-
-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathnerdctl-compose.prod.yaml
More file actions
126 lines (119 loc) · 3.51 KB
/
nerdctl-compose.prod.yaml
File metadata and controls
126 lines (119 loc) · 3.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
services:
DB_SERVICE_NAME:
image: pgvector/pgvector:pg18-trixie
shm_size: 256mb
restart: always
container_name: DB_SERVICE_NAME
environment:
- POSTGRES_USER=POSTGRES_USER_SECRET
- POSTGRES_PASSWORD=POSTGRES_PASSWORD_SECRET
- POSTGRES_DB=POSTGRES_DB_SECRET
- PGDATA=PGDATA_SECRET
networks:
- INTERNAL_NETWORK_NAME
volumes:
- DATABASE_VOLUME_SECRET:/var/lib/postgresql
deploy:
resources:
limits:
memory: 1gb
WEB_SERVICE_NAME:
build:
context: ./django/
dockerfile: Dockerfile
restart: always
command: gunicorn bain.wsgi:application --bind 0.0.0.0:8000 -t 300
container_name: WEB_CONTAINER_NAME
volumes:
- /var/static/STATIC_VOLUME_NAME:/home/bolls/web/static
- /var/static/IMBA_VOLUME_NAME:/imba
environment:
- DEBUG=DEBUG_SECRET
- SECRET_KEY=SECRET_KEY_SECRET
- DJANGO_ALLOWED_HOSTS=DJANGO_ALLOWED_HOSTS_SECRET
- SQL_ENGINE=SQL_ENGINE_SECRET
- SQL_DATABASE=POSTGRES_DB_SECRET
- SQL_USER=POSTGRES_USER_SECRET
- SQL_PASSWORD=POSTGRES_PASSWORD_SECRET
- SQL_HOST=DB_SERVICE_NAME
- SQL_PORT=SQL_PORT_SECRET
- DATABASE=DATABASE_SECRET
- EMAIL_HOST_PASSWORD=EMAIL_HOST_PASSWORD_SECRET
- EMAIL_HOST_USER=EMAIL_HOST_USER_SECRET
- SOCIAL_AUTH_GOOGLE_OAUTH2_KEY=SOCIAL_AUTH_GOOGLE_OAUTH2_KEY_SECRET
- SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET=SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET_SECRET
- SOCIAL_AUTH_GITHUB_KEY=SOCIAL_AUTH_GITHUB_KEY_SECRET
- SOCIAL_AUTH_GITHUB_SECRET=SOCIAL_AUTH_GITHUB_SECRET_SECRET
networks:
- INTERNAL_NETWORK_NAME
depends_on:
- DB_SERVICE_NAME
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/get-text/YLT/1/1/"]
interval: 30s
timeout: 3s
retries: 2
start_period: 10s
IMBA_SERVICE_NAME-statics-initializer:
build:
context: ./imba/
dockerfile: Dockerfile
command: sh -c "cp -r /build/. /app/"
volumes:
- /var/static/IMBA_VOLUME_NAME:/app
deploy:
restart_policy:
condition: none
IMBA_SERVICE_NAME:
build:
context: ./imba/
dockerfile: Dockerfile
restart: on-failure
container_name: IMBA_SERVICE_NAME
environment:
- API_URL=http://WEB_SERVICE_NAME:8000
networks:
- INTERNAL_NETWORK_NAME
depends_on:
- WEB_SERVICE_NAME
certbot:
image: certbot/certbot:latest
container_name: certbot
volumes:
- /var/letsencrypt:/etc/letsencrypt
- ./challenges:/var/www/certbot:rw
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" # Renew certificates every 12 hours
NGINX_SERVICE_NAME:
image: nginx:latest
restart: always
container_name: NGINX_CONTAINER_NAME
environment:
- APP_DOMAIN=NGINX_DOMAIN_NAME
ports:
- 80:80
- 443:443
volumes:
- /var/static/STATIC_VOLUME_NAME:/home/bolls/web/static
- /var/static/IMBA_VOLUME_NAME:/imba
- ./nginx/main/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/conf.d:/etc/nginx/conf.d
- /var/letsencrypt:/etc/letsencrypt
- ./challenges:/var/www/certbot:ro
networks:
- web
- INTERNAL_NETWORK_NAME
depends_on:
WEB_SERVICE_NAME:
condition: service_started
IMBA_SERVICE_NAME:
condition: service_started
volumes:
DATABASE_VOLUME_SECRET:
driver: local
networks:
internal:
external: false
internal_dev:
external: false
web:
external: true