generated from coop-cloud/example
Compare commits
3 Commits
ccc7e8dfdd
...
3a717f3f48
Author | SHA1 | Date |
---|---|---|
decentral1se | 3a717f3f48 | |
decentral1se | fe411559ea | |
decentral1se | 4244bffdb3 |
|
@ -7,5 +7,8 @@ KEYCLOAK_CLIENT_ID=barfoo
|
||||||
KEYCLOAK_DOMAIN=foobar.com
|
KEYCLOAK_DOMAIN=foobar.com
|
||||||
KEYCLOAK_REALM=bazrealm
|
KEYCLOAK_REALM=bazrealm
|
||||||
|
|
||||||
|
APP_THEME=default
|
||||||
|
INVITE_TIME_LIMIT=30 # days
|
||||||
|
|
||||||
SECRET_APP_SECRET_KEY=v1
|
SECRET_APP_SECRET_KEY=v1
|
||||||
SECRET_KEYCLOAK_CLIENT_SECRET=v1
|
SECRET_KEYCLOAK_CLIENT_SECRET=v1
|
||||||
|
|
57
compose.yml
57
compose.yml
|
@ -2,51 +2,57 @@
|
||||||
version: "3.8"
|
version: "3.8"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
web:
|
|
||||||
image: nginx:1.21.0
|
|
||||||
environment:
|
|
||||||
- STACK_NAME=${STACK_NAME}
|
|
||||||
- DOMAIN=${DOMAIN}
|
|
||||||
configs:
|
|
||||||
- source: nginx_conf
|
|
||||||
target: /etc/nginx/nginx.conf
|
|
||||||
networks:
|
|
||||||
- proxy
|
|
||||||
- internal
|
|
||||||
deploy:
|
|
||||||
update_config:
|
|
||||||
failure_action: rollback
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.services.kcp.loadbalancer.server.port=80"
|
|
||||||
- "traefik.http.routers.kcp.rule=Host(`${DOMAIN}`)"
|
|
||||||
- "traefik.http.routers.kcp.entrypoints=web-secure"
|
|
||||||
- "traefik.http.routers.kcp.tls.certresolver=production"
|
|
||||||
|
|
||||||
app:
|
app:
|
||||||
image: "decentral1se/keycloak-collective-portal:latest"
|
image: "decentral1se/keycloak-collective-portal:latest"
|
||||||
environment:
|
environment:
|
||||||
- APP_SECRET_KEY_FILE=/run/secrets/app_secret_key
|
- APP_SECRET_KEY_FILE=/run/secrets/app_secret_key
|
||||||
|
- APP_THEME
|
||||||
|
- INVITE_TIME_LIMIT
|
||||||
- KEYCLOAK_CLIENT_ID
|
- KEYCLOAK_CLIENT_ID
|
||||||
- KEYCLOAK_CLIENT_SECRET_FILE=/run/secrets/keycloak_client_secret
|
- KEYCLOAK_CLIENT_SECRET_FILE=/run/secrets/keycloak_client_secret
|
||||||
- KEYCLOAK_DOMAIN
|
- KEYCLOAK_DOMAIN
|
||||||
- KEYCLOAK_REALM
|
- KEYCLOAK_REALM
|
||||||
|
- REDIS_DB=0
|
||||||
|
- REDIS_HOST=cache
|
||||||
|
- REDIS_PORT=6379
|
||||||
secrets:
|
secrets:
|
||||||
- app_secret_key
|
- app_secret_key
|
||||||
- keycloak_client_secret
|
- keycloak_client_secret
|
||||||
networks:
|
networks:
|
||||||
|
- proxy
|
||||||
- internal
|
- internal
|
||||||
configs:
|
configs:
|
||||||
- source: entrypoint_sh
|
- source: entrypoint_sh
|
||||||
target: /usr/local/bin/entrypoint.sh
|
target: /usr/local/bin/entrypoint.sh
|
||||||
mode: 0555
|
mode: 0555
|
||||||
entrypoint: /usr/local/bin/entrypoint.sh
|
entrypoint: /usr/local/bin/entrypoint.sh
|
||||||
|
healthcheck:
|
||||||
|
test: curl --fail 0.0.0.0:8000/healthz || exit 1
|
||||||
|
deploy:
|
||||||
|
update_config:
|
||||||
|
failure_action: rollback
|
||||||
|
order: start-first
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.services.kcp.loadbalancer.server.port=8000"
|
||||||
|
- "traefik.http.routers.kcp.rule=Host(`${DOMAIN}`)"
|
||||||
|
- "traefik.http.routers.kcp.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.kcp.tls.certresolver=production"
|
||||||
command: |
|
command: |
|
||||||
uvicorn
|
uvicorn
|
||||||
--host 0.0.0.0
|
--host 0.0.0.0
|
||||||
--forwarded-allow-ips="*"
|
--forwarded-allow-ips="*"
|
||||||
--proxy-headers
|
--proxy-headers
|
||||||
keycloak_collective_portal:app
|
keycloak_collective_portal.main:app
|
||||||
|
|
||||||
|
cache:
|
||||||
|
image: redis:6.2-alpine
|
||||||
|
networks:
|
||||||
|
- internal
|
||||||
|
healthcheck:
|
||||||
|
test: redis-cli ping
|
||||||
|
volumes:
|
||||||
|
- redis:/data
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
|
@ -55,10 +61,6 @@ networks:
|
||||||
internal: true
|
internal: true
|
||||||
|
|
||||||
configs:
|
configs:
|
||||||
nginx_conf:
|
|
||||||
name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION}
|
|
||||||
file: nginx.conf.tmpl
|
|
||||||
template_driver: golang
|
|
||||||
entrypoint_sh:
|
entrypoint_sh:
|
||||||
name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
|
name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
|
||||||
file: entrypoint.sh.tmpl
|
file: entrypoint.sh.tmpl
|
||||||
|
@ -71,3 +73,6 @@ secrets:
|
||||||
keycloak_client_secret:
|
keycloak_client_secret:
|
||||||
external: true
|
external: true
|
||||||
name: ${STACK_NAME}_keycloak_client_secret_${SECRET_KEYCLOAK_CLIENT_SECRET}
|
name: ${STACK_NAME}_keycloak_client_secret_${SECRET_KEYCLOAK_CLIENT_SECRET}
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
redis:
|
||||||
|
|
Loading…
Reference in New Issue