version: "3.7" services: letsencrypt-git: # nginx reverse proxy for all apps (except drone in a subdomain) # automatically obtains and refreshes ssl certificates with letsencrypt deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-git environment: - CERTBOT_EMAIL=${CERTBOT_EMAIL} - SERVER_NAME=${GIT_DOMAIN} - GIT_PROXY_PASS=http://${SIGYL_STACK_NAME}_gitea:3000/ - BLOG_PROXY_PASS=http://${SIGYL_STACK_NAME}_ghost:2368/ - CHAT_PROXY_PASS=http://${SIGYL_STACK_NAME}_chat:3000/ - COMMENTO_PROXY_PASS=http://${SIGYL_STACK_NAME}_commento:8080/ - REMOTE_PROXY_PASS=http://${SIGYL_STACK_NAME}_guacamole:8080/guacamole/ - DRONE_PROXY_PASS=http://${SIGYL_STACK_NAME}_drone-server:8080/ - REGISTRY_PROXY_PASS=http://registry-1:5000 - PORTAINER_PROXY_PASS=http://${SIGYL_STACK_NAME}_portainer:9000/ - PORTAINER_LOCATION=/portainer/ - MATOMO_PROXY_PASS=http://${SIGYL_STACK_NAME}_matomo-web/ - MATOMO_LOCATION=/analytics/ - NAGIOS_PROXY_PASS=http://${SIGYL_STACK_NAME}_nagios/ - NAGIOS_LOCATION=/nagios/ - ZABBIX_PROXY_PASS=http://${SIGYL_STACK_NAME}_zabbix-web:8080/ - ZABBIX_LOCATION=/zabbix/ - GIT_LOCATION=/git/ - BLOG_LOCATION=/ - CHAT_LOCATION=/chat/ - COMMENTO_LOCATION=/comment/ - REMOTE_LOCATION=/remote/ - TITLE=$TITLE - DESCRIPTION=$DESCRIPTION - DRONE_REPO_LINK=$DRONE_REPO_LINK - DRONE_COMMIT=$DRONE_COMMIT volumes: - letsencrypt-git:/etc/letsencrypt networks: - externalnet - appnet ports: - 80:80 - 443:443 - 5000:5000 - 5001:5001 - 5005:5005 letsencrypt-drone: # reverse proxy for drone in a subdomain deploy: placement: constraints: [node.labels.com.sigyl.git-stack-data == yes] replicas: 0 restart_policy: condition: any image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-drone environment: - CERTBOT_EMAIL=${CERTBOT_EMAIL} - SERVER_NAME=${DRONE_DOMAIN} - PROXY_PASS=http://${SIGYL_STACK_NAME}_drone-server:8080/ volumes: - letsencrypt-drone:/etc/letsencrypt networks: - appnet - externalnet ngrok: # ngrok tunnel client deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 0 restart_policy: condition: any image: ${LOCAL_DOCKER_REGISTRY}ngrok-gitea ports: - "4040:4040" environment: - GIT_DOMAIN=${GIT_DOMAIN} - DRONE_DOMAIN=${DRONE_DOMAIN} - REMOTE_DOMAIN=${REMOTE_DOMAIN} - BLOG_DOMAIN=${BLOG_DOMAIN} - CHAT_DOMAIN=${CHAT_DOMAIN} - NGROK_AUTH_TOKEN=${NGROK_AUTH_TOKEN} networks: - appnet registry: # internal registry deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: registry:2 volumes: - registry-data:/var/lib/registry environment: - REGISTRY_HTTP_ADDR=0.0.0.0:5000 - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert" - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key" networks: - appnet secrets: - registry-cert - registry-key ports: - 5003:5000 registry-cache: # registry cache (used?) deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: registry:2 ports: - 5002:5001 volumes: - registry-cache-data:/var/lib/registry environment: - REGISTRY_HTTP_ADDR=0.0.0.0:5001 - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert" - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key" - REGISTRY_PROXY_REMOTEURL=http://registry-1.docker.io networks: - appnet secrets: - registry-cert - registry-key registry-1: deploy: placement: constraints: [node.labels.com.sigyl.git-stack == yes] replicas: 1 restart_policy: condition: any image: registry:2 volumes: - registry-data:/var/lib/registry environment: - REGISTRY_HTTP_ADDR=0.0.0.0:5000 networks: - appnet - externalnet volumes: letsencrypt-git: letsencrypt-drone: registry-data: registry-cache-data: networks: appnet: driver: overlay #external: true externalnet: driver: overlay external: true secrets: 'registry-cert': file: .certificates/registry.crt 'registry-key': file: .certificates/registry.key