-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose-standalone.yml
120 lines (113 loc) · 3.39 KB
/
docker-compose-standalone.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
version: '3.7'
services:
hockeypuck:
image: hockeypuck/hockeypuck:${RELEASE}
build:
context: ../../..
ports:
- "${HKP_RECON_HOST_PORT:-11370}:11370"
restart: always
depends_on:
- postgres
volumes:
- ./hockeypuck/etc:/hockeypuck/etc
- hkp_data:/hockeypuck/data
- pgp_import:/hockeypuck/import
logging:
options:
max-size: "10m"
max-file: "3"
postgres:
image: postgres:11
restart: always
environment:
- POSTGRES_USER
- POSTGRES_PASSWORD
- POSTGRES_DB=hkp
volumes:
- pg_data:/var/lib/postgresql/data
prometheus:
image: prom/prometheus:v2.43.0
restart: always
volumes:
- prom_data:/prometheus
- ./prometheus/etc:/etc/prometheus
command:
- "--web.external-url=/monitoring/prometheus/"
- "--config.file=/etc/prometheus/prometheus.yml"
- "--storage.tsdb.path=/prometheus"
- "--web.console.libraries=/usr/share/prometheus/console_libraries"
- "--web.console.templates=/usr/share/prometheus/consoles"
haproxy:
image: haproxy:2.6-alpine
ports:
- "${HAP_HTTP_HOST_PORT:-80}:80"
- "${HAP_HTTPS_HOST_PORT:-443}:443"
- "${HAP_HKP_HOST_PORT:-11371}:11371"
- "${HAP_PEER_HOST_PORT:-127.0.0.1:1395}:1395"
user: root
restart: always
init: true
environment:
- FQDN
- ALIAS_FQDNS
- CLUSTER_FQDNS
- PROMETHEUS_HOST_PORT=prometheus:9090
- CERTBOT_HOST_PORT=certbot:80
- KEYSERVER_HOST_PORT=hockeypuck:11371
- HAP_DHPARAM_FILE=/etc/letsencrypt/ssl-dhparams.pem
- HAP_CONF_DIR=/usr/local/etc/haproxy
- HAP_CACHE_DIR=/var/cache/haproxy
- HAP_CERT_DIR=/etc/letsencrypt/live
- HAP_LOG_FORMAT
- HAP_BEHIND_CLOUDFLARE
- HAP_BEHIND_PROXY
depends_on:
- certbot
- haproxy_cache
- haproxy_internal
- prometheus
volumes:
- ./haproxy-entrypoint.sh:/usr/local/bin/haproxy-entrypoint.sh
- ./haproxy/etc:/usr/local/etc/haproxy
- haproxy_cache:/var/cache/haproxy
- ${CERTBOT_CONF:-certbot_conf}:/etc/letsencrypt
entrypoint: "/usr/local/bin/haproxy-entrypoint.sh -f /usr/local/etc/haproxy/haproxy.d"
logging:
options:
max-size: "10m"
max-file: "3"
haproxy_internal:
image: haproxy:2.6-alpine
user: root
restart: always
volumes:
- ./haproxy/etc/haproxy-internal.cfg:/usr/local/etc/haproxy/haproxy.cfg
entrypoint: "/bin/sh -c 'export HOSTNAME=$$(hostname); export HOST_IP=$$(hostname -i); haproxy -f /usr/local/etc/haproxy/haproxy.cfg'"
logging:
options:
max-size: "10m"
max-file: "3"
haproxy_cache:
image: instrumentisto/rsync-ssh
restart: always
volumes:
- haproxy_cache:/var/cache/haproxy
entrypoint: "/bin/sh -c 'trap exit TERM; touch /var/cache/haproxy/tor_exit_relays.list; while :; do sleep 1800; wget \"${TOR_EXIT_RELAYS_URL}\" -O /var/cache/haproxy/tor_exit_relays.list; done'"
logging:
options:
max-size: "10m"
max-file: "1"
certbot:
image: certbot/certbot
restart: always
volumes:
- ${CERTBOT_CONF:-certbot_conf}:/etc/letsencrypt
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do for i in /etc/letsencrypt/live/*; do [ -d \"$$i\" ] && ln -sf privkey.pem $$i/fullchain.pem.key; certbot --standalone renew; done; sleep 12h & wait $${!}; done;'"
volumes:
hkp_data: {}
pg_data: {}
prom_data: {}
pgp_import: {}
haproxy_cache: {}
certbot_conf: {}