generated from coop-cloud/example
Compare commits
3 Commits
ccc7e8dfdd
...
3a717f3f48
Author | SHA1 | Date |
---|---|---|
decentral1se | 3a717f3f48 | |
decentral1se | fe411559ea | |
decentral1se | 4244bffdb3 |
|
@ -7,5 +7,8 @@ KEYCLOAK_CLIENT_ID=barfoo
|
|||
KEYCLOAK_DOMAIN=foobar.com
|
||||
KEYCLOAK_REALM=bazrealm
|
||||
|
||||
APP_THEME=default
|
||||
INVITE_TIME_LIMIT=30 # days
|
||||
|
||||
SECRET_APP_SECRET_KEY=v1
|
||||
SECRET_KEYCLOAK_CLIENT_SECRET=v1
|
||||
|
|
57
compose.yml
57
compose.yml
|
@ -2,51 +2,57 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
web:
|
||||
image: nginx:1.21.0
|
||||
environment:
|
||||
- STACK_NAME=${STACK_NAME}
|
||||
- DOMAIN=${DOMAIN}
|
||||
configs:
|
||||
- source: nginx_conf
|
||||
target: /etc/nginx/nginx.conf
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
deploy:
|
||||
update_config:
|
||||
failure_action: rollback
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.kcp.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.kcp.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.kcp.entrypoints=web-secure"
|
||||
- "traefik.http.routers.kcp.tls.certresolver=production"
|
||||
|
||||
app:
|
||||
image: "decentral1se/keycloak-collective-portal:latest"
|
||||
environment:
|
||||
- APP_SECRET_KEY_FILE=/run/secrets/app_secret_key
|
||||
- APP_THEME
|
||||
- INVITE_TIME_LIMIT
|
||||
- KEYCLOAK_CLIENT_ID
|
||||
- KEYCLOAK_CLIENT_SECRET_FILE=/run/secrets/keycloak_client_secret
|
||||
- KEYCLOAK_DOMAIN
|
||||
- KEYCLOAK_REALM
|
||||
- REDIS_DB=0
|
||||
- REDIS_HOST=cache
|
||||
- REDIS_PORT=6379
|
||||
secrets:
|
||||
- app_secret_key
|
||||
- keycloak_client_secret
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
configs:
|
||||
- source: entrypoint_sh
|
||||
target: /usr/local/bin/entrypoint.sh
|
||||
mode: 0555
|
||||
entrypoint: /usr/local/bin/entrypoint.sh
|
||||
healthcheck:
|
||||
test: curl --fail 0.0.0.0:8000/healthz || exit 1
|
||||
deploy:
|
||||
update_config:
|
||||
failure_action: rollback
|
||||
order: start-first
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.kcp.loadbalancer.server.port=8000"
|
||||
- "traefik.http.routers.kcp.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.kcp.entrypoints=web-secure"
|
||||
- "traefik.http.routers.kcp.tls.certresolver=production"
|
||||
command: |
|
||||
uvicorn
|
||||
--host 0.0.0.0
|
||||
--forwarded-allow-ips="*"
|
||||
--proxy-headers
|
||||
keycloak_collective_portal:app
|
||||
keycloak_collective_portal.main:app
|
||||
|
||||
cache:
|
||||
image: redis:6.2-alpine
|
||||
networks:
|
||||
- internal
|
||||
healthcheck:
|
||||
test: redis-cli ping
|
||||
volumes:
|
||||
- redis:/data
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
@ -55,10 +61,6 @@ networks:
|
|||
internal: true
|
||||
|
||||
configs:
|
||||
nginx_conf:
|
||||
name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION}
|
||||
file: nginx.conf.tmpl
|
||||
template_driver: golang
|
||||
entrypoint_sh:
|
||||
name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
|
@ -71,3 +73,6 @@ secrets:
|
|||
keycloak_client_secret:
|
||||
external: true
|
||||
name: ${STACK_NAME}_keycloak_client_secret_${SECRET_KEYCLOAK_CLIENT_SECRET}
|
||||
|
||||
volumes:
|
||||
redis:
|
||||
|
|
Reference in New Issue