-
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathdocker-compose.prod.yml
125 lines (120 loc) · 3.67 KB
/
docker-compose.prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
services:
traefik:
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
networks:
- web-public
deploy:
update_config:
parallelism: 1
delay: 5s
order: stop-first
placement:
constraints:
- node.role==manager
volumes:
# Mount the Docker socket as read-only so Traefik can listen to events
- /var/run/docker.sock:/var/run/docker.sock:ro
- certificates:/certificates
configs:
- source: traefik
target: /etc/traefik/traefik.yml
php:
environment:
PHP_OPCACHE_ENABLE: "1"
networks:
- web-public
volumes:
- "storage_private:/var/www/html/storage/app/private/"
- "storage_public:/var/www/html/storage/app/public/"
- "storage_sessions:/var/www/html/storage/framework/sessions"
- "storage_logs:/var/www/html/storage/logs"
deploy:
replicas: 1
update_config:
failure_action: rollback
parallelism: 1
delay: 5s
order: start-first
rollback_config:
parallelism: 0
order: stop-first
restart_policy:
condition: any
delay: 10s
max_attempts: 3
window: 120s
labels:
- "traefik.enable=true"
- "traefik.http.routers.laravel-web.rule=Host(`${SPIN_APP_DOMAIN}`)"
- "traefik.http.routers.laravel-web.entrypoints=websecure"
- "traefik.http.routers.laravel-web.tls=true"
- "traefik.http.routers.laravel-web.tls.certresolver=letsencryptresolver"
- "traefik.http.services.laravel-web.loadbalancer.server.port=8080"
- "traefik.http.services.laravel-web.loadbalancer.server.scheme=http"
# Health check
- "traefik.http.services.laravel-web.loadbalancer.healthcheck.path=/healthcheck"
- "traefik.http.services.laravel-web.loadbalancer.healthcheck.interval=30s"
- "traefik.http.services.laravel-web.loadbalancer.healthcheck.timeout=5s"
- "traefik.http.services.laravel-web.loadbalancer.healthcheck.scheme=http"
mariadb:
networks:
- web-public
environment:
MARIADB_RANDOM_ROOT_PASSWORD: "1"
MARIADB_DATABASE: "${DB_DATABASE}"
MARIADB_USER: "${DB_USERNAME}"
MARIADB_PASSWORD: "${DB_PASSWORD}"
deploy:
placement:
constraints:
- node.role==manager
volumes:
- mariadb_data:/var/lib/mysql
- mariadb_custom_conf:/etc/mysql/conf.d
- mariadb_shared:/shared
ssh:
# We use an SSH image so we can securely tunnel into the Docker network with
# tools like Sequel Pro, TablePlus, Sequel Ace, etc.
# Learn more how to secure your tunnel here: https://github.com/serversideup/docker-ssh
image: serversideup/docker-ssh:v2.0.0
ports:
- target: 2222
published: 2222
mode: host
environment:
# Change the keys below to your own keys
AUTHORIZED_KEYS: >
"# Start Keys
ssh-ed25519 1234567890abcdefghijklmnoqrstuvwxyz user-a
ssh-ed25519 abcdefghijklmnoqrstuvwxyz1234567890 user-b
# End Keys"
# You can lock to a specific IP too (AllowUsers tunnel@1.2.3.4)
ALLOWED_IPS: "AllowUsers tunnel"
volumes:
- tunnel_ssh_host_keys:/etc/ssh/ssh_host_keys
networks:
- web-public
configs:
traefik:
name: "traefik-${SPIN_MD5_HASH_TRAEFIK_YML}.yml"
file: ./.infrastructure/conf/traefik/prod/traefik.yml
volumes:
certificates:
storage_private:
storage_public:
storage_sessions:
storage_logs:
mariadb_data:
mariadb_custom_conf:
mariadb_shared:
tunnel_ssh_host_keys:
networks:
web-public: