first commit
This commit is contained in:
rnsrk
commit
098f59b644
3632 changed files with 518046 additions and 0 deletions
130
core/docker-compose.yml
Normal file
130
core/docker-compose.yml
Normal file
|
|
@ -0,0 +1,130 @@
|
|||
services:
|
||||
# Database-Stack
|
||||
adminer:
|
||||
image: adminer
|
||||
container_name: adminer
|
||||
depends_on:
|
||||
- mariadb
|
||||
- traefik
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=traefik"
|
||||
- "traefik.http.routers.adminer.rule=Host(`adminer.${DOMAIN}`)"
|
||||
- "traefik.http.routers.adminer.entrypoints=web,websecure"
|
||||
- "traefik.http.routers.adminer.middlewares=https-redirect"
|
||||
- "traefik.http.routers.adminer.tls=true"
|
||||
- "traefik.http.routers.adminer.tls.certresolver=le"
|
||||
- "traefik.http.services.adminer.loadbalancer.server.port=8080"
|
||||
networks:
|
||||
- database
|
||||
- traefik
|
||||
restart: unless-stopped
|
||||
|
||||
mariadb:
|
||||
image: mariadb:11.5.2
|
||||
container_name: mariadb
|
||||
environment:
|
||||
MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD}
|
||||
MARIADB_USER: ${MARIADB_USER}
|
||||
MARIADB_PASSWORD: ${MARIADB_PASSWORD}
|
||||
labels:
|
||||
- "traefik.enable=false"
|
||||
volumes:
|
||||
- mariadb-data:/var/lib/mysql
|
||||
networks:
|
||||
- database
|
||||
restart: unless-stopped
|
||||
|
||||
postgres:
|
||||
image: postgres:17
|
||||
container_name: postgres
|
||||
environment:
|
||||
- POSTGRES_USER=${POSTGRES_USER}
|
||||
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
||||
volumes:
|
||||
- postgres-data:/var/lib/postgresql
|
||||
networks:
|
||||
- database
|
||||
restart: unless-stopped
|
||||
|
||||
# Traefik
|
||||
traefik:
|
||||
image: traefik:3.3
|
||||
container_name: traefik
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=traefik"
|
||||
# Middlewares
|
||||
- "traefik.http.middlewares.admin-auth.basicauth.users=${TRAEFIK_USERNAME}:${TRAEFIK_HASHED_PASSWORD}"
|
||||
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
|
||||
- "traefik.http.middlewares.https-redirect.redirectscheme.port=443"
|
||||
- "traefik.http.middlewares.nextcloud-headers.headers.stsSeconds=15552000"
|
||||
- "traefik.http.middlewares.nextcloud-headers.headers.stsIncludeSubdomains=true"
|
||||
- "traefik.http.middlewares.nextcloud-headers.headers.stsPreload=true"
|
||||
- "traefik.http.middlewares.nextcloud-headers.headers.forceSTSHeader=true"
|
||||
|
||||
# routers
|
||||
- "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
|
||||
- "traefik.http.routers.traefik.entrypoints=web,websecure"
|
||||
- "traefik.http.routers.traefik.middlewares=admin-auth,https-redirect"
|
||||
- "traefik.http.routers.traefik.tls=true"
|
||||
- "traefik.http.routers.traefik.tls.certresolver=le"
|
||||
- "traefik.http.routers.traefik.service=api@internal"
|
||||
|
||||
# Services
|
||||
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
|
||||
|
||||
command:
|
||||
# Enable Docker provider
|
||||
- --providers.docker
|
||||
# Disable exposing services without Traefik labels
|
||||
- --providers.docker.exposedbydefault=false
|
||||
# Listen on port 2424 for SSH requests
|
||||
- --entrypoints.gitlab-ssh.address=:2424
|
||||
# Listen on port 80 for HTTP requests
|
||||
- --entrypoints.web.address=:80
|
||||
# Listen on port 443 for HTTPS requests
|
||||
- --entrypoints.websecure.address=:443
|
||||
# Redirect HTTP requests to HTTPS
|
||||
- --entrypoints.web.http.redirections.entryPoint.to=websecure
|
||||
- --entrypoints.web.http.redirections.entryPoint.scheme=https
|
||||
- --entrypoints.web.http.redirections.entrypoint.permanent=true
|
||||
# Use the specified email address for Let's Encrypt certificate requests
|
||||
- --certificatesresolvers.le.acme.email=${TRAEFIK_EMAIL}
|
||||
# Use the HTTP challenge for Let's Encrypt certificate requests
|
||||
- --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
|
||||
# Use the specified storage location for Let's Encrypt certificates
|
||||
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
|
||||
# Use the TLS-ALPN-01 challenge for Let's Encrypt certificate requests
|
||||
- --certificatesresolvers.le.acme.tlschallenge=true
|
||||
# Enable access log output
|
||||
- --accesslog
|
||||
# Enable general log output
|
||||
- --log.level=INFO
|
||||
# Enable the Traefik API
|
||||
- --api
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- server-certificates:/certificates
|
||||
ports:
|
||||
- 2424:2424
|
||||
- 80:80
|
||||
- 443:443
|
||||
networks:
|
||||
- traefik
|
||||
restart: unless-stopped
|
||||
|
||||
volumes:
|
||||
mariadb-data:
|
||||
name: mariadb-data
|
||||
postgres-data:
|
||||
name: postgres-data
|
||||
server-certificates:
|
||||
name: server-certificates
|
||||
|
||||
networks:
|
||||
database:
|
||||
name: database
|
||||
traefik:
|
||||
name: traefik
|
||||
Loading…
Add table
Add a link
Reference in a new issue