-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.prod.yml
113 lines (106 loc) · 3.45 KB
/
docker-compose.prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
services:
traefik:
networks:
- web-public
ports:
- "80:80"
- "443:443"
deploy:
update_config:
parallelism: 1
delay: 5s
order: stop-first
placement:
constraints:
- node.role==manager
volumes:
# Add Docker as a mounted volume, so that Traefik can read the labels of other services
- /var/run/docker.sock:/var/run/docker.sock:ro
- certificates:/certificates
configs:
- source: traefik
target: /etc/traefik/traefik.yml
mariadb:
networks:
- web-public
environment:
MARIADB_ROOT_PASSWORD: "${DB_ROOT_PASSWORD}"
MARIADB_DATABASE: "${DB_NAME}"
MARIADB_USER: "${DB_USERNAME}"
MARIADB_PASSWORD: "${DB_PASSWORD}"
deploy:
placement:
constraints:
- node.role==manager
volumes:
- database_data:/var/lib/mysql
- database_custom_conf:/etc/mysql/conf.d
- database_shared:/shared
ssh:
# We use an SSH image so we can securely tunnel into the Docker network with
# tools like Sequel Pro, TablePlus, Sequel Ace, etc.
# Learn more how to secure your tunnel here: https://github.com/serversideup/docker-ssh
image: serversideup/docker-ssh
ports:
- target: 2222
published: 2222
mode: host
environment:
# Change the keys below to your own keys
AUTHORIZED_KEYS: >
"# Start Keys
ssh-ed25519 1234567890abcdefghijklmnoqrstuvwxyz user-a
ssh-ed25519 abcdefghijklmnoqrstuvwxyz1234567890 user-b
# End Keys"
# Be sure to configure the allowed IP addresses too
ALLOWED_IPS: "AllowUsers *@127.0.0.1"
volumes:
- tunnel_ssh_host_keys:/etc/ssh/ssh_host_keys
networks:
- web-public
php:
image: example.com/my-repo/my-image:latest # 👈 Be sure to change this to your own image
networks:
- web-public
volumes:
- "storage_private:/var/www/html/storage/app/private/"
- "storage_public:/var/www/html/storage/app/public/"
- "storage_sessions:/var/www/html/storage/framework/sessions"
- "storage_logs:/var/www/html/storage/logs"
environment:
PHP_POOL_NAME: "my-php-app"
deploy:
replicas: 2
update_config:
parallelism: 1
delay: 5s
order: start-first
labels:
- "traefik.enable=true"
- "traefik.http.routers.my-php-app.rule=${TRAEFIK_HOST_RULE}"
- "traefik.http.routers.my-php-app.entrypoints=websecure"
- "traefik.http.routers.my-php-app.tls=true"
- "traefik.http.routers.my-php-app.tls.certresolver=letsencryptresolver"
- "traefik.http.services.my-php-app.loadbalancer.server.port=8080"
- "traefik.http.services.my-php-app.loadbalancer.server.scheme=http"
# Health check
- "traefik.http.services.my-php-app.loadbalancer.healthcheck.path=/ping"
- "traefik.http.services.my-php-app.loadbalancer.healthcheck.interval=100ms"
- "traefik.http.services.my-php-app.loadbalancer.healthcheck.timeout=75ms"
- "traefik.http.services.my-php-app.loadbalancer.healthcheck.scheme=http"
configs:
traefik:
name: "traefik.yml"
file: ./.infrastructure/conf/traefik/prod/traefik.yml
volumes:
certificates:
database_data:
database_custom_conf:
database_shared:
storage_private:
storage_public:
storage_sessions:
storage_logs:
tunnel_ssh_host_keys:
networks:
web-public: