Move towards a pluggable deployment
This commit is contained in:
parent
9ddb53240c
commit
8b64973146
|
@ -0,0 +1,8 @@
|
||||||
|
export API_SECRET_VERSION=v1
|
||||||
|
export APP_KEY_VERSION=v1
|
||||||
|
export DB_PASSWD_VERSION=v1
|
||||||
|
export DB_ROOT_PASSWD_VERSION=v1
|
||||||
|
export DOMAIN=invoiceninja.swarm.autonomic.zone
|
||||||
|
export LETS_ENCRYPT_ENV=production
|
||||||
|
export STACK_NAME=invoiceninja
|
||||||
|
export NGINX_CONF_VERSION=v1
|
|
@ -0,0 +1 @@
|
||||||
|
.envrc
|
|
@ -5,13 +5,13 @@ services:
|
||||||
nginx:
|
nginx:
|
||||||
image: "nginx:stable"
|
image: "nginx:stable"
|
||||||
configs:
|
configs:
|
||||||
- source: nginx-conf-v1
|
- source: nginx-conf
|
||||||
target: /etc/nginx/nginx.conf
|
target: /etc/nginx/nginx.conf
|
||||||
volumes:
|
volumes:
|
||||||
- "public:/var/www/app/public"
|
- "public:/var/www/app/public"
|
||||||
networks:
|
networks:
|
||||||
- proxy
|
- proxy
|
||||||
- backchannelnet
|
- internal
|
||||||
depends_on:
|
depends_on:
|
||||||
- invoiceninja
|
- invoiceninja
|
||||||
deploy:
|
deploy:
|
||||||
|
@ -25,26 +25,31 @@ services:
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.services.invoiceninja.loadbalancer.server.port=80"
|
- "traefik.http.services.invoiceninja.loadbalancer.server.port=80"
|
||||||
- "traefik.http.routers.invoiceninja.rule=Host(`invoices.zzp.decentral1.se`)"
|
- "traefik.http.routers.invoiceninja.rule=Host(`${DOMAIN}`)"
|
||||||
- "traefik.http.routers.invoiceninja.entrypoints=web-secure"
|
- "traefik.http.routers.invoiceninja.entrypoints=web-secure"
|
||||||
- "traefik.http.routers.invoiceninja.tls.certresolver=production"
|
- "traefik.http.routers.invoiceninja.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
|
|
||||||
invoiceninja:
|
invoiceninja:
|
||||||
image: "invoiceninja/invoiceninja:4.6.0"
|
image: "invoiceninja/invoiceninja:5.0.4"
|
||||||
volumes:
|
volumes:
|
||||||
- "public:/var/www/app/public"
|
- "public:/var/www/app/public"
|
||||||
- "storage:/var/www/app/storage"
|
- "storage:/var/www/app/storage"
|
||||||
|
secrets:
|
||||||
|
- api_secret
|
||||||
|
- app_key
|
||||||
|
- db_root_passwd
|
||||||
|
- db_user_passwd
|
||||||
environment:
|
environment:
|
||||||
- API_SECRET=Z3kLyTUlwgd7mIybDNXEec9RGxFtrDNE
|
- API_SECRET_FILE=/run/secrets/api_secret
|
||||||
- APP_CIPHER=AES-256-CBC
|
- APP_CIPHER=AES-256-CBC
|
||||||
- APP_DEBUG=false
|
- APP_DEBUG=false
|
||||||
- APP_ENV=production
|
- APP_ENV=production
|
||||||
- APP_KEY=8nIPbC6HiSp1hyA5KfANWTJQfcHzLWyp
|
- APP_KEY_FILE=/run/secrets/app_key
|
||||||
- APP_LOCALE=en
|
- APP_LOCALE=en
|
||||||
- APP_URL=https://invoices.zzp.decentral1.se
|
- APP_URL=${DOMAIN}
|
||||||
- DB_DATABASE=ninja
|
- DB_DATABASE=ninja
|
||||||
- DB_HOST=mariadb
|
- DB_HOST=mariadb
|
||||||
- DB_PASSWORD=6KIc1aZdylJQfXxCE3fTj49I2KVwsqYp
|
- DB_PASSWORD_FILE=/run/secrets/db_user_passwd
|
||||||
- DB_STRICT=false
|
- DB_STRICT=false
|
||||||
- DB_TYPE=mysql
|
- DB_TYPE=mysql
|
||||||
- DB_USERNAME=ninja
|
- DB_USERNAME=ninja
|
||||||
|
@ -56,22 +61,22 @@ services:
|
||||||
depends_on:
|
depends_on:
|
||||||
- mariadb
|
- mariadb
|
||||||
networks:
|
networks:
|
||||||
- backchannelnet
|
- internal
|
||||||
|
|
||||||
mariadb:
|
mariadb:
|
||||||
image: "mariadb:10.5"
|
image: "mariadb:10.5"
|
||||||
environment:
|
environment:
|
||||||
- MYSQL_DATABASE=ninja
|
- MYSQL_DATABASE=ninja
|
||||||
- MYSQL_USER=ninja
|
- MYSQL_USER=ninja
|
||||||
- MYSQL_PASSWORD_FILE=/run/secrets/mariadb-user-passwd-v1
|
- MYSQL_PASSWORD_FILE=/run/secrets/db_user_passwd
|
||||||
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mariadb-root-passwd-v1
|
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_passwd
|
||||||
secrets:
|
secrets:
|
||||||
- mariadb-root-passwd-v1
|
- db-root-passwd
|
||||||
- mariadb-user-passwd-v1
|
- db-user-passwd
|
||||||
volumes:
|
volumes:
|
||||||
- "mariadb:/var/lib/mariadb"
|
- "mariadb:/var/lib/mariadb"
|
||||||
networks:
|
networks:
|
||||||
- backchannelnet
|
- internal
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
mariadb:
|
mariadb:
|
||||||
|
@ -81,14 +86,23 @@ volumes:
|
||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
external: true
|
external: true
|
||||||
backchannelnet:
|
internal:
|
||||||
|
|
||||||
secrets:
|
secrets:
|
||||||
mariadb-root-passwd-v1:
|
db_root_passwd:
|
||||||
|
name: ${STACK_NAME}_db_root_passwd_${DB_ROOT_PASSWD_VERSION}
|
||||||
external: true
|
external: true
|
||||||
mariadb-user-passwd-v1:
|
db_user_passwd:
|
||||||
|
name: ${STACK_NAME}_db_passwd_${DB_PASSWD_VERSION}
|
||||||
|
external: true
|
||||||
|
app_key:
|
||||||
|
name: ${STACK_NAME}_app_key_${APP_KEY_VERSION}
|
||||||
|
external: true
|
||||||
|
api_secret:
|
||||||
|
name: ${STACK_NAME}_api_secret_${API_SECRET_VERSION}
|
||||||
external: true
|
external: true
|
||||||
|
|
||||||
configs:
|
configs:
|
||||||
nginx-conf-v1:
|
nginx-conf:
|
||||||
|
name: ${STACK_NAME}-nginx-conf-${NGINX_CONF_VERSION}
|
||||||
file: nginx.conf
|
file: nginx.conf
|
|
@ -0,0 +1,8 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
create-secrets () {
|
||||||
|
pwgen -n 32 1 | docker secret create "${STACK_NAME}_db_root_passwd_${DB_ROOT_PASSWD_VERSION}" -
|
||||||
|
pwgen -n 32 1 | docker secret create "${STACK_NAME}_db_passwd_${DB_PASSWD_VERSION}" -
|
||||||
|
pwgen -n 32 1 | docker secret create "${STACK_NAME}_app_key_${APP_KEY_VERSION}" -
|
||||||
|
pwgen -n 32 1 | docker secret create "${STACK_NAME}_api_secret_${API_SECRET_VERSION}" -
|
||||||
|
}
|
Reference in New Issue