|
@@ -0,0 +1,98 @@
|
|
|
|
|
+version: "3.9"
|
|
|
|
|
+
|
|
|
|
|
+volumes:
|
|
|
|
|
+ traefik:
|
|
|
|
|
+ nextcloud:
|
|
|
|
|
+ db:
|
|
|
|
|
+
|
|
|
|
|
+services:
|
|
|
|
|
+ reverse-proxy:
|
|
|
|
|
+ restart: always
|
|
|
|
|
+ # The official v2 Traefik docker image
|
|
|
|
|
+ image: traefik:v2.7
|
|
|
|
|
+ # Enables the web UI and tells Traefik to listen to docker //--api.insecure=true
|
|
|
|
|
+ command:
|
|
|
|
|
+ - "--api=true"
|
|
|
|
|
+ - "--api.dashboard=true"
|
|
|
|
|
+ - "--accesslog"
|
|
|
|
|
+ - "--log.level=DEBUG"
|
|
|
|
|
+ - "--providers.docker"
|
|
|
|
|
+ - "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
|
|
|
|
+ - "--providers.docker.swarmMode=true"
|
|
|
|
|
+ - "--entrypoints.web.address=:80"
|
|
|
|
|
+ #- "--entrypoints.websecure.address=:443"
|
|
|
|
|
+ #- "--certificatesresolvers.letsencrypt.acme.email=jason@jasonplayne.com"
|
|
|
|
|
+ #- "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme.json"
|
|
|
|
|
+ #- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
|
|
|
|
|
+ #- "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
|
|
|
|
|
+
|
|
|
|
|
+ ports:
|
|
|
|
|
+ # The HTTP port
|
|
|
|
|
+ - "80:80"
|
|
|
|
|
+ - "443:443"
|
|
|
|
|
+ volumes:
|
|
|
|
|
+ # So that Traefik can listen to the Docker events
|
|
|
|
|
+ - /var/run/docker.sock:/var/run/docker.sock
|
|
|
|
|
+ - traefik:/etc/traefik
|
|
|
|
|
+ deploy:
|
|
|
|
|
+ mode: replicated
|
|
|
|
|
+ replicas: 1
|
|
|
|
|
+ endpoint_mode: vip
|
|
|
|
|
+ labels:
|
|
|
|
|
+ - "traefik.enable=true"
|
|
|
|
|
+ - "traefik.http.routers.dashboard.rule=Host(`10.10.20.197`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
|
|
|
|
+ - "traefik.http.routers.dashboard.service=api@internal"
|
|
|
|
|
+ - "traefik.http.routers.dashboard.entrypoints=web"
|
|
|
|
|
+ #- "traefik.http.routers.dashboard.middlewares=ipwhitelist"
|
|
|
|
|
+ #- "traefik.http.middlewares.dashboard.ipwhitelist.sourcerange=`127.0.0.1/32, 10.10.20.0/24`"
|
|
|
|
|
+ # Dummy service for Swarm port detection. The port can be any valid integer value.
|
|
|
|
|
+ - "traefik.http.services.dashboard-svc.loadbalancer.server.port=9999"
|
|
|
|
|
+
|
|
|
|
|
+ placement:
|
|
|
|
|
+ constraints:
|
|
|
|
|
+ - node.role == manager
|
|
|
|
|
+ resources:
|
|
|
|
|
+ limits:
|
|
|
|
|
+ memory: 1G
|
|
|
|
|
+
|
|
|
|
|
+ postgres:
|
|
|
|
|
+ image: postgres
|
|
|
|
|
+ restart: always
|
|
|
|
|
+ environment:
|
|
|
|
|
+ POSTGRES_USER: nextcloud
|
|
|
|
|
+ POSTGRES_PASSWORD: disgrace-quickstep-fleshy
|
|
|
|
|
+ volumes:
|
|
|
|
|
+ - db:/var/lib/postgresql/data
|
|
|
|
|
+ ports:
|
|
|
|
|
+ - "5432"
|
|
|
|
|
+ deploy:
|
|
|
|
|
+ labels:
|
|
|
|
|
+ - traefik.enable=false
|
|
|
|
|
+ mode: replicated
|
|
|
|
|
+ replicas: 1
|
|
|
|
|
+ resources:
|
|
|
|
|
+ limits:
|
|
|
|
|
+ memory: 2G
|
|
|
|
|
+
|
|
|
|
|
+ nextcloud:
|
|
|
|
|
+ image: nextcloud:stable-apache
|
|
|
|
|
+ restart: always
|
|
|
|
|
+ ports:
|
|
|
|
|
+ - "8001:80"
|
|
|
|
|
+ labels:
|
|
|
|
|
+ - traefik.http.routers.nextcloud.rule=Host(`cloud.playne.au`)
|
|
|
|
|
+ deploy:
|
|
|
|
|
+ mode: replicated
|
|
|
|
|
+ replicas: 1
|
|
|
|
|
+ labels:
|
|
|
|
|
+ - traefik.enable=true
|
|
|
|
|
+ - traefik.http.routers.nextcloud.rule=Host(`cloud.playne.au`)
|
|
|
|
|
+ #- traefik.http.routers.nextcloud.tls=true
|
|
|
|
|
+ #- traefik.http.routers.nextcloud.tls.certresolver=letsencrypt
|
|
|
|
|
+ #- traefik.http.routers.nextcloud.entrypoints=websecure
|
|
|
|
|
+ - traefik.http.routers.nextcloud.entrypoints=web
|
|
|
|
|
+ - traefik.http.services.nextcloud.loadbalancer.server.port=8001
|
|
|
|
|
+ resources:
|
|
|
|
|
+ limits:
|
|
|
|
|
+ memory: 2G
|
|
|
|
|
+
|
