forked from YACS-RCOS/yacs.n
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.production.yml
77 lines (72 loc) · 2.42 KB
/
docker-compose.production.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
version: "3.4"
# web (front-end) depends on api (back-end) depends on (db)
# web -> api -> db [dependency chain]
services:
yacs_web:
ports:
- 80:8080
- 443:8443
environment:
# https://docs.docker.com/compose/compose-file/#variable-substitution
# - HOST=${HOST:-localhost}
# - ADMIN_PASS=${ADMIN_PASS:-admin}
# === below bunkerized-nginx config ===
# https://bunkerized-nginx.readthedocs.io/en/latest/environment_variables.html
# ===== nginx config: misc =====
- SERVER_NAME=${HOST:-localhost}
- ALLOWED_METHODS=GET|POST|DELETE
# ===== nginx config: http_auth =====
- USE_AUTH_BASIC=yes
- AUTH_BASIC_LOCATION=/admin
- AUTH_BASIC_USER=${ADMIN_USERNAME:-admin}
- AUTH_BASIC_PASSWORD=${ADMIN_PASS:-admin}
- AUTH_BASIC_TEXT=Admin Panel
# ===== nginx config: reverse proxy =====
- USE_REVERSE_PROXY=yes
- REVERSE_PROXY_URL_1=/api
- REVERSE_PROXY_HOST_1=http://yacs_api:5000
# ===== nginx config: compression =====
- USE_GZIP=yes
- GZIP_COMP_LEVEL=6
- GZIP_MIN_LENGTH=600
# ===== nginx config: cache =====
- USE_PROXY_CACHE=yes
- PROXY_CACHE_VALID=200=1s
# ===== HTTPS config =====
- AUTO_LETS_ENCRYPT=${AUTO_LE:-no}
- GENERATE_SELF_SIGNED_SSL=${SELF_CERT:-no}
- REDIRECT_HTTP_TO_HTTPS=yes
# ===== ModSecurity =====
- USE_MODSECURITY=no
- USE_MODSECURITY_CRS=no
- MODSECURITY_SEC_AUDIT_ENGINE=Off
# ===== Security Headers =====
- X_FRAME_OPTIONS=SAMEORIGIN
- STRICT_TRANSPORT_SECURITY=max-age=31536000; includeSubDomains; preload
- USE_LIMIT_REQ=no
# ===== Whitelists =====
- USE_REMOTE_API=${ENABLE_BLOCK:-yes}
- BLOCK_USER_AGENT=${ENABLE_BLOCK:-yes}
- BLOCK_TOR_EXIT_NODE=${ENABLE_BLOCK:-yes}
- BLOCK_PROXIES=${ENABLE_BLOCK:-yes}
- BLOCK_ABUSERS=${ENABLE_BLOCK:-yes}
- BLOCK_REFERRER=${ENABLE_BLOCK:-yes}
# === above bunkerized-nginx config ===
yacs_api:
environment:
- ENV=production
- DEBUG=False
- DB_HOST=yacs_db
- DB_USER=yacs
- DB_PASS=${DB_PASS:-easy_dev_pass}
- DB_NAME=yacs
- DB_PORT=5432
- WORKERS=${API_WORKERS:-4}
- API_SIGN_KEY=${API_SIGN_KEY:-secretKey}
yacs_db:
ports:
- 5432:5432
environment:
- POSTGRES_DB=yacs
- POSTGRES_USER=yacs
- POSTGRES_PASSWORD=${DB_PASS:-easy_dev_pass}