# # Use this configuration to deploy the project on a server. # # This configuration builds the frontend and backend services as Docker images, # and uses the paths for the services, instead of ports, and enables SSL. # services: web: build: context: . dockerfile: frontend/Dockerfile restart: unless-stopped networks: - dwengo-1 labels: - 'traefik.enable=true' - 'traefik.http.routers.web.rule=PathPrefix(`/`)' - 'traefik.http.services.web.loadbalancer.server.port=8080' api: build: context: . dockerfile: backend/Dockerfile restart: unless-stopped volumes: # TODO Replace with environment keys - ./backend/.env:/app/dwengo/backend/.env depends_on: - db - logging networks: - dwengo-1 labels: - 'traefik.enable=true' - 'traefik.http.routers.api.rule=PathPrefix(`/api`)' - 'traefik.http.services.api.loadbalancer.server.port=3000' db: extends: file: ./compose.yml service: db networks: - dwengo-1 keycloak-db: image: postgres:latest ports: - '5442:5432' # Port number 10 higher than normal postgres ports restart: unless-stopped volumes: - dwengo_postgres_keycloak:/var/lib/postgresql/keycloak environment: POSTGRES_USER: keycloak POSTGRES_PASSWORD: ChangeMe POSTGRES_DB: keycloak networks: - dwengo-1 idp: extends: file: ./compose.yml service: idp command: ['start', '--http-port', '7080', '--https-port', '7443', '--import-realm'] networks: - dwengo-1 labels: - 'traefik.enable=true' - 'traefik.http.routers.idp.rule=PathPrefix(`/idp`)' - 'traefik.http.services.idp.loadbalancer.server.port=7080' depends_on: - keycloak-db volumes: - /etc/keycloak:/keycloak env_file: - ./config/idp/.env environment: KC_HOSTNAME: 'sel2-1.ugent.be' PROXY_ADDRESS_FORWARDING: 'true' KC_PROXY_HEADERS: 'xforwarded' KC_HTTP_ENABLED: 'true' KC_HTTP_RELATIVE_PATH: '/idp' KC_HTTPS_CERTIFICATE_FILE: '/keycloak/cert.pem' KC_HTTPS_CERTIFICATE_KEY_FILE: '/keycloak/key.pem' KC_HTTP_MAX_QUEUED_REQUESTS: 30 # Prevent overload situations by limiting number of requests KC_DB: 'postgres' KC_DB_USERNAME: 'keycloak' KC_DB_PASSWORD: 'ChangeMe' KC_DB_URL: 'jdbc:postgresql://keycloak-db:5432/keycloak' reverse-proxy: image: traefik:v3.3 ports: - '80:80/tcp' - '443:443/tcp' command: # Enable web UI - '--api=true' # Add Docker provider - '--providers.docker=true' - '--providers.docker.exposedbydefault=false' # Add web entrypoint - '--entrypoints.web.address=:80/tcp' - '--entrypoints.web.http.redirections.entryPoint.to=websecure' - '--entrypoints.web.http.redirections.entryPoint.scheme=https' # Add websecure entrypoint - '--entrypoints.websecure.address=:443/tcp' - '--entrypoints.websecure.http.tls=true' - '--entrypoints.websecure.http.tls.certResolver=letsencrypt' - '--entrypoints.websecure.http.tls.domains[0].main=sel2-1.ugent.be' # Certificates - '--certificatesresolvers.letsencrypt.acme.httpchallenge=true' - '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web' - '--certificatesresolvers.letsencrypt.acme.email=timo.demeyst@ugent.be' - '--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json' labels: # BasicAuth middleware # To create a user:password pair, the following command can be used: # echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g - 'traefik.http.middlewares.protected-sub-path.basicauth.users=dwengo.org:$$apr1$$FdALqAjI$$7ZhPq0I/qEQ6k3OYqxJKZ1' # Proxying - 'traefik.enable=true' - 'traefik.http.routers.proxy.middlewares=protected-sub-path' - 'traefik.http.routers.proxy.service=api@internal' - 'traefik.http.routers.proxy.rule=PathPrefix(`/proxy`)' - 'traefik.http.services.proxy.loadbalancer.server.port=8080' restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - dwengo_letsencrypt:/letsencrypt networks: - dwengo-1 logging: image: grafana/loki:latest ports: - '9001:3102' - '9095:9095' command: -config.file=/etc/loki/config.yaml restart: unless-stopped volumes: - ./config/loki/config.yml:/etc/loki/config.yaml - dwengo_loki_data:/loki networks: - dwengo-1 dashboards: image: grafana/grafana:latest labels: - 'traefik.enable=true' - 'traefik.http.routers.graphs.rule=PathPrefix(`/graphs`)' - 'traefik.http.services.graphs.loadbalancer.server.port=3000' restart: unless-stopped volumes: - dwengo_grafana_data:/var/lib/grafana caching: image: memcached restart: always ports: - '11211:11211' command: - --conn-limit=1024 - --memory-limit=2048 - -I 128m - --threads=4 volumes: dwengo_grafana_data: dwengo_letsencrypt: dwengo_loki_data: dwengo_postgres_keycloak: networks: dwengo-1: