-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
119 lines (113 loc) · 4.37 KB
/
docker-compose.yml
File metadata and controls
119 lines (113 loc) · 4.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
services:
idhub:
restart: ${DOCKER_RESTART_POLICY:-unless-stopped}
init: true
image: ghcr.io/ereuse/idhub:${IDHUB_DOCKER_TAG:-stable}
build:
context: .
dockerfile: docker/idhub.Dockerfile
environment:
- DOMAIN=${IDHUB_DOMAIN:-localhost}
- ALLOWED_HOSTS=${IDHUB_ALLOWED_HOSTS:-$IDHUB_DOMAIN}
- DEBUG=${IDHUB_DEBUG:-true}
- DEMO=${IDHUB_DEMO:-true}
- DEMO_AUTODECRYPT=${IDHUB_DEMO_AUTODECRYPT:-false}
- DEMO_CREATE_SCHEMAS=${IDHUB_DEMO_CREATE_SCHEMAS:-true}
- REMOVE_DATA=${IDHUB_REMOVE_DATA:-false}
- DB_TYPE=${IDHUB_DB_TYPE:-postgres}
- CREATE_TEST_USERS=${IDHUB_CREATE_TEST_USERS:-true}
- INIT_ADMIN_EMAIL=${IDHUB_INIT_ADMIN_EMAIL}
- INIT_ADMIN_PASSWORD=${IDHUB_INIT_ADMIN_PASSWORD}
- INIT_ORG=${IDHUB_INIT_ORG}
- POLICY_PRIVACY=${IDHUB_POLICY_PRIVACY}
- POLICY_LEGAL=${IDHUB_POLICY_LEGAL}
- POLICY_COOKIES=${IDHUB_POLICY_COOKIES}
- ENABLE_EMAIL=${IDHUB_ENABLE_EMAIL:-true}
- ENABLE_2FACTOR_AUTH=${IDHUB_ENABLE_2FACTOR_AUTH:-true}
- ENABLE_DOMAIN_CHECKER=${IDHUB_ENABLE_DOMAIN_CHECKER:-true}
- DEMO_PREDEFINED_TOKEN=${DEMO_IDHUB_PREDEFINED_TOKEN:-}
- SECRET_KEY=${IDHUB_SECRET_KEY}
- MEDIA_URL=${IDHUB_MEDIA_URL:-/media/}
- MEDIA_ROOT=${IDHUB_MEDIA_ROOT:-/media/}
- STATIC_URL=${IDHUB_STATIC_URL:-/static/}
- STATIC_ROOT=${IDHUB_STATIC_ROOT:-/static/}
- PORT=${IDHUB_PORT:-9001}
- DEFAULT_FROM_EMAIL=${IDHUB_DEFAULT_FROM_EMAIL}
- EMAIL_HOST=${IDHUB_EMAIL_HOST}
- EMAIL_HOST_USER=${IDHUB_EMAIL_HOST_USER}
- EMAIL_HOST_PASSWORD=${IDHUB_EMAIL_HOST_PASSWORD}
- EMAIL_PORT=${IDHUB_EMAIL_PORT}
- EMAIL_USE_TLS=${IDHUB_EMAIL_USE_TLS}
- EMAIL_BACKEND=${IDHUB_EMAIL_BACKEND}
- SUPPORTED_CREDENTIALS=${IDHUB_SUPPORTED_CREDENTIALS:-}
- SYNC_ORG_DEV=${IDHUB_SYNC_ORG_DEV}
- DB_PORT=${IDHUB_POSTGRES_PORT:-5432}
- DB_HOST=${IDHUB_POSTGRES_HOST:-idhub-postgres}
- DB_NAME=${IDHUB_POSTGRES_NAME}
- DB_USER=${IDHUB_POSTGRES_USER}
- DB_PASSWORD=${IDHUB_POSTGRES_PASSWORD}
- TIME_ZONE=${IDHUB_TIME_ZONE}
- DPP=${IDHUB_DPP:-false}
ports:
- ${IDHUB_PORT:-9001}:${IDHUB_PORT:-9001}
# TODO review volumes
volumes:
- ${IDHUB_VOLUME:-.}:/opt/idhub
- ${IDHUB_ROOT_DIR}/${IDHUB_DOCKER_DIR}/${IDHUB_DOMAIN}/idhub-postgres:/idhub-postgres
- ${DOCKER_IDHUB_STATIC_ROOT}:${IDHUB_STATIC_ROOT:-/static/}
- ${DOCKER_IDHUB_MEDIA_ROOT}:${IDHUB_MEDIA_ROOT:-/media/}
idhub-postgres:
profiles: [postgres]
restart: ${DOCKER_RESTART_POLICY:-unless-stopped}
# src https://github.com/docker-library/postgres
image: postgres:17
environment:
- POSTGRES_DB=${IDHUB_POSTGRES_NAME}
- POSTGRES_USER=${IDHUB_POSTGRES_USER}
- POSTGRES_PASSWORD=${IDHUB_POSTGRES_PASSWORD}
volumes:
- ${IDHUB_ROOT_DIR}/${IDHUB_DOCKER_DIR}/${IDHUB_DOMAIN}/idhub-postgres:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${IDHUB_POSTGRES_USER} -d ${IDHUB_POSTGRES_NAME}"]
start_period: 1s
interval: 1s
timeout: 10s
retries: 10
idhub-rproxy:
restart: ${DOCKER_RESTART_POLICY:-unless-stopped}
profiles: [rproxy]
image: ghcr.io/ereuse/idhub-rproxy:${IDHUB_DOCKER_TAG:-stable}
build:
context: .
dockerfile: ./docker/nginx.Dockerfile
environment:
- WEBSERVER_HOST=${IDHUB_DOMAIN}
- APP_HOST=idhub:${IDHUB_PORT}
- FAKE_HTTP_CERT=${IDHUB_FAKE_HTTP_CERT}
ports:
- "80:80"
- "443:443"
volumes:
- type: bind
source: docker/nginx/app.template
target: /etc/nginx/conf.d/app.template
# TODO static nginx files
#- static:/path/to/static/files:ro
- certbot-www:/var/www/certbot
- ${IDHUB_ROOT_DIR}/${IDHUB_DOCKER_DIR}/${IDHUB_DOMAIN}/certbot/conf:/etc/letsencrypt
depends_on:
- idhub
certbot:
restart: ${DOCKER_RESTART_POLICY:-unless-stopped}
profiles: [letsencrypt]
container_name: certbot
image: certbot/certbot
volumes:
# TODO IDHUB_DOMAIN?
- ${IDHUB_ROOT_DIR}/${IDHUB_DOCKER_DIR}/${IDHUB_DOMAIN}/certbot/conf:/etc/letsencrypt
- certbot-www:/var/www/certbot
entrypoint: /bin/sh -c "trap exit TERM; while true; do certbot renew --webroot -w /var/www/certbot; sleep 12h & wait $${!}; done;"
depends_on:
- idhub-rproxy
volumes:
certbot-www: