71 lines
1.6 KiB
YAML
71 lines
1.6 KiB
YAML
version: '3.8'
|
|
|
|
networks:
|
|
maple-public-prod:
|
|
external: true
|
|
|
|
volumes:
|
|
nginx-ssl-certs:
|
|
nginx-ssl-www:
|
|
|
|
services:
|
|
nginx:
|
|
image: nginx:alpine
|
|
hostname: nginx
|
|
networks:
|
|
- maple-public-prod
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- nginx-ssl-certs:/etc/letsencrypt
|
|
- nginx-ssl-www:/var/www/certbot
|
|
- /var/run/docker.sock:/tmp/docker.sock:ro # For nginx-proxy
|
|
configs:
|
|
- source: nginx_config
|
|
target: /etc/nginx/nginx.conf
|
|
- source: nginx_site_config
|
|
target: /etc/nginx/conf.d/default.conf
|
|
deploy:
|
|
replicas: 1
|
|
placement:
|
|
constraints:
|
|
- node.labels.backend == true # Same node as backend
|
|
restart_policy:
|
|
condition: on-failure
|
|
delay: 5s
|
|
max_attempts: 3
|
|
resources:
|
|
limits:
|
|
memory: 256M
|
|
cpus: '0.5'
|
|
reservations:
|
|
memory: 128M
|
|
cpus: '0.25'
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:80/health"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 10s
|
|
|
|
certbot:
|
|
image: certbot/certbot:latest
|
|
hostname: certbot
|
|
volumes:
|
|
- nginx-ssl-certs:/etc/letsencrypt
|
|
- nginx-ssl-www:/var/www/certbot
|
|
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
|
|
deploy:
|
|
replicas: 1
|
|
placement:
|
|
constraints:
|
|
- node.labels.backend == true
|
|
restart_policy:
|
|
condition: on-failure
|
|
|
|
configs:
|
|
nginx_config:
|
|
file: ./nginx.conf
|
|
nginx_site_config:
|
|
file: ./site.conf
|