working on caddy sidecar

2026-02-22 04:58:07 +00:00
parent 78a3863769
commit b2049859dc
5 changed files with 78 additions and 14 deletions
--- a/compose.yml
+++ b/compose.yml
@ -5,7 +5,7 @@ services:
  app:
    image: ghcr.io/bluesky-social/pds:0.4
    networks:
-      - proxy
+      - internal
    environment:
      - PDS_HOSTNAME=${DOMAIN}
      - PDS_DATA_DIRECTORY=/pds
@ -39,15 +39,11 @@ services:
    deploy:
      restart_policy:
        condition: on-failure
+        max_attempts: 5
      labels:
-        - "traefik.enable=true"
-        - "traefik.docker.network=proxy"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
-        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
-        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
-        - "coop-cloud.${STACK_NAME}.version=0.1.0+0.4"
+        - "coop-cloud.${STACK_NAME}.version=0.1.0+v0.4"
+        - "backupbot.backup=true"
    healthcheck:
      test: ["CMD", "wget", "-q", "--spider", "http://localhost:3000/xrpc/_health"]
      interval: 30s
@ -55,12 +51,39 @@ services:
      retries: 5
      start_period: 30s

+  caddy:
+    image: caddy:2
+    networks:
+      - proxy
+      - internal
+    environment:
+      - DOMAIN=${DOMAIN}
+    configs:
+      - source: caddyfile
+        target: /etc/caddy/Caddyfile
+    volumes:
+      - caddy_data:/data
+    deploy:
+      restart_policy:
+        condition: on-failure
+        max_attempts: 5
+      labels:
+        - "traefik.enable=true"
+        - "traefik.swarm.network=proxy"
+        - "traefik.tcp.routers.${STACK_NAME}.rule=HostSNI(`${DOMAIN}`) || HostSNIRegexp(`^.+\\.${DOMAIN}$$`)"
+        - "traefik.tcp.routers.${STACK_NAME}.ruleSyntax=v3"
+        - "traefik.tcp.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.tcp.routers.${STACK_NAME}.tls.passthrough=true"
+        - "traefik.tcp.services.${STACK_NAME}.loadbalancer.server.port=443"
+
 networks:
  proxy:
    external: true
+  internal:

 volumes:
  pds_data:
+  caddy_data:

 secrets:
  pds_jwt_secret:
@ -78,3 +101,6 @@ configs:
    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang
+  caddyfile:
+    name: ${STACK_NAME}_caddyfile_${CADDYFILE_VERSION}
+    file: Caddyfile