docker-full-stack/docker-compose.yml at master · rabelais88/docker-full-stack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# https://docs.traefik.io/user-guides/docker-compose/basic-example/
version: '3.7'
services:
  proxy-traefik:
    image: traefik:latest # check dockerfile ENV before deploying
    volumes:
      - "./traefik/traefik.yaml:/etc/traefik/traefik.yaml" # without proper directory, it'll show no logs
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "./letsencrypt:/letsencrypt"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080" # dashboard
    # environment:
    #   - "WAIT_HOSTS=front:3000, api:4000"
    deploy: # specify configuration for services(not container)
      labels:
        - traefik.http.routers.proxy-testapp.rule=Host(`traefik.sungryeol.xyz`) # must use backtick(`) instead of single quote(') - GoLang's feature
        - traefik.http.services.proxy-testapp.loadbalancer.server.port=8080
        - traefik.docker.network=web-internal
        # - traefik.http.middlewares.myredirect.redirectscheme.scheme=https # rewire connection to https, but the url stays the same -> may cause redirected http requrest to be blocked
        - traefik.http.middlewares.myredirect.headers.sslredirect=true # write ssl redirect to header
      placement:
        constraints:
          - node.role == manager
        preferences:
          - spread: node.id
    networks:
      - web-internal

  front:
    image: test-app_front:latest
    # ports: # FOR DEBUG PURPOSE - must be disabled in PROD
    #   - "3000:3000"
    deploy:
      labels:
        - traefik.docker.network=web-internal
        - traefik.enable=true
        - traefik.http.routers.web-testapp.rule=Host(`sungryeol.xyz`,`www.sungryeol.xyz`) # http setting
        - traefik.http.routers.web-testapp.entrypoints=web # open to :80
        - traefik.http.routers.web-testapp.middlewares=myredirect
        - traefik.http.services.web-testapp.loadbalancer.server.port=3000 # listening port
        - traefik.http.routers.web-testapp-tls.rule=Host(`sungryeol.xyz`,`www.sungryeol.xyz`)
        - traefik.http.routers.web-testapp-tls.entrypoints=web-secure # open to :443
        - traefik.http.routers.web-testapp-tls.tls.certresolver=mychallenge
    volumes:
      - "./frontend/src:/node/myapp/src"
      - "./frontend/public:/node/myapp/public"
    networks:
      - web-internal

  api:
    image: test-app_api:latest
    # ports: # FOR DEBUG PURPOSE - must be disabled in PROD
    #   - "4000:4000"
    deploy:
      labels:
        - traefik.docker.network=web-internal
        - traefik.enable=true
        - traefik.http.routers.api-testapp.rule=Host(`api.sungryeol.xyz`) # http setting
        - traefik.http.routers.api-testapp.entrypoints=web # open to :80
        - traefik.http.routers.api-testapp.middlewares=myredirect
        - traefik.http.services.api-testapp.loadbalancer.server.port=4000 # listening port
        - traefik.http.routers.api-testapp-tls.rule=Host(`api.sungryeol.xyz`) # redirected
        - traefik.http.routers.api-testapp-tls.entrypoints=web-secure # open to :443
        - traefik.http.routers.api-testapp-tls.tls.certresolver=mychallenge
    environment:
      - "WHITELIST=http://sungryeol.xyz,https://sungryeol.xyz"
      - "MONGO_URI=mongodb:27017"
      - "MONGO_USERNAME_FILE=/run/secrets/testapp-mongo-username"
      - "MONGO_PASSWORD_FILE=/run/secrets/testapp-mongo-password"
    networks:
      - web-internal
    secrets:
      - testapp-mongo-username
      - testapp-mongo-password

  mongodb:
    image: mongo:latest
    environment:
      - "MONGO_INITDB_ROOT_USERNAME_FILE=/run/secrets/testapp-mongo-username" # _FILE option is officially supported via mongodb dockerimage
      - "MONGO_INITDB_ROOT_PASSWORD_FILE=/run/secrets/testapp-mongo-password"
    volumes:
      - "mongo-data:/data/db"
    networks:
      - web-internal
    secrets:
      - testapp-mongo-username
      - testapp-mongo-password

networks:
  web-internal:
    name: web-internal # essential for traefik's network discovery
    driver: overlay # allows contact different nodes
    # attachable: true # outside container can be attached to this network
volumes:
  front-node_modules:
  mongo-data:
secrets:
  testapp-mongo-username:
    external: true # alternatively, file: ./my_secret.txt
  testapp-mongo-password:
    external: true