mirror of
https://github.com/Cian-H/I-Form_Research_Server_Stack.git
synced 2025-12-23 06:32:07 +00:00
329 lines
10 KiB
YAML
329 lines
10 KiB
YAML
version: "3.8"
|
|
|
|
include:
|
|
- volumes.yaml
|
|
- networks.yaml
|
|
- secrets.yaml
|
|
|
|
services:
|
|
###~~~~~~ First, we should plan our network management services ~~~~~~###
|
|
# Obviously, we should add the portainer agent service for managing swarm resources
|
|
portainer_agent:
|
|
image: portainer/agent:latest
|
|
environment:
|
|
AGENT_CLUSTER_ADDR: tasks.portainer_agent
|
|
AGENT_PORT: 9001
|
|
# ports:
|
|
# - "8000:8000"
|
|
# - "9443:9443"
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- /var/lib/docker/volumes:/var/lib/docker/volumes
|
|
networks:
|
|
- i-form_research_server_stack
|
|
# A traefik instance provides load balancing and reverse proxying for our services
|
|
traefik:
|
|
image: traefik:latest
|
|
# Enables the web UI and tells Traefik to listen to docker
|
|
command:
|
|
- "--api.insecure=true"
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedbydefault=false"
|
|
- "--providers.docker.network=traefik"
|
|
- "--entrypoints.web.address=:80"
|
|
- "--entrypoints.websecure.address=:443"
|
|
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
|
|
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
|
|
- "--entrypoints.web.http.redirections.entryPoint.priority=10" # disable permanent forwarding for every route
|
|
- "--certificatesresolvers.myresolver.acme.tlschallenge=true" # <== Enable TLS-ALPN-01 to generate and renew ACME certs
|
|
- "--certificatesresolvers.myresolver.acme.email=${useremail}"
|
|
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
|
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
|
|
ports:
|
|
# - "80:80"
|
|
# - "443:443"
|
|
- "8089:8080"
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- traefik:/etc/traefik
|
|
- letsencrypt:/letsencrypt
|
|
deploy:
|
|
replicas: 1
|
|
restart_policy:
|
|
condition: on-failure
|
|
networks:
|
|
- i-form_research_server_stack
|
|
# secrets:
|
|
# - traefik_cert
|
|
# - traefik_key
|
|
###~~~~~~ Then, we will need numerous databases for our various services ~~~~~~###
|
|
# We want neo4j as a graph database that can easily be used by other services
|
|
neo4j:
|
|
image: neo4j:latest
|
|
ports:
|
|
- "7474:7474"
|
|
- "7687:7687"
|
|
volumes:
|
|
- neo4j:/data
|
|
deploy:
|
|
replicas: 1
|
|
restart_policy:
|
|
condition: on-failure
|
|
networks:
|
|
- i-form_research_server_stack
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.go.rule=Path(`/`)"
|
|
- "traefik.http.services.go.loadbalancer.server.port=7474"
|
|
- "traefik.http.services.go.loadbalancer.server.port=7687"
|
|
# # Dataverse requires a postgres database, so we'll add that here
|
|
# postgres:
|
|
# image: postgres:10.13
|
|
# tty: true
|
|
# stdin_open: true
|
|
# deploy:
|
|
# replicas: 1
|
|
# restart_policy:
|
|
# condition: on-failure
|
|
# ports:
|
|
# - "5433:5432"
|
|
# env_file:
|
|
# - dataverse.env
|
|
# secrets:
|
|
# - dataverse_postgres_key
|
|
# environment:
|
|
# LC_ALL: C.UTF-8
|
|
# POSTGRES_PASSWORD: /run/secrets/dataverse_postgres_key
|
|
# volumes:
|
|
# - dataverse_db:/var/lib/postgresql/data/ # persist data even if container shuts down
|
|
# - dataverse_triggers:/triggers
|
|
# networks:
|
|
# - i-form_research_server_stack
|
|
# labels:
|
|
# - "traefik.enable=true"
|
|
# - "traefik.http.routers.go.rule=Path(`/`)"
|
|
# - "traefik.http.services.go.loadbalancer.server.port=5432"
|
|
# We also want a mysql database for elabftw
|
|
mysql:
|
|
image: mysql:8.0
|
|
deploy:
|
|
replicas: 1
|
|
restart_policy:
|
|
condition: on-failure
|
|
healthcheck:
|
|
test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"]
|
|
timeout: 20s
|
|
retries: 10
|
|
cap_drop:
|
|
- AUDIT_WRITE
|
|
- MKNOD
|
|
- SYS_CHROOT
|
|
- SETFCAP
|
|
- NET_RAW
|
|
cap_add:
|
|
- SYS_NICE
|
|
secrets:
|
|
- elabftw_sql_key
|
|
environment:
|
|
MYSQL_DATABASE: "elabftw"
|
|
MYSQL_USER: "elabftw"
|
|
MYSQL_PASSWORD_FILE: /run/secrets/elabftw_sql_key
|
|
MYSQL_ROOT_PASSWORD: "test" # MYSQL_RANDOM_ROOT_PASSWORD: 1
|
|
MYSQL_HOST: "172.252.0.3"
|
|
MYSQL_ROOT_HOST: "172.252.0.3" # Must allow root access from any host or won't work on swarm
|
|
TZ: "Europe/Paris"
|
|
volumes:
|
|
- elabftw_sql:/var/lib/mysql
|
|
networks:
|
|
i-form_research_server_stack:
|
|
ipv4_address: "172.252.0.2"
|
|
###~~~~~~ Then, we plan our general utility services ~~~~~~###
|
|
# The following service is a simple nginx server that hosts static websites
|
|
nginx:
|
|
image: nginx:latest
|
|
ports:
|
|
- "80:80"
|
|
volumes:
|
|
- web:/usr/share/nginx/html
|
|
deploy:
|
|
replicas: 1
|
|
restart_policy:
|
|
condition: on-failure
|
|
networks:
|
|
- i-form_research_server_stack
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.go.rule=Path(`/`)"
|
|
- "traefik.http.services.go.loadbalancer.server.port=80"
|
|
# A github runner is useful for self-hosting our development pipelines
|
|
# github_runner:
|
|
# image: "ghcr.io/actions/actions-runner:2.311.0"
|
|
# # Lastly, we have to add several services to get dataverse to work
|
|
# solr:
|
|
# image: coronawhy/solr:8.9.0
|
|
# deploy:
|
|
# replicas: 1
|
|
# restart_policy:
|
|
# condition: on-failure
|
|
# privileged: true
|
|
# ports:
|
|
# - "8983:8983"
|
|
# env_file:
|
|
# - dataverse.env
|
|
# environment:
|
|
# - "SOLR_HOST=solr"
|
|
# - "SOLR_PORT=8983"
|
|
# - "SOLR_JAVA_MEM=-Xms1g -Xmx1g"
|
|
# - "SOLR_OPTS=-Dlog4j2.formatMsgNoLookups=true"
|
|
# volumes:
|
|
# - dataverse_solr_data:/opt/solr/server/solr/collection1/data
|
|
# # - dataverse_config:/opt/solr/server/solr/collection1/conf/
|
|
# - type: bind
|
|
# source: dataverse_schema
|
|
# target: /opt/solr/server/solr/collection1/conf/schema.xml
|
|
# volume:
|
|
# nocopy: true
|
|
# labels:
|
|
# - "traefik.enable=true"
|
|
# - "traefik.http.routers.solr.rule=Host(`solr.${traefikhost}`)"
|
|
# - "traefik.http.services.solr.loadbalancer.server.port=8983"
|
|
# - "traefik.http.routers.solr.tls=true"
|
|
# - "traefik.http.routers.solr.tls.certresolver=myresolver"
|
|
# networks:
|
|
# - i-form_research_server_stack
|
|
|
|
# minio:
|
|
# image: minio/minio:RELEASE.2021-10-06T23-36-31Z
|
|
# volumes:
|
|
# - dataverse_minio:/data
|
|
# command:
|
|
# - server
|
|
# - /data
|
|
# - --console-address
|
|
# - ":9001"
|
|
# env_file:
|
|
# - dataverse.env
|
|
# environment:
|
|
# # These values were set by the dataverse maintainers, not sure if they can be changed.
|
|
# #? MinIO appears to be completely contained though, so it should be fine?
|
|
# - MINIO_ROOT_USER=love
|
|
# - MINIO_ROOT_PASSWORD=love1234
|
|
# # Do NOT use MINIO_DOMAIN or MINIO_SERVER_URL with Traefik.
|
|
# # All Routing is done by Traefik, just tell minio where to redirect to.
|
|
# - MINIO_BROWSER_REDIRECT_URL=http://stash.localhost
|
|
# deploy:
|
|
# replicas: 1
|
|
# labels:
|
|
# - traefik.enable=true
|
|
# - traefik.http.routers.minio.service=minio
|
|
# - traefik.http.routers.minio.rule=Host(`minio.${traefikhost}`)
|
|
# - traefik.http.services.minio.loadbalancer.server.port=9000
|
|
# - traefik.http.routers.minio-console.service=minio-console
|
|
# - traefik.http.routers.minio-console.rule=Host(`minio-stash.${traefikhost}`)
|
|
# - traefik.http.services.minio-console.loadbalancer.server.port=9001
|
|
# networks:
|
|
# - i-form_research_server_stack
|
|
|
|
# dataverse:
|
|
# image: coronawhy/dataverse:5.13.allclouds
|
|
# tty: true # DEBUG
|
|
# stdin_open: true # DEBUG
|
|
# deploy:
|
|
# replicas: 1
|
|
# restart_policy:
|
|
# condition: on-failure
|
|
# privileged: true
|
|
# user:
|
|
# "root"
|
|
# ports:
|
|
# #- "443:443"
|
|
# - "4848:4848"
|
|
# - "8080:8080"
|
|
# env_file:
|
|
# - dataverse.env
|
|
# secrets:
|
|
# - dataverse_postgres_key
|
|
# environment:
|
|
# POSTGRES_PASSWORD: /run/secrets/dataverse_postgres_key
|
|
# DATAVERSE_DB_PASSWORD: /run/secrets/dataverse_postgres_key
|
|
# CVM_SERVER_NAME: CESSDA #Optional
|
|
# WEBHOOK:
|
|
# CESSDA:
|
|
# CLARIN:
|
|
# doi_authority:
|
|
# doi_provider:
|
|
# doi_username:
|
|
# doi_password:
|
|
# dataciterestapiurlstring:
|
|
# baseurlstring:
|
|
# aws_bucket_name:
|
|
# aws_s3_profile:
|
|
# aws_endpoint_url:
|
|
# system_email:
|
|
# mailhost:
|
|
# mailuser:
|
|
# no_reply_email:
|
|
# smtp_password:
|
|
# smtp_port:
|
|
# socket_port:
|
|
# federated_json_file:
|
|
# bucketname_1:
|
|
# minio_label_1:
|
|
# minio_bucket_1:
|
|
# bucketname_2:
|
|
# minio_profile_1:
|
|
# minio_label_2:
|
|
# minio_bucket_2:
|
|
# minio_profile_2:
|
|
# DATAVERSE_DB_HOST:
|
|
# DATAVERSE_DB_USER:
|
|
# DATAVERSE_DB_NAME:
|
|
# DATAVERSE_SERVICE_HOST:
|
|
# DATAVERSE_URL:
|
|
# SOLR_SERVICE_HOST:
|
|
# SOLR_SERVICE_PORT:
|
|
# CVM_SERVER_URL: "https://ns.${traefikhost}"
|
|
# LANG: en
|
|
# cvManager: http://
|
|
# BUNDLEPROPERTIES: Bundle.properties
|
|
# ADMIN_EMAIL: admin@localhost
|
|
# MAIL_SERVER: mailrelay
|
|
# SOLR_LOCATION: solr:8983
|
|
# INIT_SCRIPTS_FOLDER:
|
|
# hostname:
|
|
# MAINLANG:
|
|
# POSTGRES_SERVER:
|
|
# POSTGRES_PORT:
|
|
# POSTGRES_DATABASE:
|
|
# POSTGRES_USER:
|
|
# PGPASSWORD:
|
|
# TWORAVENS_LOCATION: NOT INSTALLED
|
|
# RSERVE_HOST: localhost
|
|
# RSERVE_PORT: 6311
|
|
# RSERVE_USER: rserve
|
|
# RSERVE_PASSWORD: rserve
|
|
# JVM_OPTS: '-Xmx1g -Xms1g -XX:MaxPermSize=2g -XX:PermSize=2g'
|
|
# depends_on:
|
|
# - postgres
|
|
# - solr
|
|
# volumes:
|
|
# - dataverse_secrets:/secrets
|
|
# - dataverse_data:/data
|
|
# - dataverse_docroot:/opt/docroot
|
|
# - dataverse_init:/opt/payara/init.d
|
|
# - dataverse_triggers:/opt/payara/triggers
|
|
# # - dataverse_config:/opt/payara/dvinstall
|
|
# - type: bind
|
|
# source: dataverse_schema
|
|
# target: /opt/payara/dvinstall/schema.xml
|
|
# volume:
|
|
# nocopy: true
|
|
# labels:
|
|
# - "traefik.enable=true"
|
|
# - "traefik.http.routers.dataverse.rule=Host(`www.${traefikhost}`)"
|
|
# - "traefik.http.services.dataverse.loadbalancer.server.port=8080"
|
|
# - "traefik.http.routers.dataverse.tls=true"
|
|
# - "traefik.http.routers.dataverse.tls.certresolver=myresolver"
|
|
# networks:
|
|
# - i-form_research_server_stack
|