generated from coop-cloud/example
74 lines
1.8 KiB
YAML
74 lines
1.8 KiB
YAML
---
|
|
version: "3.8"
|
|
|
|
services:
|
|
web:
|
|
image: nginx:1.21.0
|
|
environment:
|
|
- STACK_NAME=${STACK_NAME}
|
|
- DOMAIN=${DOMAIN}
|
|
configs:
|
|
- source: nginx_conf
|
|
target: /etc/nginx/nginx.conf
|
|
networks:
|
|
- proxy
|
|
- internal
|
|
deploy:
|
|
update_config:
|
|
failure_action: rollback
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.kcp.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.kcp.rule=Host(`${DOMAIN}`)"
|
|
- "traefik.http.routers.kcp.entrypoints=web-secure"
|
|
- "traefik.http.routers.kcp.tls.certresolver=production"
|
|
|
|
app:
|
|
image: "decentral1se/keycloak-collective-portal:latest"
|
|
environment:
|
|
- APP_SECRET_KEY_FILE=/run/secrets/app_secret_key
|
|
- KEYCLOAK_CLIENT_ID
|
|
- KEYCLOAK_CLIENT_SECRET_FILE=/run/secrets/keycloak_client_secret
|
|
- KEYCLOAK_DOMAIN
|
|
- KEYCLOAK_REALM
|
|
secrets:
|
|
- app_secret_key
|
|
- keycloak_client_secret
|
|
networks:
|
|
- internal
|
|
configs:
|
|
- source: entrypoint_sh
|
|
target: /usr/local/bin/entrypoint.sh
|
|
mode: 0555
|
|
entrypoint: /usr/local/bin/entrypoint.sh
|
|
command: |
|
|
uvicorn
|
|
--host 0.0.0.0
|
|
--forwarded-allow-ips='*'
|
|
--proxy-headers
|
|
keycloak_collective_portal:app"
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
internal:
|
|
internal: true
|
|
|
|
configs:
|
|
nginx_conf:
|
|
name: ${STACK_NAME}_nginx_conf_${NGINX_CONF_VERSION}
|
|
file: nginx.conf.tmpl
|
|
template_driver: golang
|
|
entrypoint_sh:
|
|
name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
|
|
file: entrypoint.sh.tmpl
|
|
template_driver: golang
|
|
|
|
secrets:
|
|
app_secret_key:
|
|
external: true
|
|
name: ${STACK_NAME}_app_secret_key_${SECRET_APP_SECRET_KEY}
|
|
keycloak_client_secret:
|
|
external: true
|
|
name: ${STACK_NAME}_keycloak_client_secret_${SECRET_KEYCLOAK_CLIENT_SECRET}
|