-
Notifications
You must be signed in to change notification settings - Fork 1
/
docker-compose.yml
161 lines (153 loc) · 5.19 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
version: "3.8"
services:
# Securing docker.sock access
docker-proxy:
container_name: docker-proxy
environment:
CONTAINERS: 1
image: tecnativa/docker-socket-proxy
networks:
- backend
ports:
- 2375
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
# Traefik front-end
traefik:
depends_on:
- docker-proxy
image: traefik
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- frontend
- backend
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- ./traefik/traefik.yml:/traefik.yml:ro
- ./traefik/acme.json:/acme.json
- ./traefik/access.log:/data/access.log
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`$TRAEFIK_URL`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=$TRAEFIK_BASIC_AUTH_PASSWD"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`$TRAEFIK_URL`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
## Matomo Analytics
db:
image: mariadb
container_name: mariadb
networks:
- backend
command: --max-allowed-packet=64MB
restart: always
volumes:
- ./matomo/db:/var/lib/mysql
# environment:
# - MYSQL_ROOT_PASSWORD=supers1cret0
env_file:
- ./matomo/db.env
matomo:
depends_on:
- db
image: matomo
container_name: matomo
restart: always
networks:
- backend
volumes:
- ./matomo/www-data:/var/www/html
environment:
- MATOMO_DATABASE_HOST=db
env_file:
- ./matomo/db.env
ports:
- target: 80
protocol: tcp
labels:
- "traefik.enable=true"
- "traefik.http.routers.matomo.entrypoints=http"
- "traefik.http.routers.matomo.rule=Host(`$MATOMO_URL`)"
- "traefik.http.middlewares.matomo-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.matomo.middlewares=matomo-https-redirect"
- "traefik.http.routers.matomo-secure.entrypoints=https"
- "traefik.http.routers.matomo-secure.rule=Host(`$MATOMO_URL`)"
- "traefik.http.routers.matomo-secure.tls=true"
- "traefik.http.routers.matomo-secure.tls.certresolver=http"
- "traefik.http.routers.matomo-secure.service=matomo"
- "traefik.http.services.matomo.loadbalancer.server.port=80"
## Remark42
remark42:
image: umputun/remark42:latest
container_name: "remark42"
hostname: "remark42"
restart: always
networks:
- backend
volumes:
- ./remark42/var:/srv/var
ports:
- target: 80
protocol: tcp
env_file:
- ./remark42/remark42.env
environment:
- APP_UID=1000 # runs Remark42 app with non-default UID
- TIME_ZONE=Europe/Madrid
labels:
- "traefik.enable=true"
- "traefik.http.routers.remark42.entrypoints=http"
- "traefik.http.routers.remark42.rule=Host(`$REMARK42_URL`)"
- "traefik.http.middlewares.remark42-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.remark42.middlewares=remark42-https-redirect"
- "traefik.http.routers.remark42-secure.entrypoints=https"
- "traefik.http.routers.remark42-secure.rule=Host(`$REMARK42_URL`)"
- "traefik.http.routers.remark42-secure.tls=true"
- "traefik.http.routers.remark42-secure.tls.certresolver=http"
- "traefik.http.routers.remark42-secure.service=remark42"
- "traefik.http.services.remark42.loadbalancer.server.port=80"
- "traefik.http.middlewares.remark42.headers.accesscontrolalloworiginlist=*"
# MyWebsite
mywebsite:
depends_on:
- traefik
image: httpd:2.4-alpine
container_name: "mywebsite"
hostname: "mywebsite"
restart: always
networks:
- backend
volumes:
- ./mywebsite/_site:/usr/local/apache2/htdocs/
ports:
- target: 80
protocol: tcp
labels:
- "traefik.enable=true"
- "traefik.http.routers.mywebsite.entrypoints=http"
- "traefik.http.routers.mywebsite.rule=Host(`$MYWEBSITE_URL`)"
- "traefik.http.middlewares.mywebsite-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.mywebsite.middlewares=mywebsite-https-redirect"
- "traefik.http.routers.mywebsite-secure.entrypoints=https"
- "traefik.http.routers.mywebsite-secure.rule=Host(`$MYWEBSITE_URL`)"
- "traefik.http.routers.mywebsite-secure.tls=true"
- "traefik.http.routers.mywebsite-secure.tls.certresolver=http"
- "traefik.http.routers.mywebsite-secure.service=mywebsite"
- "traefik.http.services.mywebsite.loadbalancer.server.port=80"
networks:
frontend:
external: true
backend:
external: true