-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathdocker-compose.prod.yml
82 lines (73 loc) · 2.57 KB
/
docker-compose.prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
version: "3.8"
services:
traefik:
restart: always
command: >
--log.level=${LOG_LEVEL:-DEBUG}
--providers.docker=true
--providers.docker.exposedByDefault=false
--providers.file.filename=/var/traefik/dynamic.yml
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.tls.certresolver=myresolver
--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}
--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
--certificatesresolvers.myresolver.acme.httpchallenge=true
--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
--certificatesresolvers.myresolver.acme.caserver=${ACME_CA_SERVER:-https://acme-staging-v02.api.letsencrypt.org/directory}
labels:
# Traefik HTTPS Redirect
- "traefik.enable=true"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https-mddl@docker"
- "traefik.http.middlewares.redirect-to-https-mddl.redirectscheme.scheme=https"
volumes:
- "./docker/traefik/letsencrypt:/letsencrypt"
- "./docker/dynamic.yml:/var/traefik/dynamic.yml:ro"
ports:
- "80:80"
- "443:443"
rabbit:
restart: always
mongo:
restart: always
girder:
restart: always
labels:
- "traefik.http.routers.girder-rtr.entrypoints=websecure"
- "traefik.http.routers.girder-rtr.rule=Host(`${HOSTNAME}`)"
girder_worker_default:
restart: always
girder_worker_pipelines:
restart: always
girder_worker_training:
restart: always
environment:
- "WORKER_WATCHING_QUEUES=training,pipelines"
watchtower:
image: containrrr/watchtower:latest
container_name: watchtower
restart: always
command: >
--rolling-restart
--schedule "0 0 2 * * 4"
--label-enable
environment:
- "TZ=${TIMEZONE:-America/New_York}"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
duplicati:
image: linuxserver/duplicati:latest
container_name: duplicati
restart: always
ports:
- "8200:8200" # Port is not exposed outside vpn
environment:
- "TZ=${TIMEZONE:-America/New_York}"
- "PUID=0" # Requires root to access docker volumes directory
- "PGID=0"
volumes:
- /var/lib/docker/volumes:/source_volumes:ro # backup source
- /var/local/backups:/destination_backups:rw # backup dest
- /var/local/backups/duplicati/config:/config:rw