112 lines
2.6 KiB
YAML
112 lines
2.6 KiB
YAML
---
|
|
version: "3.8"
|
|
|
|
services:
|
|
nginx:
|
|
image: "nginx:stable"
|
|
environment:
|
|
- DOMAIN=${DOMAIN}
|
|
configs:
|
|
- source: nginx-conf
|
|
target: /etc/nginx/nginx.conf
|
|
volumes:
|
|
- "public:/var/www/app/public"
|
|
networks:
|
|
- proxy
|
|
- internal
|
|
depends_on:
|
|
- invoiceninja
|
|
deploy:
|
|
mode: replicated
|
|
replicas: 1
|
|
update_config:
|
|
failure_action: rollback
|
|
placement:
|
|
constraints:
|
|
- node.role == manager
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.invoiceninja.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.invoiceninja.rule=Host(`${DOMAIN}`)"
|
|
- "traefik.http.routers.invoiceninja.entrypoints=web-secure"
|
|
- "traefik.http.routers.invoiceninja.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
|
|
invoiceninja:
|
|
image: "invoiceninja/invoiceninja:5.0.4"
|
|
volumes:
|
|
- "public:/var/www/app/public"
|
|
- "storage:/var/www/app/storage"
|
|
secrets:
|
|
- api_secret
|
|
- app_key
|
|
- db_passwd
|
|
- db_root_passwd
|
|
environment:
|
|
- API_SECRET_FILE=/run/secrets/api_secret
|
|
- APP_CIPHER=AES-256-CBC
|
|
- APP_DEBUG=true
|
|
- APP_ENV=production
|
|
- APP_KEY_FILE=/run/secrets/app_key
|
|
- APP_LOCALE=en
|
|
- APP_URL=${DOMAIN}
|
|
- DB_DATABASE=ninja
|
|
- DB_HOST=mariadb
|
|
- DB_PASSWORD_FILE=/run/secrets/db_passwd
|
|
- DB_STRICT=false
|
|
- DB_TYPE=mysql
|
|
- DB_USERNAME=ninja
|
|
- LOG=single
|
|
- REQUIRE_HTTPS=false
|
|
- SESSION_ENCRYPT=true
|
|
- SESSION_SECURE=true
|
|
- TRUSTED_PROXIES="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
|
|
depends_on:
|
|
- mariadb
|
|
networks:
|
|
- internal
|
|
|
|
mariadb:
|
|
image: "mariadb:10.5"
|
|
environment:
|
|
- MYSQL_DATABASE=ninja
|
|
- MYSQL_USER=ninja
|
|
- MYSQL_PASSWORD_FILE=/run/secrets/db_passwd
|
|
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_passwd
|
|
secrets:
|
|
- db_root_passwd
|
|
- db_passwd
|
|
volumes:
|
|
- "mariadb:/var/lib/mariadb"
|
|
networks:
|
|
- internal
|
|
|
|
volumes:
|
|
mariadb:
|
|
public:
|
|
storage:
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
internal:
|
|
|
|
secrets:
|
|
db_root_passwd:
|
|
name: ${STACK_NAME}_db_root_passwd_${DB_ROOT_PASSWD_VERSION}
|
|
external: true
|
|
db_passwd:
|
|
name: ${STACK_NAME}_db_passwd_${DB_PASSWD_VERSION}
|
|
external: true
|
|
app_key:
|
|
name: ${STACK_NAME}_app_key_${APP_KEY_VERSION}
|
|
external: true
|
|
api_secret:
|
|
name: ${STACK_NAME}_api_secret_${API_SECRET_VERSION}
|
|
external: true
|
|
|
|
configs:
|
|
nginx-conf:
|
|
name: ${STACK_NAME}-nginx-conf-${NGINX_CONF_VERSION}
|
|
file: nginx.conf.tmpl
|
|
template_driver: golang
|