition: on-failure networks: - i-form_research_server_stack labels: - "traefik.enable=true" - "traefik.http.routers.go.rule=Path(`/`)" - "traefik.http.services.go.loadbalancer.server.port=7474" - "traefik.http.services.go.loadbalancer.server.port=7687" # # Dataverse requires a postgres database, so we'll add that here # postgres: # image: postgres:10.13 # tty: true # stdin_open: true # deploy: # replicas: 1 # restart_policy: # condition: on-failure # ports: # - "5433:5432" # env_file: # - dataverse.env # secrets: # - dataverse_postgres_key # environment: # LC_ALL: C.UTF-8 # POSTGRES_PASSWORD: /run/secrets/dataverse_postgres_key # volumes: # - stack_dataverse_db:/var/lib/postgresql/data/ # persist data even if container shuts down # - stack_dataverse_triggers:/triggers # networks: # i-form_research_server_stack: # ipv4_address: "172.252.1.6" # labels: # - "traefik.enable=true" # - "traefik.http.routers.go.rule=Path(`/`)" # - "traefik.http.services.go.loadbalancer.server.port=5432" # We also want a mysql database for elabftw mysql: image: mysql:8.0 deploy: replicas: 1 restart_policy: condition: on-failure healthcheck: test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"] timeout: 20s retries: 10 cap_drop: - AUDIT_WRITE - MKNOD - SYS_CHROOT - SETFCAP - NET_RAW cap_add: - SYS_NICE secrets: - elabftw_sql_key environment: MYSQL_DATABASE: "elabftw" MYSQL_USER: "elabftw" MYSQL_PASSWORD_FILE: /run/secrets/elabftw_sql_key MYSQL_ROOT_PASSWORD: "test" # MYSQL_RANDOM_ROOT_PASSWORD: 1 # MYSQL_HOST: "frontend_elabftw" # "172.252.1.15" # Needs to allow access from the elabftw container # MYSQL_ROOT_HOST: "frontend_elabftw" # "172.252.1.15" TZ: "Europe/Paris" volumes: - stack_elabftw_sql:/var/lib/mysql networks: i-form_research_server_stack: ipv4_address: "172.252.1.7" ###~~~~~~ Then, we plan our general utility services ~~~~~~### # The following service is a simple nginx server that hosts static websites nginx: image: nginx:latest ports: - "80:80" volumes: - stack_web:/usr/share/nginx/html deploy: replicas: 1 restart_policy: condition: on-failure networks: i-form_research_server_stack: ipv4_address: "172.252.1.8" labels: - "traefik.enable=true" - "traefik.http.routers.go.rule=Path(`/`)" - "traefik.http.services.go.loadbalancer.server.port=80" # A github runner is useful for self-hosting our development pipelines # github_runner: # image: "ghcr.io/actions/actions-runner:2.311.0" # # Lastly, we have to add several services to get dataverse to work # solr: # image: coronawhy/solr:8.9.0 # deploy: # replicas: 1 # restart_policy: # condition: on-failure # privileged: true # ports: # - "8983:8983" # env_file: # - dataverse.env # environment: # - "SOLR_HOST=solr" # - "SOLR_PORT=8983" # - "SOLR_JAVA_MEM=-Xms1g -Xmx1g" # - "SOLR_OPTS=-Dlog4j2.formatMsgNoLookups=true" # volumes: # - stack_dataverse_solr_data:/opt/solr/server/solr/collection1/data # # - dataverse_config:/opt/solr/server/solr/collection1/conf/ # - type: bind # source: dataverse_schema # target: /opt/solr/server/solr/collection1/conf/schema.xml # volume: # nocopy: true # labels: # - "traefik.enable=true" # - "traefik.http.routers.solr.rule=Host(`solr.${traefikhost}`)" # - "traefik.http.services.solr.loadbalancer.server.port=8983" # - "traefik.http.routers.solr.tls=true" # - "traefik.http.routers.solr.tls.certresolver=myresolver" # networks: # i-form_research_server_stack: # ipv4_address: "172.252.1.9" # minio: # image: minio/minio:RELEASE.2021-10-06T23-36-31Z # volumes: # - stack_dataverse_minio:/data # command: # - server # - /data # - --console-address # - ":9001" # env_file: # - dataverse.env # environment: # # These values were set by the dataverse maintainers, not sure if they can be changed. # #? MinIO appears to be completely contained though, so it should be fine? # - MINIO_ROOT_USER=love # - MINIO_ROOT_PASSWORD=love1234 # # Do NOT use MINIO_DOMAIN or MINIO_SERVER_URL with Traefik. # # All Routing is done by Traefik, just tell minio where to redirect to. # - MINIO_BROWSER_REDIRECT_URL=http://stash.localhost # deploy: # replicas: 1 # labels: # - traefik.enable=true # - traefik.http.routers.minio.service=minio # - traefik.http.routers.minio.rule=Host(`minio.${traefikhost}`) # - traefik.http.services.minio.loadbalancer.server.port=9000 # - traefik.http.routers.minio-console.service=minio-console # - traefik.http.routers.minio-console.rule=Host(`minio-stash.${traefikhost}`) # - traefik.http.services.minio-console.loadbalancer.server.port=9001 # networks: # i-form_research_server_stack: # ipv4_address: "172.252.1.10" # dataverse: # image: coronawhy/dataverse:5.13.allclouds # tty: true # DEBUG # stdin_open: true # DEBUG # deploy: # replicas: 1 # restart_policy: # condition: on-failure # privileged: true # user: # "root" # ports: # #- "443:443" # - "4848:4848" # - "8080:8080" # env_file: # - dataverse.env # secrets: # - dataverse_postgres_key # environment: # POSTGRES_PASSWORD: /run/secrets/dataverse_postgres_key # DATAVERSE_DB_PASSWORD: /run/secrets/dataverse_postgres_key # CVM_SERVER_NAME: CESSDA #Optional # WEBHOOK: # CESSDA: # CLARIN: # doi_authority: # doi_provider: # doi_username: # doi_password: # dataciterestapiurlstring: # baseurlstring: # aws_bucket_name: # aws_s3_profile: # aws_endpoint_url: # system_email: # mailhost: # mailuser: # no_reply_email: # smtp_password: # smtp_port: # socket_port: # federated_json_file: # bucketname_1: # minio_label_1: # minio_bucket_1: # bucketname_2: # minio_profile_1: # minio_label_2: # minio_bucket_2: # minio_profile_2: # DATAVERSE_DB_HOST: # DATAVERSE_DB_USER: # DATAVERSE_DB_NAME: # DATAVERSE_SERVICE_HOST: # DATAVERSE_URL: # SOLR_SERVICE_HOST: # SOLR_SERVICE_PORT: # CVM_SERVER_URL: "https://ns.${traefikhost}" # LANG: en # cvManager: http:// # BUNDLEPROPERTIES: Bundle.properties # ADMIN_EMAIL: admin@localhost # MAIL_SERVER: mailrelay # SOLR_LOCATION: solr:8983 # INIT_SCRIPTS_FOLDER: # hostname: # MAINLANG: # POSTGRES_SERVER: # POSTGRES_PORT: # POSTGRES_DATABASE: # POSTGRES_USER: # PGPASSWORD: # TWORAVENS_LOCATION: NOT INSTALLED # RSERVE_HOST: localhost # RSERVE_PORT: 6311 # RSERVE_USER: rserve # RSERVE_PASSWORD: rserve # JVM_OPTS: '-Xmx1g -Xms1g -XX:MaxPermSize=2g -XX:PermSize=2g' # depends_on: # - postgres # - solr # volumes: # - stack_dataverse_secrets:/secrets # - stack_dataverse_data:/data # - stack_dataverse_docroot:/opt/docroot # - stack_dataverse_init:/opt/payara/init.d # - stack_dataverse_triggers:/opt/payara/triggers # # - stack_dataverse_config:/opt/payara/dvinstall # - type: bind # source: dataverse_schema # target: /opt/payara/dvinstall/schema.xml # volume: # nocopy: true # labels: # - "traefik.enable=true" # - "traefik.http.routers.dataverse.rule=Host(`www.${traefikhost}`)" # - "traefik.http.services.dataverse.loadbalancer.server.port=8080" # - "traefik.http.routers.dataverse.tls=true" # - "traefik.http.routers.dataverse.tls.certresolver=myresolver" # networks: # i-form_research_server_stack: # ipv4_address: "172.252.1.11" networks: i-form_research_server_stack: external: true volumes: stack_rsync_run: external: true stack_rsync_log: external: true stack_rsync_etc: external: true stack_traefik: external: true stack_letsencrypt: external: true stack_coredns: external: true stack_web: external: true stack_grafana: external: true stack_dataverse: external: true stack_dataverse_db: external: true stack_dataverse_secrets: external: true stack_dataverse_solr_data: external: true stack_dataverse_triggers: external: true stack_dataverse_solr: external: true stack_dataverse_minio: external: true stack_dataverse_config: external: true stack_dataverse_schema: external: true stack_dataverse_init: external: true stack_dataverse_data: external: true stack_dataverse_docroot: external: true stack_neo4j: external: true stack_senaite: external: true stack_elabftw_uploads: external: true stack_elabftw_var: external: true stack_elabftw_etc: external: true stack_elabftw_sql: external: true secrets: elabftw_sql_key: external: true elabftw_secret_key: external: true dataverse_postgres_key: external: true