73 lines
2.5 KiB
YAML
73 lines
2.5 KiB
YAML
services:
|
|
web:
|
|
build:
|
|
context: ./app
|
|
dockerfile: Dockerfile.prod
|
|
command: >
|
|
bash -c 'while !</dev/tcp/db/5432; do sleep 1; done;
|
|
python manage.py migrate;
|
|
python manage.py collectstatic --no-input --no-post-process;
|
|
gunicorn --bind 0.0.0.0:8000 core.wsgi'
|
|
expose:
|
|
- 8000
|
|
environment:
|
|
- "ALLOWED_HOSTS=${ALLOWED_HOSTS}"
|
|
- "CSRF_TRUSTED_ORIGINS=${CSRF_TRUSTED_ORIGINS}"
|
|
- "DB_HOST=${DB_HOST}"
|
|
- "DB_NAME=${DB_NAME}"
|
|
- "DB_PASSWORD=${DB_PASSWORD}"
|
|
- "DB_PORT=${DB_PORT}"
|
|
- "DB_USER=${DB_USER}"
|
|
- "DEBUG=${DEBUG}"
|
|
- "SECRET_KEY=${SECRET_KEY}"
|
|
- "DEFAULT_FROM_EMAIL=${DEFAULT_FROM_EMAIL}"
|
|
- "EMAIL_HOST_PASSWORD=${EMAIL_HOST_PASSWORD}"
|
|
- "EMAIL_HOST_USER=${EMAIL_HOST_USER}"
|
|
- "EMAIL_HOST=${EMAIL_HOST}"
|
|
- "EMAIL_PORT=${EMAIL_PORT}"
|
|
depends_on:
|
|
- db
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.django.rule=Host(`${ALLOWED_HOSTS}`)"
|
|
- "traefik.http.routers.django.tls=true"
|
|
- "traefik.http.routers.django.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.django.middlewares=djangoHeader"
|
|
db:
|
|
image: postgres:15-alpine
|
|
volumes:
|
|
- ./postgres/data:/var/lib/postgresql/data/
|
|
- ./postgres/backup:/backup
|
|
expose:
|
|
- 5432
|
|
environment:
|
|
- "POSTGRES_USER=${DB_USER}"
|
|
- "POSTGRES_PASSWORD=${DB_PASSWORD}"
|
|
- "POSTGRES_DB=${DB_NAME}"
|
|
traefik:
|
|
build:
|
|
context: ./traefik
|
|
dockerfile: ./Dockerfile.traefik
|
|
ports:
|
|
- 80:80
|
|
- 443:443
|
|
volumes:
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
- "./traefik/traefik-public-certificates:/certificates"
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.dashboard.rule=Host(`dashboard-fbf.nabu-jena.de`)"
|
|
- "traefik.http.routers.dashboard.tls=false"
|
|
- "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.dashboard.service=api@internal"
|
|
- "traefik.http.routers.dashboard.middlewares=auth"
|
|
- "traefik.http.middlewares.auth.basicauth.users=testuser:$$apr1$$jIKW.bdS$$eKXe4Lxjgy/rH65wP1iQe1"
|
|
#hsts
|
|
- "traefik.http.middlewares.djangoHeader.headers.stsSeconds=15552000"
|
|
- "traefik.http.middlewares.djangoHeader.headers.stsIncludeSubdomains=true"
|
|
- "traefik.http.middlewares.djangoHeader.headers.stsPreload=true"
|
|
- "traefik.http.middlewares.djangoHeader.headers.forceSTSHeader=true"
|
|
|
|
volumes:
|
|
postgres_data_prod:
|
|
traefik-public-certificates:
|