-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.prod.yaml
134 lines (119 loc) · 4.74 KB
/
docker-compose.prod.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# Production arguments passed to both containers
x-prod-args: &prod-args
# Port that both servers will run production on
PRODUCTION_PORT: &prod-port 80
PORT: *prod-port # Duplicate this under the name that the env variable will expect. Build args will override as necessary
x-db-info: &db-args
POSTGRES_PASSWORD: U0nKETliEolGjEB180Y7
POSTGRES_USER: postgres
POSTGRES_DB: postgres
# Port and URL for the DB
x-db-loc: &db-loc
POSTGRES_CONTAINER: team-o-prod.cnmewas0cs1z.us-east-2.rds.amazonaws.com
POSTGRES_PORT: &pg-port "5432"
# The environment variables will expect this to already be formed, build args will override it
POSTGRES_URL: "postgresql://postgres:U0nKETliEolGjEB180Y7@team-o-prod.cnmewas0cs1z.us-east-2.rds.amazonaws.com:5432/postgres?schema=public"
# Health check for all processes
x-health-check: &health-check
interval: 30s
timeout: 30s
retries: 3
# Running containers
services:
# Traefik container, used for production routing. ALL requests will automatically be routed through here
# (hence why this is the only service with a "ports") to their appropriate destination based on the routing rules
traefik:
image: traefik:latest
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
# This is what will actually be used
- "--entrypoints.websecure.address=:443"
# Expose the standard HTTP port, have it automatically redirect to https
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
# Auto-certificate generation parameters
- "--certificatesresolvers.letsencrypt.acme.storage=acme.json"
# Used during resolution
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
# Everything enters through Traefik, so this exposes the environment
ports:
- "80:80"
- "443:443"
# Traefik requirement
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
# Mount the certificate, so that we don't try to renew the cert every time we start up
- acme_cert:/etc/traefik/acme
restart: always
depends_on:
frontend:
condition: service_healthy
backend:
condition: service_healthy
# Frontend (UI)
frontend:
# This is the exposed production port, so that Traefik routing can access it
expose:
- *prod-port
# Use the standard Dockerfile
# Environment allows this to work with prebuilt images
environment:
<<: *prod-args
build:
# Taken from our github repo
context: .
args:
<<: *prod-args
# Use the prod-frontend stage
target: prod-frontend
# Traefik labels
labels:
- "traefik.enable=true"
# The 443 entrypoint is the actual site
- "traefik.http.routers.frontend-https.entrypoints=websecure"
- "traefik.http.routers.frontend-https.rule=Host(`brighamwomens.com`)"
- "traefik.http.routers.frontend-https.tls=true"
# Despite the "loadbalancer" naming, this just describes what port this container exposes
- "traefik.http.services.frontend-https.loadbalancer.server.port=80"
image: gorbunovd/softeng-team-o:frontend
restart: always
healthcheck:
*health-check
# Backend (API)
backend:
# This is the exposed production port, so that Traefik routing can access it
expose:
- *prod-port
# Use the standard Dockerfile
# Environment allows this to work with prebuilt images
environment:
# Ignore the warnings, this just merges those three
<<: [ *prod-args, *db-args, *db-loc ]
build:
# Taken from our github repo
context: .
args:
# Ignore the warnings, this just merges those three
<<: [*prod-args, *db-args, *db-loc]
# This time, build the backend
target: prod-backend
# This is the same as above, except everywhere that it said frontend is now backend, and
# it requires the /api prefix on everything
labels:
- "traefik.enable=true"
# The 443 entrypoint is the actual site
- "traefik.http.routers.backend-https.entrypoints=websecure"
- "traefik.http.routers.backend-https.rule=Host(`brighamwomens.com`) && PathPrefix(`/api`)"
- "traefik.http.routers.backend-https.tls=true"
# Despite the "loadbalancer" naming, this just describes what port this container exposes
- "traefik.http.services.backend-https.loadbalancer.server.port=80"
image: gorbunovd/softeng-team-o:backend
restart: always
healthcheck:
*health-check
volumes:
acme_cert: