stack/docker-compose-proxy.yml

version: "3.7"
services:
  letsencrypt-git:
    # nginx reverse proxy for all apps (except drone in a subdomain)
    # automatically obtains and refreshes ssl certificates with letsencrypt
    deploy:
      placement:
        constraints: [node.labels.com.sigyl.git-stack == yes]
      replicas: 1
      restart_policy:
        condition: any
    image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-git
    environment:
      - CERTBOT_EMAIL=${CERTBOT_EMAIL}
      - SERVER_NAME=${GIT_DOMAIN}
      - GIT_PROXY_PASS=http://${SIGYL_STACK_NAME}_gitea:3000/
      - BLOG_PROXY_PASS=http://${SIGYL_STACK_NAME}_ghost:2368/
      - CHAT_PROXY_PASS=http://${SIGYL_STACK_NAME}_chat:3000/
      - COMMENTO_PROXY_PASS=http://${SIGYL_STACK_NAME}_commento:8080/
      - REMOTE_PROXY_PASS=http://${SIGYL_STACK_NAME}_guacamole:8080/guacamole/
      - DRONE_PROXY_PASS=http://${SIGYL_STACK_NAME}_drone-server:8080/
      - REGISTRY_PROXY_PASS=http://registry-1:5000
      - PORTAINER_PROXY_PASS=http://${SIGYL_STACK_NAME}_portainer:9000/
      - PORTAINER_LOCATION=/portainer/
      - MATOMO_PROXY_PASS=http://${SIGYL_STACK_NAME}_matomo-web/
      - MATOMO_LOCATION=/analytics/
      - NAGIOS_PROXY_PASS=http://${SIGYL_STACK_NAME}_nagios/
      - NAGIOS_LOCATION=/nagios/
      - ZABBIX_PROXY_PASS=http://${SIGYL_STACK_NAME}_zabbix-web:8080/
      - ZABBIX_LOCATION=/zabbix/
      - GIT_LOCATION=/git/
      - BLOG_LOCATION=/
      - CHAT_LOCATION=/chat/
      - COMMENTO_LOCATION=/comment/
      - REMOTE_LOCATION=/remote/
      - TITLE=$TITLE
      - DESCRIPTION=$DESCRIPTION
      - DRONE_REPO_LINK=$DRONE_REPO_LINK
      - DRONE_COMMIT=$DRONE_COMMIT   
    volumes:
      - letsencrypt-git:/etc/letsencrypt
    networks:
      - externalnet
      - appnet
    ports:
      - 80:80
      - 443:443
      - 5000:5000
      - 5001:5001
      - 5005:5005
  letsencrypt-drone:
    # reverse proxy for drone in a subdomain
    deploy:
      placement:
        constraints: [node.labels.com.sigyl.git-stack-data == yes]
      replicas: 0
      restart_policy:
        condition: any
    image: ${LOCAL_DOCKER_REGISTRY}letsencrypt-drone
    environment:
      - CERTBOT_EMAIL=${CERTBOT_EMAIL}
      - SERVER_NAME=${DRONE_DOMAIN}
      - PROXY_PASS=http://${SIGYL_STACK_NAME}_drone-server:8080/
    volumes:
      - letsencrypt-drone:/etc/letsencrypt
    networks:
      - appnet
      - externalnet
  ngrok:
    # ngrok tunnel client
    deploy:
      placement:
        constraints: [node.labels.com.sigyl.git-stack == yes]
      replicas: 0
      restart_policy:
        condition: any
    image: ${LOCAL_DOCKER_REGISTRY}ngrok-gitea
    ports:
      - "4040:4040"
    environment:
      - GIT_DOMAIN=${GIT_DOMAIN}
      - DRONE_DOMAIN=${DRONE_DOMAIN}
      - REMOTE_DOMAIN=${REMOTE_DOMAIN}
      - BLOG_DOMAIN=${BLOG_DOMAIN}
      - CHAT_DOMAIN=${CHAT_DOMAIN}
      - NGROK_AUTH_TOKEN=${NGROK_AUTH_TOKEN}
    networks:
      - appnet
  registry:
    # internal registry
    deploy:
      placement:
        constraints: [node.labels.com.sigyl.git-stack == yes]
      replicas: 1
      restart_policy:
        condition: any
    image: registry:2
    volumes:
      - registry-data:/var/lib/registry
    environment:
      - REGISTRY_HTTP_ADDR=0.0.0.0:5000
      - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert"
      - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key"
    networks:
      - appnet
    secrets:
      - registry-cert
      - registry-key
    ports:
      - 5003:5000
  registry-cache:
    # registry cache (used?)
    deploy:
      placement:
        constraints: [node.labels.com.sigyl.git-stack == yes]
      replicas: 1
      restart_policy:
        condition: any
    image: registry:2
    ports:
      - 5002:5001
    volumes:
      - registry-cache-data:/var/lib/registry
    environment:
      - REGISTRY_HTTP_ADDR=0.0.0.0:5001
      - REGISTRY_HTTP_TLS_CERTIFICATE="/run/secrets/registry-cert"
      - REGISTRY_HTTP_TLS_KEY="/run/secrets/registry-key"
      - REGISTRY_PROXY_REMOTEURL=http://registry-1.docker.io
    networks:
      - appnet
    secrets:
      - registry-cert
      - registry-key  
  registry-1:
    deploy:
      placement:
        constraints: [node.labels.com.sigyl.git-stack == yes]
      replicas: 1
      restart_policy:
        condition: any
    image: registry:2
    volumes:
      - registry-data:/var/lib/registry
    environment:
      - REGISTRY_HTTP_ADDR=0.0.0.0:5000
    networks:
      - appnet
      - externalnet
volumes:
  letsencrypt-git:
  letsencrypt-drone:
  registry-data:
  registry-cache-data:

networks:
  appnet:
    driver: overlay
    #external: true
  externalnet:
    driver: overlay
    external: true
secrets:
  'registry-cert':
    file: .certificates/registry.crt
  'registry-key':
    file: .certificates/registry.key