-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathdocker-compose.yml
109 lines (91 loc) · 3.24 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
version: '3.4'
# See the fully generated file using
# docker-compose config
x-variables:
- &database-environment
MOTUZ_DATABASE_PROTOCOL: # from ./.env
MOTUZ_DATABASE_USER: # from ./.env
MOTUZ_DATABASE_HOST: # from ./.env
MOTUZ_DATABASE_NAME: # from ./.env
MOTUZ_DATABASE_REQUIRE_SSL: # from ./.env
- &smtp-environment
MOTUZ_SMTP_SERVER: # from ./.env
MOTUZ_SMTP_USER: # from ./.env
MOTUZ_SMTP_REQUIRE_SSL: # from ./.env
- &shared-volumes
volumes:
# Using system users for authentication
- /etc/passwd:/etc/passwd:ro
- /etc/group:/etc/group:ro
- /etc/shadow:/etc/shadow:ro
# Authentication:
# passwd/group should be mounted into any container needing to share the user/group IDs
- /var/run/nscd/socket:/var/run/nscd/socket
- /etc/krb5.conf:/etc/krb5.conf
- /etc/pam.d:/etc/pam.d
# Volumes to enable SSSD authentication via PAM in the app container sharing configuration on
# host to support remote authenticaion backends such as Active Directory, LDAP, and FreeIPA
- /var/lib/sss/pipes:/var/lib/sss/pipes
- /var/lib/sss/mc:/var/lib/sss/mc:ro
- /etc/sssd/sssd.conf:/etc/sssd/sssd.conf
# Authentication cannot mount individual files, because the mapping is
# based on the inode
- /etc:/etc:ro
secrets:
MOTUZ_DATABASE_PASSWORD:
file: ${MOTUZ_DOCKER_ROOT:-/docker}/secrets/MOTUZ_DATABASE_PASSWORD
MOTUZ_FLASK_SECRET_KEY:
file: ${MOTUZ_DOCKER_ROOT:-/docker}/secrets/MOTUZ_FLASK_SECRET_KEY
MOTUZ_SMTP_PASSWORD:
file: ${MOTUZ_DOCKER_ROOT:-/docker}/secrets/MOTUZ_SMTP_PASSWORD
services:
nginx:
container_name: motuz_nginx
image: fredhutch/motuz_nginx:latest
network_mode: host
volumes:
- ${MOTUZ_DOCKER_ROOT:-/docker}/certs:/certs/:ro
ports:
- 443:443
- 80:80
app:
container_name: motuz_app
image: fredhutch/motuz_app:latest
network_mode: host
<<: *shared-volumes
ports:
- 5000:5000
environment:
<<: *database-environment
secrets:
- MOTUZ_DATABASE_PASSWORD
- MOTUZ_FLASK_SECRET_KEY
celery:
container_name: motuz_celery
image: fredhutch/motuz_celery:latest
network_mode: host
<<: *shared-volumes
environment:
<<: *database-environment
<<: *smtp-environment
secrets:
- MOTUZ_DATABASE_PASSWORD
- MOTUZ_FLASK_SECRET_KEY
- MOTUZ_SMTP_PASSWORD
depends_on:
- app # Build dependency
rabbitmq:
container_name: motuz_rabbitmq
image: rabbitmq:3.7.16-alpine
network_mode: host
ports:
- 5672:5672
- 15672:15672
database:
container_name: motuz_database
image: postgres:11.3-alpine
network_mode: host
volumes:
- ${MOTUZ_DOCKER_ROOT:-/docker}/volumes/postgres:/var/lib/postgresql/data
ports:
- 5432:5432