-
Notifications
You must be signed in to change notification settings - Fork 2
/
docker-compose.yml
85 lines (81 loc) · 4.24 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
version: "3.3"
services:
traefik:
image: "traefik:v2.4"
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=marvin.sextro@gmail.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
- "--providers.file.filename=/conf/traefik-tls.toml"
- "--metrics.prometheus=true"
- "--metrics.prometheus.manualrouting=true"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
#- "--log.level=DEBUG"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- ./traefik-tls.toml:/conf/traefik-tls.toml
- /mnt/docker/letsencrypt:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
secrets:
- traefik-metrics
covidpassapinet:
image: ghcr.io/covidpass-org/covidpassapinet:${TAG_BACKEND}
restart: "unless-stopped"
environment:
- Server__AllowedOrigins=https://${SERVER_URL}
- Certificates__AppleDeveloperPath=/certs/apple-developer-certificate.pem
- Certificates__AppleDeveloperPasswordPath=/run/secrets/apple-developer-password
- Certificates__AppleCaPath=/certs/apple-ca-certificate.pem
- Hashes__IconBlack=9dcdd385e848610f020cf3bfc65ddc413beb5e87
- Hashes__IconWhite=8fe995e82fa5fa28178df005a1340ae52dcf60e3
- Hashes__Icon2XBlack=4e8a383fd25dc26c686f8ac70f2a251d5bd60979
- Hashes__Icon2XWhite=28cbd85eee40f0ac79a1cfe96524a64036c9cb9e
- Hashes__LogoBlack=9dcdd385e848610f020cf3bfc65ddc413beb5e87
- Hashes__LogoWhite=8fe995e82fa5fa28178df005a1340ae52dcf60e3
- Hashes__Logo2XBlack=4e8a383fd25dc26c686f8ac70f2a251d5bd60979
- Hashes__Logo2XWhite=28cbd85eee40f0ac79a1cfe96524a64036c9cb9e
volumes:
- /mnt/docker/secrets/apple-ca-certificate.pem:/certs/apple-ca-certificate.pem
- /mnt/docker/secrets/apple-developer-certificate.pem:/certs/apple-developer-certificate.pem
labels:
- "traefik.enable=true"
- "traefik.http.routers.covidpass-api.rule=Host(`api.${SERVER_URL}`)"
- "traefik.http.routers.covidpass-api.entrypoints=websecure"
- "traefik.http.routers.covidpass-api.tls.certresolver=myresolver"
- "traefik.http.middlewares.admin-auth-metrics.basicauth.usersfile=/run/secrets/traefik-metrics"
- "traefik.http.routers.covidpass-api-metrics.rule=Host(`api.${SERVER_URL}`) && PathPrefix(`/traefik-metrics`)"
- "traefik.http.routers.covidpass-api-metrics.entrypoints=websecure"
- "traefik.http.routers.covidpass-api-metrics.tls=true"
- "traefik.http.routers.covidpass-api-metrics.service=prometheus@internal"
- "traefik.http.routers.covidpass-api-metrics.middlewares=admin-auth-metrics"
secrets:
- apple-developer-password
covidpass:
image: ghcr.io/covidpass-org/covidpass:${TAG_FRONTEND}
restart: "unless-stopped"
environment:
- NODE_ENV=production
- API_BASE_URL=https://api.${SERVER_URL}
labels:
- "traefik.enable=true"
- "traefik.http.routers.covidpass.rule=Host(`${SERVER_URL}`)"
- "traefik.http.routers.covidpass.entrypoints=websecure"
- "traefik.http.routers.covidpass.tls.certresolver=myresolver"
depends_on:
- covidpassapinet
secrets:
apple-developer-password:
file: /mnt/docker/secrets/apple-developer-password
traefik-metrics:
file: /mnt/docker/secrets/traefik-metrics