mirror of
https://github.com/Cian-H/I-Form_Research_Server_Stack.git
synced 2025-12-23 14:42:02 +00:00
91 lines
3.0 KiB
YAML
91 lines
3.0 KiB
YAML
version: "3.8"
|
|
|
|
services:
|
|
# We want to add coredns, as a local NDS server/cache which pulls from as many sources as possible
|
|
coredns:
|
|
image: coredns/coredns:latest
|
|
ports:
|
|
- "53:53"
|
|
- "53:53/udp"
|
|
volumes:
|
|
- networks_coredns:/etc/coredns
|
|
deploy:
|
|
replicas: 1
|
|
restart_policy:
|
|
condition: on-failure
|
|
networks:
|
|
i-form_research_server_stack:
|
|
ipv4_address: "172.252.1.2"
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.go.rule=Path(`/`)"
|
|
- "traefik.http.services.go.loadbalancer.server.port=53"
|
|
# We also want our network to be managed by traefik, so we need to add it as a service
|
|
# Traefik provides load balancing and reverse proxying for our services
|
|
traefik:
|
|
image: traefik:latest
|
|
# Enables the web UI and tells Traefik to listen to docker
|
|
command:
|
|
- "--api.insecure=true"
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedbydefault=false"
|
|
- "--providers.docker.network=traefik"
|
|
- "--entrypoints.web.address=:80"
|
|
- "--entrypoints.websecure.address=:443"
|
|
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
|
|
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
|
|
- "--entrypoints.web.http.redirections.entryPoint.priority=10" # disable permanent forwarding for every route
|
|
- "--certificatesresolvers.myresolver.acme.tlschallenge=true" # <== Enable TLS-ALPN-01 to generate and renew ACME certs
|
|
- "--certificatesresolvers.myresolver.acme.email=${useremail}"
|
|
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
|
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
|
|
ports:
|
|
# - "80:80"
|
|
# - "443:443"
|
|
- "8089:8080"
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- networks_traefik:/etc/traefik
|
|
- networks_letsencrypt:/letsencrypt
|
|
deploy:
|
|
replicas: 1
|
|
restart_policy:
|
|
condition: on-failure
|
|
networks:
|
|
i-form_research_server_stack:
|
|
ipv4_address: "172.252.1.3"
|
|
# secrets:
|
|
# - traefik_cert
|
|
# - traefik_key
|
|
|
|
networks:
|
|
i-form_research_server_stack:
|
|
name: i-form_research_server_stack
|
|
driver: overlay
|
|
ipam:
|
|
driver: default
|
|
config:
|
|
- subnet: 172.252.1.0/16
|
|
|
|
volumes:
|
|
networks_traefik:
|
|
name: stack_networks_traefik
|
|
driver: local
|
|
driver_opts:
|
|
type: nfs
|
|
device: ":volume1/traefik"
|
|
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
|
|
networks_letsencrypt:
|
|
name: stack_networks_letsencrypt
|
|
driver: local
|
|
driver_opts:
|
|
type: nfs
|
|
device: ":volume1/letsencrypt"
|
|
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4"
|
|
networks_coredns:
|
|
name: stack_networks_coredns
|
|
driver: local
|
|
driver_opts:
|
|
type: nfs
|
|
device: ":volume1/coredns"
|
|
o: "addr=192.168.1.237,rw,noatime,rsize=8192,wsize=8192,tcp,timeo=14,nfsvers=4" |