diff --git a/.drone-home.star b/.drone-home.star index b7218ff..34f8900 100644 --- a/.drone-home.star +++ b/.drone-home.star @@ -10,9 +10,9 @@ def main(ctx): stackRoot, stackName, [ - "docker service scale {name}_ngrok=1".format(name=stackName), + "docker service scale proxy_ngrok=1".format(name=stackName), "docker service scale {name}_chat=1".format(name=stackName), - "docker service scale {name}_letsencrypt-drone=1".format(name=stackName), + "docker service scale proxy_letsencrypt-drone=1".format(name=stackName), ] ) \ No newline at end of file diff --git a/docker-compose-proxy.yml b/docker-compose-proxy.yml new file mode 100644 index 0000000..45a0156 --- /dev/null +++ b/docker-compose-proxy.yml @@ -0,0 +1,115 @@ +version: "3.7" +services: + letsencrypt-git: + # nginx reverse proxy for all apps (except drone in a subdomain) + # automatically obtains and refreshes ssl certificates with letsencrypt + deploy: + placement: + constraints: [node.labels.com.sigyl.git-stack == yes] + replicas: 1 + restart_policy: + condition: any + image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-git + environment: + - CERTBOT_EMAIL=${CERTBOT_EMAIL} + - SERVER_NAME=${GIT_DOMAIN} + - GIT_PROXY_PASS=http://${SIGYL_STACK_NAME}_gitea:3000/ + - BLOG_PROXY_PASS=http://${SIGYL_STACK_NAME}_ghost:2368/ + - CHAT_PROXY_PASS=http://${SIGYL_STACK_NAME}_chat:3000/ + - COMMENTO_PROXY_PASS=http://${SIGYL_STACK_NAME}_commento:8080/ + - REMOTE_PROXY_PASS=http://${SIGYL_STACK_NAME}_guacamole:8080/guacamole/ + - DRONE_PROXY_PASS=http://${SIGYL_STACK_NAME}_drone-server:8080/ + - REGISTRY_PROXY_PASS=http://registry-1:5000 + - PORTAINER_PROXY_PASS=http://${SIGYL_STACK_NAME}_portainer:9000/ + - PORTAINER_LOCATION=/portainer/ + - MATOMO_PROXY_PASS=http://${SIGYL_STACK_NAME}_matomo-web/ + - MATOMO_LOCATION=/analytics/ + - NAGIOS_PROXY_PASS=http://${SIGYL_STACK_NAME}_nagios/ + - NAGIOS_LOCATION=/nagios/ + - ZABBIX_PROXY_PASS=http://${SIGYL_STACK_NAME}_zabbix-web:8080/ + - ZABBIX_LOCATION=/zabbix/ + - GIT_LOCATION=/git/ + - BLOG_LOCATION=/ + - CHAT_LOCATION=/chat/ + - COMMENTO_LOCATION=/comment/ + - REMOTE_LOCATION=/remote/ + - TITLE=$TITLE + - DESCRIPTION=$DESCRIPTION + - DRONE_REPO_LINK=$DRONE_REPO_LINK + - DRONE_COMMIT=$DRONE_COMMIT + volumes: + - letsencrypt-git:/etc/letsencrypt + networks: + - externalnet + - appnet + ports: + - 80:80 + - 443:443 + - 5000:5000 + - 5001:5001 + - 5005:5005 + letsencrypt-drone: + # reverse proxy for drone in a subdomain + deploy: + placement: + constraints: [node.labels.com.sigyl.git-stack-data == yes] + replicas: 0 + restart_policy: + condition: any + image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-drone + environment: + - CERTBOT_EMAIL=${CERTBOT_EMAIL} + - SERVER_NAME=${DRONE_DOMAIN} + - PROXY_PASS=http://${SIGYL_STACK_NAME}_drone-server:8080/ + volumes: + - letsencrypt-drone:/etc/letsencrypt + networks: + - appnet + - externalnet + ngrok: + # ngrok tunnel client + deploy: + placement: + constraints: [node.labels.com.sigyl.git-stack == yes] + replicas: 0 + restart_policy: + condition: any + image: ${LOCAL_DOCKER_REGISTRY}ngrok-gitea + ports: + - "4040:4040" + environment: + - GIT_DOMAIN=${GIT_DOMAIN} + - DRONE_DOMAIN=${DRONE_DOMAIN} + - REMOTE_DOMAIN=${REMOTE_DOMAIN} + - BLOG_DOMAIN=${BLOG_DOMAIN} + - CHAT_DOMAIN=${CHAT_DOMAIN} + - NGROK_AUTH_TOKEN=${NGROK_AUTH_TOKEN} + networks: + - appnet + registry-1: + deploy: + placement: + constraints: [node.labels.com.sigyl.git-stack == yes] + replicas: 1 + restart_policy: + condition: any + image: registry:2 + volumes: + - registry-data:/var/lib/registry + environment: + - REGISTRY_HTTP_ADDR=0.0.0.0:5000 + networks: + - appnet + - externalnet +volumes: + letsencrypt-git: + letsencrypt-drone: + registry-data: + +networks: + appnet: + driver: overlay + #external: true + externalnet: + driver: overlay + external: true diff --git a/docker-compose.yml b/docker-compose.yml index 3f65400..c97b5a4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,74 +1,6 @@ version: "3.7" services: - letsencrypt-git: - # nginx reverse proxy for all apps (except drone in a subdomain) - # automatically obtains and refreshes ssl certificates with letsencrypt - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-git - environment: - - CERTBOT_EMAIL=${CERTBOT_EMAIL} - - SERVER_NAME=${GIT_DOMAIN} - - GIT_PROXY_PASS=http://gitea:3000/ - - BLOG_PROXY_PASS=http://ghost:2368/ - - CHAT_PROXY_PASS=http://chat:3000/ - - COMMENTO_PROXY_PASS=http://commento:8080/ - - REMOTE_PROXY_PASS=http://guacamole:8080/guacamole/ - - DRONE_PROXY_PASS=http://drone-server:8080/ - - REGISTRY_PROXY_PASS=http://registry-1:5000 - - PORTAINER_PROXY_PASS=http://portainer:9000/ - - PORTAINER_LOCATION=/portainer/ - - MATOMO_PROXY_PASS=http://matomo-web/ - - MATOMO_LOCATION=/analytics/ - - NAGIOS_PROXY_PASS=http://nagios/ - - NAGIOS_LOCATION=/nagios/ - - ZABBIX_PROXY_PASS=http://zabbix-web:8080/ - - ZABBIX_LOCATION=/zabbix/ - - GIT_LOCATION=/git/ - - BLOG_LOCATION=/ - - CHAT_LOCATION=/chat/ - - COMMENTO_LOCATION=/comment/ - - REMOTE_LOCATION=/remote/ - - DRONE_SERVER_HOST=$DRONE_SERVER_HOST - - TITLE=$TITLE - - DESCRIPTION=$DESCRIPTION - - DRONE_REPO_LINK=$DRONE_REPO_LINK - - DRONE_COMMIT=$DRONE_COMMIT - volumes: - - letsencrypt-git:/etc/letsencrypt - networks: - - appnet - - externalnet - ports: - - 80:80 - - 443:443 - - 5000:5000 - - 5001:5001 - - 5005:5005 - letsencrypt-drone: - # reverse proxy for drone in a subdomain - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack-data == yes] - replicas: 0 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-drone - environment: - - CERTBOT_EMAIL=${CERTBOT_EMAIL} - - SERVER_NAME=${DRONE_DOMAIN} - - PROXY_PASS=http://drone-server:8080/ - volumes: - - letsencrypt-drone:/etc/letsencrypt - networks: - - appnet - - externalnet gitea: - # gitea application deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] @@ -100,27 +32,6 @@ services: networks: - appnet - externalnet - ngrok: - # ngrok tunnel client - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 0 - restart_policy: - condition: any - image: ${LOCAL_DOCKER_REGISTRY}ngrok-gitea - ports: - - "4040:4040" - environment: - - GIT_DOMAIN=${GIT_DOMAIN} - - DRONE_DOMAIN=${DRONE_DOMAIN} - - REMOTE_DOMAIN=${REMOTE_DOMAIN} - - BLOG_DOMAIN=${BLOG_DOMAIN} - - CHAT_DOMAIN=${CHAT_DOMAIN} - - NGROK_AUTH_TOKEN=${NGROK_AUTH_TOKEN} - networks: - - appnet - - externalnet drone-server: # drone server application deploy: @@ -209,22 +120,6 @@ services: - registry-key ports: - 5003:5000 - registry-1: - # internal registry #1 (why?) - deploy: - placement: - constraints: [node.labels.com.sigyl.git-stack == yes] - replicas: 1 - restart_policy: - condition: any - image: registry:2 - volumes: - - registry-data:/var/lib/registry - environment: - - REGISTRY_HTTP_ADDR=0.0.0.0:5000 - networks: - - appnet - - externalnet registry-cache: # registry cache (used?) deploy: @@ -366,6 +261,7 @@ services: - ./nagios/contacts/contacts.cfg:/opt/nagios/etc/objects/contacts.cfg networks: - appnet + - externalnet matomo: image: matomo:fpm-alpine deploy: @@ -470,6 +366,7 @@ services: image: zabbix/zabbix-web-nginx-mysql networks: - appnet + - externalnet environment: DB_SERVER_HOST: zabbix-mariadb MYSQL_USER: zabbix @@ -585,8 +482,6 @@ volumes: registry-cache-data: guacamole-postgresql-data: commento-postgresql-data: - letsencrypt-git: - letsencrypt-drone: ghost-content: ghost-data: ghost-content-adapters: @@ -613,4 +508,3 @@ secrets: file: .certificates/registry.crt 'registry-key': file: .certificates/registry.key - \ No newline at end of file diff --git a/drone-starlark/repos/deploy.star b/drone-starlark/repos/deploy.star index 0f9dda1..cad282b 100644 --- a/drone-starlark/repos/deploy.star +++ b/drone-starlark/repos/deploy.star @@ -30,6 +30,9 @@ def deploy( "export DRONE_COMMIT={commit}".format(commit=ctx.build.commit), "docker network prune -f", "cd {folder}".format(folder=folder), + "docker stack rm proxy", + "sleep 30", + "docker stack deploy -c docker-compose-proxy.yml proxy", "docker stack rm {name}".format(name = name), "sleep 30", "docker stack deploy -c {filename} {name}".format(name= name, filename = filename),