-
Notifications
You must be signed in to change notification settings - Fork 2
/
docker-compose.yml
146 lines (136 loc) · 5.1 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
services:
frontend:
image: ghcr.io/dainst/arachne4-frontend:${ARACHNE_FRONTEND_IMAGE_VERSION}
volumes:
- ${ARCHAEOCLOUD_PATH}:/media/archaeocloud
- /opt/arachne_sitemap:/var/www/sitemap
labels:
- traefik.enable=true
- traefik.http.routers.frontend.rule=Host(`${SERVER_ADDRESS}`)
- traefik.http.routers.frontend.entrypoints=websecure
- traefik.http.routers.frontend.tls.certresolver=myresolver
- traefik.port=80
- traefik.http.middlewares.frontend-compress.compress=true
- traefik.http.routers.frontend.middlewares=frontend-compress
- "com.centurylinklabs.watchtower.enable=true"
user: "${UID}:${GID}"
restart: always
backend:
image: ghcr.io/dainst/arachne4-backend:${ARACHNE_BACKEND_IMAGE_VERSION}
environment:
- "DB_SERVER=${SERVER_ADDRESS}:3306"
- "DB_PASSWORD=${DB_PASSWORD}"
- "SERVER_ADDRESS=${SERVER_ADDRESS}"
- "SMTP_USER_NAME=${SMTP_USER_NAME}"
- "SMTP_USER_PASSWORD=${SMTP_USER_PASSWORD}"
- "IIPIMAGE_SERVER=frontend"
- "ELASTICSEARCH_SERVER=elasticsearch"
volumes:
- ${ARCHAEOCLOUD_PATH}:/media/archaeocloud
hostname: "${HOST_NAME}"
user: "${UID}:${GID}"
labels:
- traefik.enable=true
- traefik.http.routers.backend.rule=Host(`${SERVER_ADDRESS}`) && PathPrefix(`/data`)
- traefik.http.routers.backend.entrypoints=websecure
- traefik.http.routers.backend.tls.certresolver=myresolver
- traefik.port=8080
- traefik.http.middlewares.backend-compress.compress=true
- traefik.http.middlewares.backend-headers.headers.accesscontrolalloworiginlist=*
- traefik.http.routers.backend.middlewares=backend-compress,backend-headers
- "com.centurylinklabs.watchtower.enable=true"
user: "${UID}:${GID}"
restart: always
db:
image: mariadb:latest
container_name: arachne4_db
environment:
- "MYSQL_ROOT_PASSWORD=${DB_ROOT_PASSWORD}"
- "MYSQL_DATABASE=arachne"
- "MYSQL_USER=arachne"
- "MYSQL_PASSWORD=${DB_PASSWORD}"
command: --innodb-log-file-size=256M --innodb_buffer_pool_size=12G --innodb_strict_mode=off --sql_mode="NO_ENGINE_SUBSTITUTION"
volumes:
- ./db_data:/var/lib/mysql
ports:
- 3306:3306
restart: always
phpmyadmin:
image: phpmyadmin:apache
environment:
- "PMA_HOST=arachne4_db"
- "PMA_ABSOLUTE_URI=https://${SERVER_ADDRESS}/phpmyadmin/"
- "MYSQL_ROOT_PASSWORD=${DB_ROOT_PASSWORD}"
labels:
- traefik.enable=true
- traefik.http.routers.phpmyadmin.rule=Host(`${SERVER_ADDRESS}`) && PathPrefix(`/phpmyadmin`)
- traefik.http.routers.phpmyadmin.entrypoints=websecure
- traefik.http.routers.phpmyadmin.tls.certresolver=myresolver
- traefik.http.middlewares.phpmyadmin-strip.stripprefix.prefixes=/phpmyadmin
- traefik.http.middlewares.phpmyadmin-ipwhitelist.ipwhitelist.sourcerange=134.95.0.0/16,172.28.0.0/20,195.37.61.194,195.37.61.201,172.18.0.0/16,77.39.225.242,77.39.225.250,213.233.42.42
- traefik.http.routers.phpmyadmin.middlewares=phpmyadmin-strip,phpmyadmin-ipwhitelist
- traefik.port=80
restart: always
elasticsearch:
build: ./elasticsearch
environment:
- discovery.type=single-node
- cluster.name=arachne4
- "ES_JAVA_OPTS=-Xms16g -Xmx16g"
volumes:
- elasticsearch_data:/usr/share/elasticsearch/data
restart: always
iipimage:
build: ./iipimage
volumes:
- ${ARCHAEOCLOUD_PATH}:/media/archaeocloud
user: "${UID}:${GID}"
restart: always
aiax:
image: ghcr.io/dainst/aiax:${AIAX_VERSION}
volumes:
- ${AIAX_DATA_DIR}:/var/www/html/aiax/data
environment:
- ARACHNE4_BASE_URL=https://${SERVER_ADDRESS}
- BASE_URL=https://${SERVER_ADDRESS}
- DB_SERVER=arachne4_db
- DB_PASSWORD
labels:
- traefik.enable=true
- traefik.http.routers.aiax.rule=Host(`${SERVER_ADDRESS}`) && PathPrefix(`/aiax`)
- traefik.http.routers.aiax.entrypoints=websecure
- traefik.http.routers.aiax.tls.certresolver=myresolver
- traefik.port=80
- com.centurylinklabs.watchtower.enable=true
user: "${UID}:${GID}"
restart: always
traefik:
image: traefik:v2.5
restart: always
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entryPoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./letsencrypt:/letsencrypt"
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
watchtower:
image: containrrr/watchtower:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command: --label-enable --cleanup --interval 60
restart: always
volumes:
elasticsearch_data: