Datenschutzcenter/Docker-Compose
2
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request 'add https version of docker compose' (!3) from feature/env_version into main

Browse source 
Reviewed-on: #3
Reviewed-by: emanuel.holzmann <emanuel.holzmann@noreply.localhost>
This commit is contained in:
emanuel.holzmann 2025-01-08 10:27:48 +01:00
commit 9cae7a300b
2 changed files with 19 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.docker-compose.http.yml
View file

@ -54,6 +54,7 @@ services:
depends_on: depends_on:
db-odc: db-odc:
condition: service_healthy condition: service_healthy
restart: unless-stopped
env_file: env_file:
- ./.env.local - ./.env.local
- ./.env.custom - ./.env.custom

72
.docker-compose.https.yml
View file

@ -8,34 +8,17 @@ services:
- "--log.level=DEBUG" - "--log.level=DEBUG"
- "--api.insecure=true" - "--api.insecure=true"
- "--providers.docker=true" - "--providers.docker=true"
- "--api.dashboard=true"
- "--providers.docker.exposedbydefault=false" - "--providers.docker.exposedbydefault=false"
- "--entrypoints.unsecure.address=:80"
- "--entrypoints.web.address=:80"
# Global HTTPS # Global HTTPS
# - "--entrypoints.web.address=:443" - "--entrypoints.web.address=:443"
# - "--entrypoints.unsecure.http.redirections.entryPoint.to=web" - "--entrypoints.unsecure.http.redirections.entryPoint.to=web"
# - "--entrypoints.unsecure.http.redirections.entryPoint.scheme=https" - "--entrypoints.unsecure.http.redirections.entryPoint.scheme=https"
# SSL configuration # SSL configuration
# - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
# - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=unsecure" - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=unsecure"
# - "--certificatesresolvers.letsencrypt.acme.email=${registerEmailAdress}" - "--certificatesresolvers.letsencrypt.acme.email=webmaster@odc-master.de"
# - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
labels:
- "traefik.enable=true"
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=unsecure"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
# - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.traefik-odc.rule=Host(`traefik.<clientUrl>`)"
- "traefik.http.routers.traefik-odc.entrypoints=web"
- "traefik.http.routers.traefik-odc.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik-odc.service=api@internal"
- "traefik.http.routers.traefik-odc.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/" # test:test
ports: ports:
- "80:80" - "80:80"
@ -52,26 +35,16 @@ services:
db-odc: db-odc:
condition: service_healthy condition: service_healthy
restart: unless-stopped restart: unless-stopped
env_file:
environment: - ./.env.local
DATABASE_URL: mysql://odc:<odcMySqlPw>@db-odc:3306/odc - ./.env.custom
OAUTH_KEYCLOAK_CLIENT_ID: opendatenschutzcenter
OAUTH_KEYCLOAK_CLIENT_SECRET: <clientsecret>
OAUTH_KEYCLOAK_SERVER: '<httpMethod>://<clientUrl>/keycloak'
OAUTH_KEYCLOAK_REALM: opendatenschutzcenter
MAILER_DSN: 'null://null'
laF_version: 3.0.4
demo_installation: demo
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
#- "traefik.http.routers.app-odc.tls=true"
- "traefik.http.routers.app-odc.rule=Host(`<clientUrl>`)" - "traefik.http.routers.app-odc.rule=Host(`<clientUrl>`)"
- "traefik.http.routers.app-odc.entrypoints=web" - "traefik.http.routers.app-odc.entrypoints=web"
- "traefik.http.services.app-odc.loadbalancer.server.port=8080" - "traefik.http.services.app-odc.loadbalancer.server.port=8080"
#- "traefik.http.routers.app-odc.tls.certresolver=letsencrypt" - "traefik.http.routers.app-odc.tls=true"
- "traefik.http.services.app-odc.loadbalancer.sticky=true" - "traefik.http.routers.app-odc.tls.certresolver=letsencrypt"
- "traefik.http.services.app-odc.loadbalancer.sticky.cookie.name=odc"
- "traefik.http.services.app-odc.loadbalancer.sticky.cookie.secure=true"
extra_hosts: extra_hosts:
- "<clientUrl>:<hostIp>" - "<clientUrl>:<hostIp>"
volumes: volumes:
@ -98,32 +71,23 @@ services:
depends_on: depends_on:
app-odc: app-odc:
condition: service_healthy condition: service_healthy
environment: restart: unless-stopped
KEYCLOAK_ADMIN: admin env_file:
KEYCLOAK_ADMIN_PASSWORD: <keycloakAdminPw> - ./.env.local
KC_DB: mariadb - ./.env.custom
KC_DB_PASSWORD: <keycloak-pw>
KC_DB_URL: jdbc:mariadb://db-odc:3306/keycloak
KC_DB_USERNAME: keycloak
KC_HOSTNAME_URL: <httpMethod>://<clientUrl>/keycloak
KC_HOSTNAME_PATH: <httpMethod>://<clientUrl>/keycloak
KC_HOSTNAME_ADMIN_URL: <httpMethod>://<clientUrl>/keycloak
KC_HTTP_RELATIVE_PATH: /keycloak
KC_PROXY: passthrough
command: command:
- start-dev - start-dev
- --import-realm - --import-realm
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.keycloak-odc.tls=true"
- "traefik.http.routers.keycloak-odc.rule=Host(`<clientUrl>`) && PathPrefix(`/keycloak`)" - "traefik.http.routers.keycloak-odc.rule=Host(`<clientUrl>`) && PathPrefix(`/keycloak`)"
- "traefik.http.routers.keycloak-odc.entrypoints=web" - "traefik.http.routers.keycloak-odc.entrypoints=web"
- "traefik.http.services.keycloak-odc.loadbalancer.server.port=8080" - "traefik.http.services.keycloak-odc.loadbalancer.server.port=8080"
- "traefik.http.routers.keycloak-odc.tls=true"
- "traefik.http.routers.keycloak-odc.tls.certresolver=letsencrypt" - "traefik.http.routers.keycloak-odc.tls.certresolver=letsencrypt"
volumes: volumes:
- ./keycloak/:/opt/keycloak/data/import - ./keycloak/:/opt/keycloak/data/import
volumes: volumes:
mariadb: mariadb:
datenschutzcenter_uploads: datenschutzcenter_uploads: