docker-compose-apps.yaml
310 lines
| 9.7 KiB
| text/x-yaml
|
YamlLexer
r23 | ||||
x-logging: &custom-logging | ||||
r47 | # docker plugin install grafana/loki-docker-driver:2.7.1 --alias loki --grant-all-permissions | |||
r23 | # NOTE: loki logging driver ONLY works for host type networks... | |||
driver: loki | ||||
options: | ||||
r57 | #loki-url: "http://${RC_LOKI_AUTH}loki:3100/loki/api/v1/push" | |||
loki-url: "http://${RC_LOKI_AUTH}127.0.0.1:3100/loki/api/v1/push" | ||||
r23 | loki-retries: "5" | |||
loki-timeout: "1s" | ||||
loki-max-backoff: "800ms" | ||||
services: | ||||
r169 | # base shared options for RhodeCode type services | |||
common_base: | ||||
r27 | image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:-4.28.0} | |||
r23 | stdin_open: true | |||
tty: true | ||||
restart: always | ||||
r169 | deploy: | |||
# override this in .custom/docker-compose-apps.override.yaml to scale up | ||||
replicas: 0 | ||||
networks: | ||||
- rhodecode_network | ||||
extra_hosts: | ||||
- "host.docker.internal:host-gateway" | ||||
volumes: | ||||
- confvolume:/etc/rhodecode/conf | ||||
- rc_reposvolume:/var/opt/rhodecode_repo_store | ||||
- rc_datavolume:/var/opt/rhodecode_data | ||||
logging: | ||||
*custom-logging | ||||
# base definition WITHOUT labels to full control over override and custom service | ||||
# main rhodecode will use extends + service from that base | ||||
rhodecode_base: | ||||
extends: | ||||
service: common_base | ||||
r40 | env_file: | |||
- ${RC_ENV_FILE:?must-specify-rc-env-file} | ||||
r169 | ||||
r23 | command: [ | |||
"/usr/local/bin/rhodecode_bin/bin/gunicorn", | ||||
"--error-logfile=-", | ||||
r49 | "--paster=/etc/rhodecode/conf/rhodecode.ini", | |||
r24 | "--config=/etc/rhodecode/conf/gunicorn_conf_rc.py" | |||
r23 | ] | |||
build: | ||||
context: . | ||||
r289 | dockerfile: service/rhodecode/rhodecode_5.dockerfile | |||
r23 | args: | |||
r223 | TZ: ${TZ:-UTC} | |||
r27 | RHODECODE_VERSION: ${RC_VERSION:-4.28.0} | |||
r23 | RHODECODE_DB: postgresql://rhodecode:${DB_PASSWORD:?must-specify-db-password}@database/${DB_NAME:?must-specify-db-name} | |||
RHODECODE_USER_NAME: ${RHODECODE_USER_NAME} | ||||
RHODECODE_USER_PASS: ${RHODECODE_USER_PASS} | ||||
RHODECODE_USER_EMAIL: ${RHODECODE_USER_EMAIL} | ||||
environment: | ||||
RC_APP_TYPE: rhodecode_http | ||||
RC_APP_PROC: 1 | ||||
r167 | RC_APP_PORT: "10020" | |||
r23 | SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt" | |||
REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt" | ||||
GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt" | ||||
GEVENT_RESOLVER: "ares" | ||||
r223 | GUNICORN_CMD_ARGS: "--bind=0.0.0.0:10020 --name=gunicorn-rhodecode-1 --workers=2" | |||
r23 | ||||
DB_UPGRADE: 1 # run the DB upgrade | ||||
SETUP_APP: 1 # run the application default settings setup, can be turned off after initial run | ||||
#FORCE_DB_INIT_FILE: 1 # force the database init, warning: destroys old DB | ||||
#FORCE_RC_SETUP_APP: 1 # force running setup scripts for configuration/license application | ||||
r49 | MAIN_INI_PATH: /etc/rhodecode/conf/rhodecode.ini | |||
r23 | ||||
# SVN Specific | ||||
MOD_DAV_SVN_PORT: 8090 | ||||
r281 | MOD_DAV_SVN_LOG_LEVEL: info | |||
r81 | APACHE_LOG_DIR: /var/log | |||
r23 | MOD_DAV_SVN_CONF_FILE: /etc/rhodecode/conf/svn/mod_dav_svn.conf | |||
healthcheck: | ||||
r167 | test: curl -A RhodeCode-Healthcheck -s -o /dev/null -w '%{http_code}' http://127.0.0.1:$${RC_APP_PORT}/_admin/ops/ping | |||
r346 | # requires docker engine 25 | |||
#start_period: 2m | ||||
#start_interval: 5s | ||||
r23 | interval: 60s | |||
r346 | timeout: 30s | |||
r23 | retries: 10 | |||
tmpfs: | ||||
r104 | - /data_ramdisk:size=${RC_DATA_RAMDISK_SIZE:-256M} | |||
r23 | ||||
r167 | rhodecode: | |||
r169 | # depends_on: | |||
# - redis | ||||
# - database | ||||
r223 | # - channelstream | |||
# ports: | ||||
# - "127.0.0.1::10020" | ||||
extends: | ||||
service: rhodecode_base | ||||
r233 | ||||
r167 | deploy: | |||
# override this in .custom/docker-compose-apps.override.yaml to scale up | ||||
r221 | # replicas of rhodecode and vcsserver should be equal in most cases | |||
r167 | replicas: 1 | |||
r223 | ||||
r233 | volumes: | |||
- ./.custom/static_files:/var/opt/rhodecode_static_data | ||||
r23 | labels: | |||
r65 | - "autoheal=true" | |||
r24 | - "traefik.enable=true" | |||
- "traefik.http.routers.rhodecode.entrypoints=http" | ||||
r73 | - "traefik.http.routers.rhodecode.priority=10" | |||
r33 | - "traefik.http.routers.rhodecode.rule=Host(`${RC_HOSTNAME:?must-specify-rhodecode-hostname}`)" | |||
r42 | - "traefik.http.routers.rhodecode.service=rhodecode-web" | |||
- "traefik.http.services.rhodecode-web.loadbalancer.server.port=10020" | ||||
r73 | # HTTP + SSL example, should be put into .custom/docker-compose-apps.override.yaml | |||
#- "traefik.http.routers.rhodecode.entrypoints=http,https" | ||||
r23 | ||||
vcsserver: | ||||
r169 | # depends_on: | |||
# - redis | ||||
r223 | # ports: | |||
# - "127.0.0.1::10010" | ||||
extends: | ||||
service: common_base | ||||
r40 | env_file: | |||
- ${RC_ENV_FILE:?must-specify-rc-env-file} | ||||
r23 | command: [ | |||
r172 | "/usr/local/bin/rhodecode_bin/vcs_bin/gunicorn", | |||
r23 | "--error-logfile=-", | |||
r49 | "--paster=/etc/rhodecode/conf/vcsserver.ini", | |||
r23 | "--config=/etc/rhodecode/conf/gunicorn_conf_vcs.py" | |||
] | ||||
r24 | deploy: | |||
# override this in .custom/docker-compose-apps.override.yaml to scale up | ||||
r221 | # replicas of rhodecode and vcsserver should be equal in most cases | |||
r24 | replicas: 1 | |||
r23 | environment: | |||
RC_APP_TYPE: rhodecode_vcsserver | ||||
RC_APP_PROC: 1 | ||||
r167 | RC_APP_PORT: "10010" | |||
r49 | MAIN_INI_PATH: /etc/rhodecode/conf/vcsserver.ini | |||
r23 | SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt" | |||
REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt" | ||||
GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt" | ||||
r223 | GUNICORN_CMD_ARGS: "--bind=0.0.0.0:10010 --name=gunicorn-vcsserver-1 --workers=3" | |||
r167 | healthcheck: | |||
test: curl -A RhodeCode-Healthcheck -s -o /dev/null -w '%{http_code}' http://127.0.0.1:$${RC_APP_PORT}/status | ||||
timeout: 30s | ||||
start_period: 5s | ||||
interval: 60s | ||||
retries: 10 | ||||
r65 | labels: | |||
- "autoheal=true" | ||||
r23 | celery: | |||
r169 | extends: | |||
service: common_base | ||||
# depends_on: | ||||
# - database | ||||
# - redis | ||||
r40 | env_file: | |||
- ${RC_ENV_FILE:?must-specify-rc-env-file} | ||||
r23 | command: [ | |||
"/usr/local/bin/rhodecode_bin/bin/celery", | ||||
r223 | "--no-color", | |||
"--app=rhodecode.lib.celerylib.loader", | ||||
r23 | "worker", | |||
r398 | "--autoscale=10,2", | |||
"--max-tasks-per-child=150", | ||||
r394 | "--hostname=rc-celery-worker@%h", | |||
r154 | "--task-events", | |||
r23 | "--loglevel=DEBUG", | |||
r49 | "--ini=/etc/rhodecode/conf/rhodecode.ini" | |||
r23 | ] | |||
r169 | deploy: | |||
# override this in .custom/docker-compose-apps.override.yaml to scale up | ||||
replicas: 1 | ||||
r23 | environment: | |||
RC_APP_TYPE: rhodecode_celery | ||||
RC_APP_PROC: 1 | ||||
r49 | MAIN_INI_PATH: /etc/rhodecode/conf/rhodecode.ini | |||
r23 | SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt" | |||
REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt" | ||||
GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt" | ||||
r169 | labels: | |||
- "autoheal=true" | ||||
r23 | ||||
r169 | celery-beat: | |||
extends: | ||||
service: common_base | ||||
r23 | # depends_on: | |||
# - database | ||||
# - redis | ||||
r40 | env_file: | |||
- ${RC_ENV_FILE:?must-specify-rc-env-file} | ||||
r23 | command: [ | |||
"/usr/local/bin/rhodecode_bin/bin/celery", | ||||
"--no-color", | ||||
"--app=rhodecode.lib.celerylib.loader", | ||||
r223 | "beat", | |||
r23 | "--scheduler=rhodecode.lib.celerylib.scheduler.RcScheduler", | |||
"--loglevel=DEBUG", | ||||
r49 | "--ini=/etc/rhodecode/conf/rhodecode.ini" | |||
r23 | ] | |||
r169 | deploy: | |||
# override this in .custom/docker-compose-apps.override.yaml to scale up | ||||
replicas: 1 | ||||
r23 | environment: | |||
RC_APP_TYPE: rhodecode_beat | ||||
RC_APP_PROC: 1 | ||||
r49 | MAIN_INI_PATH: /etc/rhodecode/conf/rhodecode.ini | |||
r23 | SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt" | |||
REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt" | ||||
GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt" | ||||
r169 | labels: | |||
- "autoheal=true" | ||||
r23 | ||||
r169 | svn: | |||
extends: | ||||
service: common_base | ||||
r23 | # depends_on: | |||
# - database | ||||
# - redis | ||||
# build: | ||||
# context: . | ||||
# dockerfile: service/svn/rhodecode_svn.dockerfile | ||||
# args: | ||||
# APACHE_VER: 1.3 | ||||
r40 | env_file: | |||
- ${RC_ENV_FILE:?must-specify-rc-env-file} | ||||
r169 | command: [ | |||
r266 | "apachectl", | |||
r169 | "-D", | |||
"FOREGROUND" | ||||
] | ||||
deploy: | ||||
# override this in .custom/docker-compose-apps.override.yaml to scale up | ||||
replicas: 1 | ||||
r23 | environment: | |||
RC_APP_TYPE: rhodecode_svn | ||||
# SVN Specific | ||||
r289 | APACHE_LOG_DIR: /var/log | |||
r23 | MOD_DAV_SVN_PORT: 8090 | |||
r281 | MOD_DAV_SVN_LOG_LEVEL: info | |||
r23 | MOD_DAV_SVN_CONF_FILE: /etc/rhodecode/conf/svn/mod_dav_svn.conf | |||
r289 | # image specific, can be skipped, as the info is stored inside the image | |||
#MOD_DAV_CORE_MODULES_DIR: /home/rhodecode/apache2/modules/ | ||||
#MOD_DAV_SVN_MODULE: /home/rhodecode/apache2/modules/mod_dav.so | ||||
r190 | ||||
r23 | healthcheck: | |||
r167 | test: curl -A RhodeCode-Healthcheck -s -o /dev/null -w '%{http_code}' http://127.0.0.1:$${MOD_DAV_SVN_PORT}/_server_status | |||
r23 | timeout: 30s | |||
interval: 60s | ||||
retries: 10 | ||||
r169 | # ports: | |||
# - "127.0.0.1::8090" | ||||
r65 | labels: | |||
- "autoheal=true" | ||||
r23 | sshd: | |||
r169 | extends: | |||
service: common_base | ||||
# depends_on: | ||||
# - database | ||||
# - redis | ||||
r40 | env_file: | |||
- ${RC_ENV_FILE:?must-specify-rc-env-file} | ||||
r169 | command: [ | |||
"/usr/sbin/sshd", | ||||
"-f", | ||||
"/etc/rhodecode/sshd_config", | ||||
"-D", | ||||
"-e" | ||||
] | ||||
deploy: | ||||
# override this in .custom/docker-compose-apps.override.yaml to scale up | ||||
replicas: 1 | ||||
r23 | environment: | |||
RC_APP_TYPE: rhodecode_sshd | ||||
SSH_BOOTSTRAP: 1 | ||||
r223 | SSH_ENSURE_PERMS: 1 | |||
r65 | healthcheck: | |||
# we call ssh internally, to find permission denied, if SSH is DOWN it would be connection refused | ||||
r337 | test: /usr/bin/ssh -p$${RC_SSH_PORT} -o StrictHostKeyChecking=no -o PasswordAuthentication=No rhodecode@localhost true 2>&1 | grep -c 'Permission denied' > /dev/null | |||
r65 | timeout: 30s | |||
interval: 60s | ||||
retries: 10 | ||||
r23 | # ports: | |||
r169 | # # 9022 is set from .env file too. | |||
r337 | # - "9022:$RC_SSH_PORT" | |||
r23 | labels: | |||
r65 | - "autoheal=true" | |||
r23 | - "traefik.enable=true" | |||
r111 | - "traefik.tcp.routers.sshd.entrypoints=ssh" | |||
- "traefik.tcp.routers.sshd.rule=HostSNI(`*`)" | ||||
- "traefik.tcp.routers.sshd.service=rhodecode-ssh" | ||||
r337 | - "traefik.tcp.services.rhodecode-ssh.loadbalancer.server.port=${RC_SSH_PORT}" | |||