Show More
@@ -0,0 +1,5 b'' | |||||
|
1 | # basic auth for traefik middleware. | |||
|
2 | # format here is <user>:<bcrypt_password> | |||
|
3 | # to generate bcrypt password one can use | |||
|
4 | # curl --verbose --request POST --data "password=XlokiAuth101&cost=10" https://www.toptal.com/developers/bcrypt/api/generate-hash.json | |||
|
5 | loki-auth:$2b$10$U8Cui8cO9ZXehYV.7atv8uPuA6rBVrA.Mxzvt8EsdheztkyXZagv6 |
@@ -0,0 +1,30 b'' | |||||
|
1 | ||||
|
2 | ## Setting up the middleware for redirect to https ## | |||
|
3 | ## This is mounted in /etc/traefik_dynamic dir | |||
|
4 | ||||
|
5 | http: | |||
|
6 | ||||
|
7 | middlewares: | |||
|
8 | ||||
|
9 | https-redirect: | |||
|
10 | redirectScheme: | |||
|
11 | scheme: https | |||
|
12 | # permanent: true | |||
|
13 | ||||
|
14 | middlewares-rate-limit: | |||
|
15 | rateLimit: | |||
|
16 | average: 100 | |||
|
17 | burst: 50 | |||
|
18 | ||||
|
19 | basic-auth: | |||
|
20 | basicAuth: | |||
|
21 | usersfile: /etc/traefik_dynamic/.htpasswd | |||
|
22 | ||||
|
23 | # Dynamic configuration for standard file based SSL cert | |||
|
24 | # create a custom copy of the traefik into .custom/ and remount this | |||
|
25 | # to enable custom certificates | |||
|
26 | #tls: | |||
|
27 | # certificates: | |||
|
28 | # # first certificate | |||
|
29 | # - certFile: /etc/traefik/certs/yourdomain-com.cert | |||
|
30 | # keyFile: /etc/traefik/certs/yourdomain-com.key |
@@ -0,0 +1,18 b'' | |||||
|
1 | TO Enable SSL, uncomment the traefik entrypoints labels in .custom folder docmpose overrides files. | |||
|
2 | ||||
|
3 | Those files are: | |||
|
4 | - docker-compose-apps.override.yaml | |||
|
5 | - docker-compose-metrics.override.yaml | |||
|
6 | - docker-compose-router.override.yaml | |||
|
7 | - docker-compose-services.override.yaml | |||
|
8 | ||||
|
9 | Search for `# Enable http+https endpoints` comment, and uncomment specific | |||
|
10 | label. For example to enable ssl mode for RhodeCode: | |||
|
11 | ||||
|
12 | service: | |||
|
13 | rhodecode: | |||
|
14 | labels: <-- this section was uncommented | |||
|
15 | # Enable http+https endpoints to serve SSL, select just 1 to disable the other | |||
|
16 | - "traefik.http.routers.rhodecode.entrypoints=http,https" | |||
|
17 | ||||
|
18 | Now the service will work on both http and https, to disable plain mode leave only https entrypoint No newline at end of file |
@@ -100,7 +100,7 b' Those are step-by-step installation/run steps.' | |||||
100 |
|
100 | |||
101 | --- |
|
101 | --- | |
102 | CONTAINER ID IMAGE STATUS NAMES PORTS |
|
102 | CONTAINER ID IMAGE STATUS NAMES PORTS | |
103 |
ef54fc528e3a traefik:v2.9.5 Up 19 hours rc_cluster_router-traefik-1 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0: |
|
103 | ef54fc528e3a traefik:v2.9.5 Up 19 hours rc_cluster_router-traefik-1 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 0.0.0.0:9022->9022/tcp, :::9022->9022/tcp | |
104 | f3ea0539e8b0 rhodecode/rhodecode-ee:4.28.0 Up About a minute (healthy) rc_cluster_apps-rhodecode-1 0.0.0.0:10020->10020/tcp, :::10020->10020/tcp |
|
104 | f3ea0539e8b0 rhodecode/rhodecode-ee:4.28.0 Up About a minute (healthy) rc_cluster_apps-rhodecode-1 0.0.0.0:10020->10020/tcp, :::10020->10020/tcp | |
105 | 2be52ba58ffe rhodecode/rhodecode-ee:4.28.0 Up About a minute (healthy) rc_cluster_apps-vcsserver-1 |
|
105 | 2be52ba58ffe rhodecode/rhodecode-ee:4.28.0 Up About a minute (healthy) rc_cluster_apps-vcsserver-1 | |
106 | 7cd730ad3263 rhodecode/rhodecode-ee:4.28.0 Up About a minute rc_cluster_apps-celery-1 |
|
106 | 7cd730ad3263 rhodecode/rhodecode-ee:4.28.0 Up About a minute rc_cluster_apps-celery-1 |
@@ -1,37 +1,3 b'' | |||||
1 | # read more here http://tautt.com/best-nginx-configuration-for-security/ |
|
|||
2 |
|
||||
3 | # config to don't allow the browser to render the page inside an frame or iframe |
|
|||
4 | # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking |
|
|||
5 | # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri |
|
|||
6 | # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options |
|
|||
7 | #add_header X-Frame-Options SAMEORIGIN; |
|
|||
8 |
|
||||
9 | # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, |
|
|||
10 | # to disable content-type sniffing on some browsers. |
|
|||
11 | # https://www.owasp.org/index.php/List_of_useful_HTTP_headers |
|
|||
12 | # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx |
|
|||
13 | # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx |
|
|||
14 | # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 |
|
|||
15 | #add_header X-Content-Type-Options nosniff; |
|
|||
16 |
|
||||
17 | # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. |
|
|||
18 | # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for |
|
|||
19 | # this particular website if it was disabled by the user. |
|
|||
20 | # https://www.owasp.org/index.php/List_of_useful_HTTP_headers |
|
|||
21 | #add_header X-XSS-Protection "1; mode=block"; |
|
|||
22 |
|
||||
23 | # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy), |
|
|||
24 | # you can tell the browser that it can only download content from the domains you explicitly allow |
|
|||
25 | # http://www.html5rocks.com/en/tutorials/security/content-security-policy/ |
|
|||
26 | # https://www.owasp.org/index.php/Content_Security_Policy |
|
|||
27 | # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval' |
|
|||
28 | # directives for css and js(if you have inline css or js, you will need to keep it too). |
|
|||
29 | # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful |
|
|||
30 | #add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; |
|
|||
31 |
|
||||
32 | ## rate limiter for certain pages to prevent brute force attacks |
|
|||
33 | limit_req_zone $binary_remote_addr zone=http_req_limit:10m rate=1r/s; |
|
|||
34 |
|
||||
35 | ## custom log format |
|
1 | ## custom log format | |
36 | log_format http_log_custom '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time $pipe'; |
|
2 | log_format http_log_custom '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time $pipe'; | |
37 |
|
3 | |||
@@ -58,8 +24,8 b' log_format json_log_custom escape=json' | |||||
58 | server { |
|
24 | server { | |
59 | listen 80 default; |
|
25 | listen 80 default; | |
60 | # ensure we get the proper Docker DNS resolver for load balancing. |
|
26 | # ensure we get the proper Docker DNS resolver for load balancing. | |
61 | resolver 127.0.0.11 ipv6=off valid=10s; |
|
27 | resolver 127.0.0.11 ipv6=off valid=10s; | |
62 | server_name localhost 127.0.0.1; |
|
28 | server_name localhost 127.0.0.1; | |
63 | access_log /dev/stdout json_log_custom; |
|
29 | access_log /dev/stdout json_log_custom; | |
64 | error_log /dev/stdout; |
|
30 | error_log /dev/stdout; | |
65 |
|
31 | |||
@@ -89,50 +55,6 b' server {' | |||||
89 | alias /var/opt/rhodecode_data/static; |
|
55 | alias /var/opt/rhodecode_data/static; | |
90 | } |
|
56 | } | |
91 |
|
57 | |||
92 | ## channelstream location handler, if channelstream live chat and notifications |
|
|||
93 | ## are enable this will proxy the requests to channelstream websocket server |
|
|||
94 | set $upstream_channelstream channelstream:8000; |
|
|||
95 | location /_channelstream { |
|
|||
96 | rewrite /_channelstream/(.*) /$1 break; |
|
|||
97 | gzip off; |
|
|||
98 | tcp_nodelay off; |
|
|||
99 |
|
||||
100 | proxy_connect_timeout 10; |
|
|||
101 | proxy_send_timeout 10m; |
|
|||
102 | proxy_read_timeout 10m; |
|
|||
103 |
|
||||
104 | proxy_set_header Host $host; |
|
|||
105 | proxy_set_header Referer $http_referer; |
|
|||
106 | proxy_set_header X-Url-Scheme $scheme; |
|
|||
107 | proxy_set_header X-Real-IP $remote_addr; |
|
|||
108 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
|||
109 | proxy_set_header X-Forwarded-Proto $scheme; |
|
|||
110 |
|
||||
111 | proxy_http_version 1.1; |
|
|||
112 | proxy_set_header Upgrade $http_upgrade; |
|
|||
113 | proxy_set_header Connection "upgrade"; |
|
|||
114 |
|
||||
115 | proxy_pass http://$upstream_channelstream; |
|
|||
116 | proxy_redirect http://$upstream_channelstream/ /_channelstream; |
|
|||
117 | } |
|
|||
118 |
|
||||
119 | # ## rate limit this endpoint to prevent login page brute-force attacks |
|
|||
120 | # location /_admin/login { |
|
|||
121 | # limit_req zone=http_req_limit burst=10 nodelay; |
|
|||
122 | # try_files $uri @rhodecode_http; |
|
|||
123 | # } |
|
|||
124 |
|
||||
125 | # location / { |
|
|||
126 | # include /etc/nginx/proxy.conf; |
|
|||
127 | # try_files $uri @rhodecode_http; |
|
|||
128 | # } |
|
|||
129 | # |
|
|||
130 | # set $upstream http://rhodecode:10020; |
|
|||
131 | # location @rhodecode_http { |
|
|||
132 | # include /etc/nginx/proxy.conf; |
|
|||
133 | # proxy_pass $upstream; |
|
|||
134 | # } |
|
|||
135 |
|
||||
136 | ## Custom 502 error page. |
|
58 | ## Custom 502 error page. | |
137 | ## Will be displayed while RhodeCode server is turned off |
|
59 | ## Will be displayed while RhodeCode server is turned off | |
138 | error_page 502 /502.html; |
|
60 | error_page 502 /502.html; |
@@ -1,14 +1,24 b'' | |||||
1 | ## Static configuration, needs traefik reload |
|
1 | ## Static configuration, needs traefik reload | |
2 |
|
2 | |||
|
3 | global: | |||
|
4 | checkNewVersion: false | |||
|
5 | ||||
|
6 | serversTransport: | |||
|
7 | #this disables SSL certificate verification for legacy own cert services like NextCloud etc | |||
|
8 | insecureSkipVerify: true | |||
|
9 | ||||
3 | entryPoints: |
|
10 | entryPoints: | |
|
11 | ||||
4 | http: |
|
12 | http: | |
5 | address: ":80" |
|
13 | address: ":80" | |
6 |
|
14 | |||
7 | https: |
|
15 | https: | |
8 | address: ":443" |
|
16 | address: ":443" | |
|
17 | http: | |||
|
18 | tls: {} | |||
9 |
|
19 | |||
10 | ssh: |
|
20 | ssh: | |
11 | address: ":${RC_SSH_PORT:?must-specify-ssh-port}" |
|
21 | address: ":9022" | |
12 |
|
22 | |||
13 | loki: |
|
23 | loki: | |
14 | address: ":3100" |
|
24 | address: ":3100" | |
@@ -29,19 +39,12 b' log:' | |||||
29 | metrics: |
|
39 | metrics: | |
30 | prometheus: {} |
|
40 | prometheus: {} | |
31 |
|
41 | |||
32 |
|
||||
33 | providers: |
|
42 | providers: | |
34 | docker: |
|
43 | docker: | |
35 | exposedByDefault: false |
|
44 | exposedByDefault: false | |
36 | swarmMode: false |
|
45 | swarmMode: false | |
37 | endpoint: "unix:///var/run/docker.sock" |
|
46 | endpoint: "unix:///var/run/docker.sock" | |
38 | watch: true |
|
47 | watch: true | |
39 |
|
||||
40 | file: |
|
48 | file: | |
41 |
|
|
49 | directory: "/etc/traefik_dynamic" | |
42 | watch: true |
|
50 | watch: true | |
43 |
|
||||
44 |
|
||||
45 | serversTransport: |
|
|||
46 | #this disables SSL certificate verification for legacy own cert services like NextCloud etc |
|
|||
47 | insecureSkipVerify: true |
|
@@ -96,15 +96,12 b' services:' | |||||
96 | - "autoheal=true" |
|
96 | - "autoheal=true" | |
97 | - "traefik.enable=true" |
|
97 | - "traefik.enable=true" | |
98 | - "traefik.http.routers.rhodecode.entrypoints=http" |
|
98 | - "traefik.http.routers.rhodecode.entrypoints=http" | |
|
99 | - "traefik.http.routers.rhodecode.priority=10" | |||
99 | - "traefik.http.routers.rhodecode.rule=Host(`${RC_HOSTNAME:?must-specify-rhodecode-hostname}`)" |
|
100 | - "traefik.http.routers.rhodecode.rule=Host(`${RC_HOSTNAME:?must-specify-rhodecode-hostname}`)" | |
100 | - "traefik.http.routers.rhodecode.service=rhodecode-web" |
|
101 | - "traefik.http.routers.rhodecode.service=rhodecode-web" | |
101 | - "traefik.http.services.rhodecode-web.loadbalancer.server.port=10020" |
|
102 | - "traefik.http.services.rhodecode-web.loadbalancer.server.port=10020" | |
102 |
# |
|
103 | # HTTP + SSL example, should be put into .custom/docker-compose-apps.override.yaml | |
103 |
#- "traefik.http.routers.rhodecode |
|
104 | #- "traefik.http.routers.rhodecode.entrypoints=http,https" | |
104 | #- "traefik.http.routers.rhodecode-rt.rule=Host(`${RC_HOSTNAME:?must-specify-rhodecode-hostname}`)" |
|
|||
105 | #- "traefik.http.routers.rhodecode-rt.tls=true" |
|
|||
106 | #- "traefik.http.routers.rhodecode-rt.service=rhodecode-ssl" |
|
|||
107 | #- "traefik.http.services.rhodecode-ssl.loadbalancer.server.port=10020" |
|
|||
108 |
|
105 | |||
109 | vcsserver: |
|
106 | vcsserver: | |
110 | networks: |
|
107 | networks: | |
@@ -205,8 +202,6 b' services:' | |||||
205 | logging: |
|
202 | logging: | |
206 | *custom-logging |
|
203 | *custom-logging | |
207 |
|
204 | |||
208 | labels: |
|
|||
209 | - "traefik.enable=false" |
|
|||
210 |
|
205 | |||
211 | celery-beat: |
|
206 | celery-beat: | |
212 | # This service is not scalable |
|
207 | # This service is not scalable | |
@@ -252,8 +247,6 b' services:' | |||||
252 | logging: |
|
247 | logging: | |
253 | *custom-logging |
|
248 | *custom-logging | |
254 |
|
249 | |||
255 | labels: |
|
|||
256 | - "traefik.enable=false" |
|
|||
257 |
|
250 | |||
258 | svn: |
|
251 | svn: | |
259 | networks: |
|
252 | networks: | |
@@ -332,7 +325,7 b' services:' | |||||
332 |
|
325 | |||
333 | # ports: |
|
326 | # ports: | |
334 | # # set from .env file |
|
327 | # # set from .env file | |
335 | # - "${RC_SSH_PORT:?must-specify-ssh-port}:22" |
|
328 | # - "9022:22" | |
336 |
|
329 | |||
337 | volumes: |
|
330 | volumes: | |
338 | - confvolume:/etc/rhodecode/conf |
|
331 | - confvolume:/etc/rhodecode/conf | |
@@ -349,4 +342,4 b' services:' | |||||
349 | - "traefik.http.routers.sshd.entrypoints=ssh" |
|
342 | - "traefik.http.routers.sshd.entrypoints=ssh" | |
350 | - "traefik.http.routers.sshd.rule=Host(`*`)" |
|
343 | - "traefik.http.routers.sshd.rule=Host(`*`)" | |
351 | - "traefik.http.routers.sshd.service=rhodecode-ssh" |
|
344 | - "traefik.http.routers.sshd.service=rhodecode-ssh" | |
352 |
- "traefik.http.services.rhodecode-ssh.loadbalancer.server.port= |
|
345 | - "traefik.http.services.rhodecode-ssh.loadbalancer.server.port=22" |
@@ -94,15 +94,12 b' services:' | |||||
94 | labels: |
|
94 | labels: | |
95 | - "traefik.enable=true" |
|
95 | - "traefik.enable=true" | |
96 | - "traefik.http.routers.grafana.entrypoints=http" |
|
96 | - "traefik.http.routers.grafana.entrypoints=http" | |
97 |
- "traefik.http.routers.grafana. |
|
97 | - "traefik.http.routers.grafana.priority=20" | |
98 | - "traefik.http.routers.grafana.service=grafana-http" |
|
98 | - "traefik.http.routers.grafana.rule=Host(`${RC_HOSTNAME:?must-specify-rhodecode-hostname}`) && PathPrefix(`/_grafana`)" | |
99 |
- "traefik.http. |
|
99 | - "traefik.http.routers.grafana.service=grafana-web" | |
|
100 | - "traefik.http.services.grafana-web.loadbalancer.server.port=3000" | |||
100 | # SSL + proxy prefix example, should be put into .custom/docker-compose-metrics.override.yaml |
|
101 | # SSL + proxy prefix example, should be put into .custom/docker-compose-metrics.override.yaml | |
101 |
#- "traefik.http.routers.grafana |
|
102 | #- "traefik.http.routers.grafana.entrypoints=http,https" | |
102 | #- "traefik.http.routers.grafana-rt.rule=Host(`metrics.example.com`) && PathPrefix(`/_grafana`)" |
|
|||
103 | #- "traefik.http.routers.grafana-rt.tls=true" |
|
|||
104 | #- "traefik.http.routers.grafana-rt.service=grafana-ssl" |
|
|||
105 | #- "traefik.http.services.grafana-ssl.loadbalancer.server.port=3000" |
|
|||
106 |
|
103 | |||
107 | loki: |
|
104 | loki: | |
108 | image: grafana/loki:2.7.1 |
|
105 | image: grafana/loki:2.7.1 | |
@@ -128,8 +125,8 b' services:' | |||||
128 | - "traefik.http.routers.loki.entrypoints=loki" |
|
125 | - "traefik.http.routers.loki.entrypoints=loki" | |
129 | - "traefik.http.routers.loki.rule=PathPrefix(`/`)" |
|
126 | - "traefik.http.routers.loki.rule=PathPrefix(`/`)" | |
130 | - "traefik.http.routers.loki.middlewares=basic-auth@file" |
|
127 | - "traefik.http.routers.loki.middlewares=basic-auth@file" | |
131 |
- "traefik.http.routers.loki.service=loki- |
|
128 | - "traefik.http.routers.loki.service=loki-web" | |
132 |
- "traefik.http.services.loki- |
|
129 | - "traefik.http.services.loki-web.loadbalancer.server.port=3100" | |
133 |
|
130 | |||
134 | promtail: |
|
131 | promtail: | |
135 | image: grafana/promtail:2.7.1 |
|
132 | image: grafana/promtail:2.7.1 |
@@ -23,14 +23,15 b' services:' | |||||
23 | - "80:80" |
|
23 | - "80:80" | |
24 | # The HTTPS port, exposed as https entrypoint |
|
24 | # The HTTPS port, exposed as https entrypoint | |
25 | - "443:443" |
|
25 | - "443:443" | |
26 |
# The loki port, exposed as |
|
26 | # The loki port, exposed as loki entrypoint behind auth | |
27 | - "3100:3100" |
|
27 | - "3100:3100" | |
28 | # The SSH port |
|
28 | # The SSH port exposed as sshd entrypoint, default 9022 | |
29 | - "${RC_SSH_PORT}:${RC_SSH_PORT}" |
|
29 | - "${RC_SSH_PORT:-9022}:${RC_SSH_PORT:-9022}" | |
30 | volumes: |
|
30 | volumes: | |
31 | # So that Traefik can listen to the Docker events |
|
31 | # So that Traefik can listen to the Docker events | |
32 | - /var/run/docker.sock:/var/run/docker.sock |
|
32 | - /var/run/docker.sock:/var/run/docker.sock | |
33 | - ./config/traefik:/etc/traefik |
|
33 | - ./config/traefik:/etc/traefik | |
|
34 | - ./config/traefik/dynamic:/etc/traefik_dynamic | |||
34 | deploy: |
|
35 | deploy: | |
35 | placement: |
|
36 | placement: | |
36 | constraints: |
|
37 | constraints: |
@@ -41,7 +41,7 b' services:' | |||||
41 | restart: always |
|
41 | restart: always | |
42 |
|
42 | |||
43 | # ports: |
|
43 | # ports: | |
44 |
# - "127.0.0.1: |
|
44 | # - "127.0.0.1:8000:8000" | |
45 | env_file: |
|
45 | env_file: | |
46 | - ${RC_ENV_FILE:?must-specify-rc-env-file} |
|
46 | - ${RC_ENV_FILE:?must-specify-rc-env-file} | |
47 | command: ["channelstream"] |
|
47 | command: ["channelstream"] | |
@@ -60,9 +60,16 b' services:' | |||||
60 | *custom-logging |
|
60 | *custom-logging | |
61 |
|
61 | |||
62 | labels: |
|
62 | labels: | |
63 |
- "traefik.enable= |
|
63 | - "traefik.enable=true" | |
64 |
|
|
64 | - "traefik.http.routers.channelstream.entrypoints=http" | |
65 |
|
|
65 | - "traefik.http.routers.channelstream.priority=20" | |
|
66 | - "traefik.http.routers.channelstream.rule=Host(`${RC_HOSTNAME:?must-specify-rhodecode-hostname}`) && PathPrefix(`/_channelstream`)" | |||
|
67 | - "traefik.http.routers.channelstream.service=channelstream-web" | |||
|
68 | - "traefik.http.routers.channelstream.middlewares=strip-cs" | |||
|
69 | - "traefik.http.middlewares.strip-cs.stripprefix.prefixes=/_channelstream" | |||
|
70 | - "traefik.http.services.channelstream-web.loadbalancer.server.port=8000" | |||
|
71 | # HTTP + SSL example, should be put into .custom/docker-compose-services.override.yaml | |||
|
72 | #- "traefik.http.routers.channelstream.entrypoints=http,https" | |||
66 |
|
73 | |||
67 | profiles: |
|
74 | profiles: | |
68 | ["channelstream"] |
|
75 | ["channelstream"] | |
@@ -102,8 +109,11 b' services:' | |||||
102 | labels: |
|
109 | labels: | |
103 | - "traefik.enable=true" |
|
110 | - "traefik.enable=true" | |
104 | - "traefik.http.routers.nginx.entrypoints=http" |
|
111 | - "traefik.http.routers.nginx.entrypoints=http" | |
105 | - "traefik.http.routers.nginx.rule=Host(`${RC_HOSTNAME:?must-specify-rhodecode-hostname}`) && ( PathPrefix(`/_health`) || PathPrefix(`/_channelstream`) || PathPrefix(`/_static/rhodecode`) )" |
|
112 | - "traefik.http.routers.nginx.priority=40" | |
|
113 | - "traefik.http.routers.nginx.rule=Host(`${RC_HOSTNAME:?must-specify-rhodecode-hostname}`) && PathPrefix(`/_static/rhodecode`)" | |||
106 | - "traefik.http.services.nginx.loadbalancer.server.port=80" |
|
114 | - "traefik.http.services.nginx.loadbalancer.server.port=80" | |
|
115 | # HTTP + SSL example, should be put into .custom/docker-compose-services.override.yaml | |||
|
116 | #- "traefik.http.routers.nginx.entrypoints=http,https" | |||
107 |
|
117 | |||
108 | elasticsearch: |
|
118 | elasticsearch: | |
109 | networks: |
|
119 | networks: | |
@@ -142,7 +152,7 b' services:' | |||||
142 | redis: |
|
152 | redis: | |
143 | networks: |
|
153 | networks: | |
144 | - rhodecode_network |
|
154 | - rhodecode_network | |
145 |
image: library/redis:7.0. |
|
155 | image: library/redis:7.0.7 | |
146 |
|
156 | |||
147 | restart: always |
|
157 | restart: always | |
148 | env_file: |
|
158 | env_file: | |
@@ -246,3 +256,4 b' services:' | |||||
246 |
|
256 | |||
247 | logging: |
|
257 | logging: | |
248 | *custom-logging |
|
258 | *custom-logging | |
|
259 |
@@ -36,8 +36,9 b' rccontrol_usage() {' | |||||
36 | echo |
|
36 | echo | |
37 | # :command.usage_commands |
|
37 | # :command.usage_commands | |
38 | printf "Commands:\n" |
|
38 | printf "Commands:\n" | |
|
39 | echo " get-started Print instructions to get started with rhodecode docker stack" | |||
39 | echo " self-update update rccontrol and it's docker definitions" |
|
40 | echo " self-update update rccontrol and it's docker definitions" | |
40 |
echo " |
|
41 | echo " init Bootstrap this machine, check docker version and install rhodecode-network" | |
41 | echo |
|
42 | echo | |
42 | printf "Build Commands:\n" |
|
43 | printf "Build Commands:\n" | |
43 | echo " get-build-artifacts Fetch Artifacts to run installer based build" |
|
44 | echo " get-build-artifacts Fetch Artifacts to run installer based build" | |
@@ -128,6 +129,35 b' rccontrol_usage() {' | |||||
128 | } |
|
129 | } | |
129 |
|
130 | |||
130 | # :command.usage |
|
131 | # :command.usage | |
|
132 | rccontrol_get_started_usage() { | |||
|
133 | if [[ -n $long_usage ]]; then | |||
|
134 | printf "rccontrol get-started - Print instructions to get started with rhodecode docker stack\n" | |||
|
135 | echo | |||
|
136 | ||||
|
137 | else | |||
|
138 | printf "rccontrol get-started - Print instructions to get started with rhodecode docker stack\n" | |||
|
139 | echo | |||
|
140 | ||||
|
141 | fi | |||
|
142 | ||||
|
143 | printf "Usage:\n" | |||
|
144 | printf " rccontrol get-started\n" | |||
|
145 | printf " rccontrol get-started --help | -h\n" | |||
|
146 | echo | |||
|
147 | ||||
|
148 | # :command.long_usage | |||
|
149 | if [[ -n $long_usage ]]; then | |||
|
150 | printf "Options:\n" | |||
|
151 | ||||
|
152 | # :command.usage_fixed_flags | |||
|
153 | echo " --help, -h" | |||
|
154 | printf " Show this help\n" | |||
|
155 | echo | |||
|
156 | ||||
|
157 | fi | |||
|
158 | } | |||
|
159 | ||||
|
160 | # :command.usage | |||
131 | rccontrol_self_update_usage() { |
|
161 | rccontrol_self_update_usage() { | |
132 | if [[ -n $long_usage ]]; then |
|
162 | if [[ -n $long_usage ]]; then | |
133 | printf "rccontrol self-update - update rccontrol and it's docker definitions\n" |
|
163 | printf "rccontrol self-update - update rccontrol and it's docker definitions\n" | |
@@ -175,23 +205,20 b' rccontrol_self_update_usage() {' | |||||
175 | } |
|
205 | } | |
176 |
|
206 | |||
177 | # :command.usage |
|
207 | # :command.usage | |
178 |
rccontrol_ |
|
208 | rccontrol_init_usage() { | |
179 | if [[ -n $long_usage ]]; then |
|
209 | if [[ -n $long_usage ]]; then | |
180 |
printf "rccontrol |
|
210 | printf "rccontrol init - Bootstrap this machine, check docker version and install rhodecode-network\n" | |
181 | echo |
|
211 | echo | |
182 |
|
212 | |||
183 | else |
|
213 | else | |
184 |
printf "rccontrol |
|
214 | printf "rccontrol init - Bootstrap this machine, check docker version and install rhodecode-network\n" | |
185 | echo |
|
215 | echo | |
186 |
|
216 | |||
187 | fi |
|
217 | fi | |
188 |
|
218 | |||
189 | printf "Alias: init\n" |
|
|||
190 | echo |
|
|||
191 |
|
||||
192 | printf "Usage:\n" |
|
219 | printf "Usage:\n" | |
193 |
printf " rccontrol |
|
220 | printf " rccontrol init [OPTIONS]\n" | |
194 |
printf " rccontrol |
|
221 | printf " rccontrol init --help | -h\n" | |
195 | echo |
|
222 | echo | |
196 |
|
223 | |||
197 | # :command.long_usage |
|
224 | # :command.long_usage | |
@@ -457,7 +484,7 b' rccontrol_stack_usage() {' | |||||
457 |
|
484 | |||
458 | # :command.usage_examples |
|
485 | # :command.usage_examples | |
459 | printf "Examples:\n" |
|
486 | printf "Examples:\n" | |
460 |
printf " - ./rccontrol stack router up # run router stack with output to\n stdout\n - ./rccontrol stack router up --detach # run router stack detached\n - ./rccontrol stack router down # stop whole router stack\n - ./rccontrol stack router ps # check status of router stack\n \n # scale a single stack service[s] to more replicas (horizontally)\n - ./rccontrol stack rhodecode up --detach --no-recreate --scale rhodecode=2\n --scale vcsserver=2\n \n # run router stack with your overrides compose file\n - ./rccontrol stack router -f docker-overrides.yaml up -d |
|
487 | printf " # running stack\n - ./rccontrol stack router up # run router stack with output to\n stdout\n - ./rccontrol stack router up --detach # run router stack detached\n - ./rccontrol stack router down # stop whole router stack\n - ./rccontrol stack router ps # check status of router stack\n \n # logs, use logs -f to follow/tail --until 1h to limit for last time\n - ./rccontrol stack services logs -f database\n \n # scale a single stack service[s] to more replicas (horizontally), use\n overrides files to permanently set scale\n - ./rccontrol stack rhodecode up --detach --no-recreate --scale rhodecode=2\n --scale vcsserver=2\n \n # run router stack with your overrides compose file\n - ./rccontrol stack router -f docker-overrides.yaml up -d\n" | |
461 | echo |
|
488 | echo | |
462 |
|
489 | |||
463 | fi |
|
490 | fi | |
@@ -714,6 +741,11 b' rccontrol_stack_upgrade_usage() {' | |||||
714 | printf " Show this help\n" |
|
741 | printf " Show this help\n" | |
715 | echo |
|
742 | echo | |
716 |
|
743 | |||
|
744 | # :command.usage_examples | |||
|
745 | printf "Examples:\n" | |||
|
746 | printf " # Upgrading stack\n - ./rccontrol stack-upgrade router\n \n # RhodeCode stack upgrades with 0 downtime using container rotation\n - ./rccontrol stack-upgrade rhodecode\n" | |||
|
747 | echo | |||
|
748 | ||||
717 | fi |
|
749 | fi | |
718 | } |
|
750 | } | |
719 |
|
751 | |||
@@ -1174,7 +1206,7 b' for stage in $BOOTSTRAP_STAGES; do' | |||||
1174 | stage_func=$(echo $stage | cut -d ":" -f 2) |
|
1206 | stage_func=$(echo $stage | cut -d ":" -f 2) | |
1175 | if ! config_has_key $stage_name ; then |
|
1207 | if ! config_has_key $stage_name ; then | |
1176 | echo "$(yellow WARNING:) bootstrap key $stage_name not found in config file $CONFIG_FILE!" |
|
1208 | echo "$(yellow WARNING:) bootstrap key $stage_name not found in config file $CONFIG_FILE!" | |
1177 |
echo "$(yellow NOTICE:) Please run ./rccontrol |
|
1209 | echo "$(yellow NOTICE:) Please run ./rccontrol init first" | |
1178 | exit |
|
1210 | exit | |
1179 | fi |
|
1211 | fi | |
1180 | done |
|
1212 | done | |
@@ -1606,6 +1638,12 b' validate_stack_exists() {' | |||||
1606 |
|
1638 | |||
1607 | # :command.command_functions |
|
1639 | # :command.command_functions | |
1608 | # :command.function |
|
1640 | # :command.function | |
|
1641 | rccontrol_get_started_command() { | |||
|
1642 | # src/get_started_command.sh | |||
|
1643 | get_started_full | |||
|
1644 | } | |||
|
1645 | ||||
|
1646 | # :command.function | |||
1609 | rccontrol_self_update_command() { |
|
1647 | rccontrol_self_update_command() { | |
1610 | # src/self_update_command.sh |
|
1648 | # src/self_update_command.sh | |
1611 | check_bootstrap |
|
1649 | check_bootstrap | |
@@ -1676,8 +1714,8 b' rccontrol_self_update_command() {' | |||||
1676 | } |
|
1714 | } | |
1677 |
|
1715 | |||
1678 | # :command.function |
|
1716 | # :command.function | |
1679 |
rccontrol_ |
|
1717 | rccontrol_init_command() { | |
1680 |
# src/ |
|
1718 | # src/init_command.sh | |
1681 | DEBUG=${args[--debug]} |
|
1719 | DEBUG=${args[--debug]} | |
1682 | force=${args[--force]} |
|
1720 | force=${args[--force]} | |
1683 |
|
1721 | |||
@@ -1744,7 +1782,6 b' rccontrol_bootstrap_command() {' | |||||
1744 | # TODO: change formatter to json for loki usage |
|
1782 | # TODO: change formatter to json for loki usage | |
1745 | log_formatter=generic |
|
1783 | log_formatter=generic | |
1746 | base_domain=docker-dev |
|
1784 | base_domain=docker-dev | |
1747 | base_url=http://$base_domain |
|
|||
1748 | DB_USER='rhodecode' |
|
1785 | DB_USER='rhodecode' | |
1749 | DB_NAME='rhodecode' |
|
1786 | DB_NAME='rhodecode' | |
1750 |
|
1787 | |||
@@ -1771,27 +1808,28 b' rccontrol_bootstrap_command() {' | |||||
1771 |
|
1808 | |||
1772 | .env set DB_PASSWORD=$db_key |
|
1809 | .env set DB_PASSWORD=$db_key | |
1773 |
|
1810 | |||
1774 |
.env set |
|
1811 | .env set RC_ENCRYPTED_SECRET=$shared_key | |
1775 |
.env set |
|
1812 | .env set RC_DB_URL="postgresql://$DB_USER:$db_key@database/$DB_NAME" | |
1776 |
.env set |
|
1813 | .env set RC_SQLALCHEMY_DB1_URL="postgresql://$DB_USER:$db_key@database/$DB_NAME" | |
1777 |
|
1814 | |||
1778 |
.env set |
|
1815 | .env set RC_LICENSE_TOKEN=$license_token | |
1779 |
.env set |
|
1816 | .env set RC_HOSTNAME=$base_domain | |
|
1817 | .env set RC_APP_BASE_URL=http://$base_domain | |||
1780 |
|
1818 | |||
1781 | .env puts '# Log formatter option' |
|
1819 | .env puts '# Log formatter option' | |
1782 |
.env set |
|
1820 | .env set RC_LOGGING_FORMATTER=$log_formatter | |
1783 |
.env set |
|
1821 | .env set RC_USE_CELERY=true | |
1784 |
|
1822 | |||
1785 | .env puts '# Channelstream config' |
|
1823 | .env puts '# Channelstream config' | |
1786 |
.env set |
|
1824 | .env set RC_CHANNELSTREAM_SERVER=channelstream:8000 | |
1787 |
.env set |
|
1825 | .env set RC_CHANNELSTREAM_WS_URL=ws:/$base_domain/_channelstream | |
1788 |
.env set |
|
1826 | .env set CHANNELSTREAM_ALLOW_POSTING_FROM=0.0.0.0 | |
1789 |
|
1827 | |||
1790 |
.env set |
|
1828 | .env set CHANNELSTREAM_SECRET=$shared_key | |
1791 |
.env set |
|
1829 | .env set RC_CHANNELSTREAM_SECRET=$shared_key | |
1792 |
|
1830 | |||
1793 |
.env set |
|
1831 | .env set CHANNELSTREAM_ADMIN_SECRET=$shared_key | |
1794 |
.env set |
|
1832 | .env set RC_CHANNELSTREAM_ADMIN_SECRET=$shared_key | |
1795 |
|
1833 | |||
1796 | else |
|
1834 | else | |
1797 | echo "bootstrap_config: $BOOTSTRAP_RUNTIME_ENV file exists, not adding any configuration..." |
|
1835 | echo "bootstrap_config: $BOOTSTRAP_RUNTIME_ENV file exists, not adding any configuration..." | |
@@ -2191,6 +2229,10 b' rccontrol_stack_status_command() {' | |||||
2191 | DEBUG=${args[--debug]} |
|
2229 | DEBUG=${args[--debug]} | |
2192 | DETAILED=${args[--detailed]} |
|
2230 | DETAILED=${args[--detailed]} | |
2193 |
|
2231 | |||
|
2232 | .env --file $RUNTIME_ENV | |||
|
2233 | .env get RC_APP_BASE_URL | |||
|
2234 | RC_APP_BASE_URL=$REPLY | |||
|
2235 | ||||
2194 | if [[ $DEBUG ]]; then |
|
2236 | if [[ $DEBUG ]]; then | |
2195 | echo "---" |
|
2237 | echo "---" | |
2196 | ps_cmd=$(docker ps --filter=name=rc_cluster --format="{{.ID}}") |
|
2238 | ps_cmd=$(docker ps --filter=name=rc_cluster --format="{{.ID}}") | |
@@ -2207,6 +2249,7 b' rccontrol_stack_status_command() {' | |||||
2207 | echo "---" |
|
2249 | echo "---" | |
2208 | fi |
|
2250 | fi | |
2209 |
|
2251 | |||
|
2252 | echo "Running hostname: $RC_APP_BASE_URL" | |||
2210 | if [[ $DETAILED ]]; then |
|
2253 | if [[ $DETAILED ]]; then | |
2211 | ps_cmd=$(docker ps --filter=name=rc_cluster --format="{{.ID}}") |
|
2254 | ps_cmd=$(docker ps --filter=name=rc_cluster --format="{{.ID}}") | |
2212 |
|
2255 | |||
@@ -2291,7 +2334,7 b' rccontrol_stack_upgrade_rhodecode_command() {' | |||||
2291 | fi |
|
2334 | fi | |
2292 |
|
2335 | |||
2293 | echo "Pulling new image: rhodecode/rhodecode-ee:${RC_VERSION}" |
|
2336 | echo "Pulling new image: rhodecode/rhodecode-ee:${RC_VERSION}" | |
2294 | #eval "docker pull rhodecode/rhodecode-ee:${RC_VERSION}" |
|
2337 | echo "./rccontrol stack rhodecode pull" | |
2295 |
|
2338 | |||
2296 | stop_containers() { |
|
2339 | stop_containers() { | |
2297 | target_container=$1 |
|
2340 | target_container=$1 | |
@@ -2639,6 +2682,13 b' parse_requirements() {' | |||||
2639 | case $action in |
|
2682 | case $action in | |
2640 | -*) ;; |
|
2683 | -*) ;; | |
2641 |
|
2684 | |||
|
2685 | get-started) | |||
|
2686 | action="get-started" | |||
|
2687 | shift | |||
|
2688 | rccontrol_get_started_parse_requirements "$@" | |||
|
2689 | shift $# | |||
|
2690 | ;; | |||
|
2691 | ||||
2642 | self-update) |
|
2692 | self-update) | |
2643 | action="self-update" |
|
2693 | action="self-update" | |
2644 | shift |
|
2694 | shift | |
@@ -2646,10 +2696,10 b' parse_requirements() {' | |||||
2646 | shift $# |
|
2696 | shift $# | |
2647 | ;; |
|
2697 | ;; | |
2648 |
|
2698 | |||
2649 |
|
|
2699 | init) | |
2650 |
action=" |
|
2700 | action="init" | |
2651 | shift |
|
2701 | shift | |
2652 |
rccontrol_ |
|
2702 | rccontrol_init_parse_requirements "$@" | |
2653 | shift $# |
|
2703 | shift $# | |
2654 | ;; |
|
2704 | ;; | |
2655 |
|
2705 | |||
@@ -2767,6 +2817,50 b' parse_requirements() {' | |||||
2767 | } |
|
2817 | } | |
2768 |
|
2818 | |||
2769 | # :command.parse_requirements |
|
2819 | # :command.parse_requirements | |
|
2820 | rccontrol_get_started_parse_requirements() { | |||
|
2821 | # :command.fixed_flags_filter | |||
|
2822 | while [[ $# -gt 0 ]]; do | |||
|
2823 | case "${1:-}" in | |||
|
2824 | --help | -h) | |||
|
2825 | long_usage=yes | |||
|
2826 | rccontrol_get_started_usage | |||
|
2827 | exit | |||
|
2828 | ;; | |||
|
2829 | ||||
|
2830 | *) | |||
|
2831 | break | |||
|
2832 | ;; | |||
|
2833 | ||||
|
2834 | esac | |||
|
2835 | done | |||
|
2836 | ||||
|
2837 | # :command.command_filter | |||
|
2838 | action="get-started" | |||
|
2839 | ||||
|
2840 | # :command.parse_requirements_while | |||
|
2841 | while [[ $# -gt 0 ]]; do | |||
|
2842 | key="$1" | |||
|
2843 | case "$key" in | |||
|
2844 | ||||
|
2845 | -?*) | |||
|
2846 | printf "invalid option: %s\n" "$key" >&2 | |||
|
2847 | exit 1 | |||
|
2848 | ;; | |||
|
2849 | ||||
|
2850 | *) | |||
|
2851 | # :command.parse_requirements_case | |||
|
2852 | # :command.parse_requirements_case_simple | |||
|
2853 | printf "invalid argument: %s\n" "$key" >&2 | |||
|
2854 | exit 1 | |||
|
2855 | ||||
|
2856 | ;; | |||
|
2857 | ||||
|
2858 | esac | |||
|
2859 | done | |||
|
2860 | ||||
|
2861 | } | |||
|
2862 | ||||
|
2863 | # :command.parse_requirements | |||
2770 | rccontrol_self_update_parse_requirements() { |
|
2864 | rccontrol_self_update_parse_requirements() { | |
2771 | # :command.fixed_flags_filter |
|
2865 | # :command.fixed_flags_filter | |
2772 | while [[ $# -gt 0 ]]; do |
|
2866 | while [[ $# -gt 0 ]]; do | |
@@ -2870,13 +2964,13 b' rccontrol_self_update_parse_requirements() {' | |||||
2870 | } |
|
2964 | } | |
2871 |
|
2965 | |||
2872 | # :command.parse_requirements |
|
2966 | # :command.parse_requirements | |
2873 |
rccontrol_ |
|
2967 | rccontrol_init_parse_requirements() { | |
2874 | # :command.fixed_flags_filter |
|
2968 | # :command.fixed_flags_filter | |
2875 | while [[ $# -gt 0 ]]; do |
|
2969 | while [[ $# -gt 0 ]]; do | |
2876 | case "${1:-}" in |
|
2970 | case "${1:-}" in | |
2877 | --help | -h) |
|
2971 | --help | -h) | |
2878 | long_usage=yes |
|
2972 | long_usage=yes | |
2879 |
rccontrol_ |
|
2973 | rccontrol_init_usage | |
2880 | exit |
|
2974 | exit | |
2881 | ;; |
|
2975 | ;; | |
2882 |
|
2976 | |||
@@ -2909,7 +3003,7 b' rccontrol_bootstrap_parse_requirements() {' | |||||
2909 | fi |
|
3003 | fi | |
2910 |
|
3004 | |||
2911 | # :command.command_filter |
|
3005 | # :command.command_filter | |
2912 |
action=" |
|
3006 | action="init" | |
2913 |
|
3007 | |||
2914 | # :command.parse_requirements_while |
|
3008 | # :command.parse_requirements_while | |
2915 | while [[ $# -gt 0 ]]; do |
|
3009 | while [[ $# -gt 0 ]]; do | |
@@ -4542,9 +4636,9 b' initialize() {' | |||||
4542 |
|
4636 | |||
4543 | get_started() { |
|
4637 | get_started() { | |
4544 | echo "" |
|
4638 | echo "" | |
4545 | echo "To start using RhodeCode run the following stacks using ./rccontrol stack [STACK_NAME]" |
|
4639 | echo "To start using RhodeCode run the following stacks using './rccontrol stack [STACK_NAME]'" | |
4546 | echo "" |
|
4640 | echo "" | |
4547 | echo "$(yellow_bold [Optional]): run the edge router to control domain and SSL" |
|
4641 | echo "$(yellow_bold [Optional]): run the edge router to control traffic / domain and optionally SSL termination" | |
4548 | echo "./rccontrol stack router up --detach" |
|
4642 | echo "./rccontrol stack router up --detach" | |
4549 | echo "" |
|
4643 | echo "" | |
4550 | echo "$(green_bold [Mandatory]): run the services, like database, redis, channelstream etc..." |
|
4644 | echo "$(green_bold [Mandatory]): run the services, like database, redis, channelstream etc..." | |
@@ -4553,15 +4647,27 b' initialize() {' | |||||
4553 | echo "$(green_bold [Mandatory]): run the rhodecode app stack" |
|
4647 | echo "$(green_bold [Mandatory]): run the rhodecode app stack" | |
4554 | echo "./rccontrol stack rhodecode up --detach" |
|
4648 | echo "./rccontrol stack rhodecode up --detach" | |
4555 | echo "" |
|
4649 | echo "" | |
4556 |
echo "$(yellow_bold [Optional]): run the monitoring stack, this includes grafana/prometh |
|
4650 | echo "$(yellow_bold [Optional]): run the monitoring stack, this includes grafana/prometheus logging/metrics system" | |
4557 | echo "./rccontrol stack metrics up --detach" |
|
4651 | echo "./rccontrol stack metrics up --detach" | |
4558 | echo "" |
|
4652 | echo "" | |
4559 | echo "$(bold [Status]): check services run status, ports etc.." |
|
4653 | echo "$(bold [Status]): check services run status, ports etc.." | |
4560 | echo "./rccontrol status" |
|
4654 | echo "./rccontrol status" | |
4561 | echo "" |
|
4655 | echo "" | |
4562 | echo "$(bold [Logs]): check service logs" |
|
4656 | echo "$(bold [Logs]): check service logs" | |
4563 |
echo "./rccontrol |
|
4657 | echo "./rccontrol stack [STACK_NAME] logs" | |
4564 | } |
|
4658 | } | |
|
4659 | ||||
|
4660 | get_started_full() { | |||
|
4661 | echo "$(blue_bold [~~~~ GET STARTED ~~~~~])" | |||
|
4662 | echo "./rccontrol is a CLI based installer/manager for RhodeCode Cluster Stack" | |||
|
4663 | echo "./rccontrol -h is your friend, in case of doubt, check examples and usage options with -h / --help flag" | |||
|
4664 | echo "" | |||
|
4665 | echo "$(yellow_bold [First time run])" | |||
|
4666 | echo "run './rccontrol init' to setup docker and download required installer files" | |||
|
4667 | ||||
|
4668 | get_started | |||
|
4669 | } | |||
|
4670 | ||||
4565 | } |
|
4671 | } | |
4566 |
|
4672 | |||
4567 | # :command.run |
|
4673 | # :command.run | |
@@ -4573,6 +4679,15 b' run() {' | |||||
4573 | parse_requirements "${input[@]}" |
|
4679 | parse_requirements "${input[@]}" | |
4574 |
|
4680 | |||
4575 | case "$action" in |
|
4681 | case "$action" in | |
|
4682 | "get-started") | |||
|
4683 | if [[ ${args[--help]:-} ]]; then | |||
|
4684 | long_usage=yes | |||
|
4685 | rccontrol_get_started_usage | |||
|
4686 | else | |||
|
4687 | rccontrol_get_started_command | |||
|
4688 | fi | |||
|
4689 | ;; | |||
|
4690 | ||||
4576 | "self-update") |
|
4691 | "self-update") | |
4577 | if [[ ${args[--help]:-} ]]; then |
|
4692 | if [[ ${args[--help]:-} ]]; then | |
4578 | long_usage=yes |
|
4693 | long_usage=yes | |
@@ -4582,12 +4697,12 b' run() {' | |||||
4582 | fi |
|
4697 | fi | |
4583 | ;; |
|
4698 | ;; | |
4584 |
|
4699 | |||
4585 | "bootstrap") |
|
4700 | "init") | |
4586 | if [[ ${args[--help]:-} ]]; then |
|
4701 | if [[ ${args[--help]:-} ]]; then | |
4587 | long_usage=yes |
|
4702 | long_usage=yes | |
4588 |
rccontrol_ |
|
4703 | rccontrol_init_usage | |
4589 | else |
|
4704 | else | |
4590 |
rccontrol_ |
|
4705 | rccontrol_init_command | |
4591 | fi |
|
4706 | fi | |
4592 | ;; |
|
4707 | ;; | |
4593 |
|
4708 |
@@ -7,16 +7,24 b' services:' | |||||
7 | # # expose port for optional direct port connection |
|
7 | # # expose port for optional direct port connection | |
8 | # - "10020:10020" |
|
8 | # - "10020:10020" | |
9 | environment: |
|
9 | environment: | |
10 | DB_UPGRADE: 0 # run the DB upgrade |
|
10 | RC_EXAMPLE_KEY: 'ok' | |
11 | SETUP_APP: 0 # run the application default settings setup, can be turned off after initial run |
|
11 | #DB_UPGRADE: 0 # 1 run the DB upgrade, 0 disable db upgrade at startup | |
|
12 | #SETUP_APP: 0 # run the application default settings setup, can be turned off after initial run | |||
12 |
|
13 | |||
13 | #healthcheck: |
|
14 | #healthcheck: | |
14 | # # disable the healthcheck |
|
15 | # # disable the healthcheck for faster signal handling | |
|
16 | # # generally not recommended | |||
15 | # test: ['CMD','true'] |
|
17 | # test: ['CMD','true'] | |
16 |
|
18 | |||
|
19 | #labels: | |||
|
20 | # # Enable http+https endpoints to serve SSL, select just 1 to disable the other | |||
|
21 | # - "traefik.http.routers.rhodecode.entrypoints=http,https" | |||
|
22 | ||||
|
23 | ||||
17 | deploy: |
|
24 | deploy: | |
18 | replicas: 1 |
|
25 | replicas: 1 | |
19 |
|
26 | |||
|
27 | ||||
20 | vcsserver: |
|
28 | vcsserver: | |
21 |
|
29 | |||
22 | environment: |
|
30 | environment: | |
@@ -26,7 +34,8 b' services:' | |||||
26 | replicas: 1 |
|
34 | replicas: 1 | |
27 |
|
35 | |||
28 | #healthcheck: |
|
36 | #healthcheck: | |
29 | # # disable the healthcheck |
|
37 | # # disable the healthcheck for faster signal handling | |
|
38 | # # generally not recommended | |||
30 | # test: ['CMD','true'] |
|
39 | # test: ['CMD','true'] | |
31 |
|
40 | |||
32 | sshd: |
|
41 | sshd: | |
@@ -34,7 +43,8 b' services:' | |||||
34 | replicas: 1 |
|
43 | replicas: 1 | |
35 |
|
44 | |||
36 | svn: |
|
45 | svn: | |
37 | {} |
|
46 | deploy: | |
|
47 | replicas: 1 | |||
38 |
|
48 | |||
39 | celery-beat: |
|
49 | celery-beat: | |
40 | deploy: |
|
50 | deploy: |
@@ -2,15 +2,17 b" version: '3.9'" | |||||
2 |
|
2 | |||
3 | services: |
|
3 | services: | |
4 |
|
4 | |||
|
5 | grafana: | |||
|
6 | {} | |||
|
7 | #labels: | |||
|
8 | # # Enable http+https endpoints to serve SSL, select just 1 to disable the other | |||
|
9 | # - "traefik.http.routers.grafana.entrypoints=http,https" | |||
|
10 | ||||
5 | promtail: |
|
11 | promtail: | |
6 | {} |
|
12 | {} | |
7 |
|
13 | |||
8 | loki: |
|
14 | loki: | |
9 | {} |
|
15 | {} | |
10 | # labels: |
|
|||
11 | # - "traefik.enable=true" |
|
|||
12 | # - "traefik.http.services.loki.loadbalancer.server.port=3100" |
|
|||
13 | # - "traefik.http.services.loki.loadbalancer.server.port=9095" |
|
|||
14 |
|
16 | |||
15 | prometheus: |
|
17 | prometheus: | |
16 | {} |
|
18 | {} | |
@@ -21,12 +23,3 b' services:' | |||||
21 | statsd-exporter: |
|
23 | statsd-exporter: | |
22 | {} |
|
24 | {} | |
23 |
|
25 | |||
24 | grafana: |
|
|||
25 |
|
||||
26 | labels: |
|
|||
27 | # SSL + proxy prefix |
|
|||
28 | - "traefik.http.routers.grafana-rt.service=grafana-ssl" |
|
|||
29 | - "traefik.http.routers.grafana-rt.entrypoints=https" |
|
|||
30 | - "traefik.http.routers.grafana-rt.rule=Host(`your-domain.com`) && PathPrefix(`/_grafana`)" |
|
|||
31 | - "traefik.http.routers.grafana-rt.tls=true" |
|
|||
32 | - "traefik.http.services.grafana-ssl.loadbalancer.server.port=3000" No newline at end of file |
|
@@ -13,36 +13,7 b' services:' | |||||
13 | # So that Traefik can listen to the Docker events |
|
13 | # So that Traefik can listen to the Docker events | |
14 | - /var/run/docker.sock:/var/run/docker.sock |
|
14 | - /var/run/docker.sock:/var/run/docker.sock | |
15 | # custom traefik config, enable SSL etc.. |
|
15 | # custom traefik config, enable SSL etc.. | |
16 | # put your traefik setup in this directory |
|
16 | # put your traefik setup in this directory structure, and uncomment to override | |
17 | - $PWD/.custom/traefik_custom:/etc/traefik |
|
17 | # default traefik static/dynamic configs | |
18 |
|
18 | #- $PWD/.custom/traefik_custom:/etc/traefik:ro | ||
19 | portainer: |
|
19 | #- $PWD/.custom/traefik_custom/dynamic:/etc/traefik_dynamic:ro | |
20 | # Run with COMPOSE_PROFILES=portainer |
|
|||
21 | # to access portainer set HEADER `X-Docker-Host=portainer` |
|
|||
22 | image: portainer/portainer-ce:latest |
|
|||
23 | restart: always |
|
|||
24 | volumes: |
|
|||
25 | - portainer_data:/data |
|
|||
26 | - /var/run/docker.sock:/var/run/docker.sock |
|
|||
27 | deploy: |
|
|||
28 | mode: replicated |
|
|||
29 | replicas: 1 |
|
|||
30 | placement: |
|
|||
31 | constraints: |
|
|||
32 | # limit swarm deploy to MANAGER only |
|
|||
33 | - node.role == manager |
|
|||
34 |
|
||||
35 | networks: |
|
|||
36 | - rhodecode_network |
|
|||
37 | labels: |
|
|||
38 | - "traefik.enable=true" |
|
|||
39 | - "traefik.http.routers.portainer.entrypoints=https" |
|
|||
40 | - "traefik.http.routers.portainer.rule=Headers(`X-Docker-Host`, `portainer`)" |
|
|||
41 | - "traefik.http.services.portainer.loadbalancer.server.port=9000" |
|
|||
42 |
|
||||
43 | profiles: |
|
|||
44 | ["portainer"] |
|
|||
45 |
|
||||
46 | volumes: |
|
|||
47 | portainer_data: |
|
|||
48 | external: true No newline at end of file |
|
@@ -7,19 +7,19 b' services:' | |||||
7 |
|
7 | |||
8 | database: |
|
8 | database: | |
9 | {} |
|
9 | {} | |
10 | # to disable usage of this service |
|
10 | # to disable usage of this service using your own postgres instance | |
11 | #deploy: |
|
11 | #deploy: | |
12 | # replicas: 0 |
|
12 | # replicas: 0 | |
13 |
|
13 | |||
14 | database-mysql: |
|
14 | database-mysql: | |
15 | {} |
|
15 | {} | |
16 | # to disable usage of this service |
|
16 | # to disable usage of this service, running your own mysql instance | |
17 | #deploy: |
|
17 | #deploy: | |
18 | # replicas: 0 |
|
18 | # replicas: 0 | |
19 |
|
19 | |||
20 | redis: |
|
20 | redis: | |
21 | {} |
|
21 | {} | |
22 | # to disable usage of this service |
|
22 | # to disable usage of this service using external redis | |
23 | #deploy: |
|
23 | #deploy: | |
24 | # replicas: 0 |
|
24 | # replicas: 0 | |
25 |
|
25 | |||
@@ -30,4 +30,41 b' services:' | |||||
30 | {} |
|
30 | {} | |
31 |
|
31 | |||
32 | channelstream: |
|
32 | channelstream: | |
33 | {} No newline at end of file |
|
33 | {} | |
|
34 | # Enable http+https endpoints to serve SSL, select just 1 to disable the other | |||
|
35 | #labels: | |||
|
36 | # - "traefik.http.routers.channelstream.entrypoints=http,https | |||
|
37 | ||||
|
38 | ||||
|
39 | portainer: | |||
|
40 | # Run with COMPOSE_PROFILES=portainer | |||
|
41 | # to access portainer set separate domain for portainer | |||
|
42 | # also needs a external new volume | |||
|
43 | # docker volume create --label keep=1 --name=portainer_data | |||
|
44 | image: portainer/portainer-ce:latest | |||
|
45 | restart: always | |||
|
46 | volumes: | |||
|
47 | - portainer_data:/data | |||
|
48 | - /var/run/docker.sock:/var/run/docker.sock | |||
|
49 | deploy: | |||
|
50 | mode: replicated | |||
|
51 | replicas: 1 | |||
|
52 | placement: | |||
|
53 | constraints: | |||
|
54 | # limit swarm deploy to MANAGER only | |||
|
55 | - node.role == manager | |||
|
56 | ||||
|
57 | networks: | |||
|
58 | - rhodecode_network | |||
|
59 | labels: | |||
|
60 | - "traefik.enable=true" | |||
|
61 | - "traefik.http.routers.portainer.entrypoints=https" | |||
|
62 | - "traefik.http.routers.portainer.rule=Host(`portainer.yourdomain.com`)" | |||
|
63 | - "traefik.http.services.portainer.loadbalancer.server.port=9000" | |||
|
64 | ||||
|
65 | profiles: | |||
|
66 | ["portainer"] | |||
|
67 | ||||
|
68 | volumes: | |||
|
69 | portainer_data: | |||
|
70 | external: true |
@@ -1,17 +1,28 b'' | |||||
1 | ## BUILD ARGS |
|
1 | ## BUILD/RUN ARGS ## | |
|
2 | #################### | |||
|
3 | ||||
2 | TZ="UTC" |
|
4 | TZ="UTC" | |
3 |
|
5 | |||
4 | # Version to deploy and run |
|
6 | # Version to deploy and run | |
|
7 | # rccontrol will automatically update and adjust this if needed | |||
5 | RC_VERSION="4.28.0" |
|
8 | RC_VERSION="4.28.0" | |
6 |
|
9 | |||
7 | # ce, or ee |
|
10 | # Select RhodeCode edition ce (free community), or ee (paid/enterprise) | |
8 | RC_EDITION=ee |
|
11 | RC_EDITION=ee | |
9 |
|
12 | |||
10 | # GENERATED ARGS, Please don't change those |
|
13 | # GENERATED ARGS # | |
|
14 | ################## | |||
|
15 | ||||
|
16 | # set limit of redis in-memory cache before keys get evicted using LRU cache | |||
|
17 | RC_REDIS_MAXMEMORY=1024mb | |||
|
18 | ||||
|
19 | # set the size of ramdisk used for locking files | |||
|
20 | RC_DATA_RAMDISK_SIZE=512M | |||
11 |
|
21 | |||
12 | # Database bootstrap/access credentials |
|
22 | # Database bootstrap/access credentials | |
13 | # Bootstrap container with specific password |
|
23 | # Bootstrap container with specific password | |
14 | # This password will be used to generate new account and password for the database |
|
24 | # This password will be used to generate new account and password for the database | |
|
25 | # Please don't change those unless you use your own database | |||
15 | DB_NAME=rhodecode |
|
26 | DB_NAME=rhodecode | |
16 | DB_USER=rhodecode |
|
27 | DB_USER=rhodecode | |
17 | DB_PASSWORD=GENERATED_AT_BOOTSTRAP |
|
28 | DB_PASSWORD=GENERATED_AT_BOOTSTRAP | |
@@ -22,6 +33,16 b' RHODECODE_USER_EMAIL=admin@server-com' | |||||
22 | RHODECODE_USER_NAME=admin |
|
33 | RHODECODE_USER_NAME=admin | |
23 | RHODECODE_USER_PASS=secret4 |
|
34 | RHODECODE_USER_PASS=secret4 | |
24 |
|
35 | |||
|
36 | # prependend to loki url prefix, this will be generated | |||
|
37 | RC_LOKI_AUTH=loki-auth:password@ | |||
|
38 | ||||
25 | RC_USE_CELERY=true |
|
39 | RC_USE_CELERY=true | |
26 |
|
40 | |||
27 | RC_APP_BASE_URL=base-url No newline at end of file |
|
41 | # base url for running app, this is used for traefik hasname matching, so accessing this host will redirect | |
|
42 | # traffic to the running instance. This needs to be the same as RC_APP_BASE_URL | |||
|
43 | # replace this with your name of host. e.g yourdomain.com or rc.company.local | |||
|
44 | RC_HOSTNAME=base-url | |||
|
45 | ||||
|
46 | # application base url, at which location including a scheme (http/https) this app will be | |||
|
47 | # running, this needs to be a valid resolvable domain for rhodecode links to work properly | |||
|
48 | RC_APP_BASE_URL=http://base-url No newline at end of file |
1 | NO CONTENT: file was removed |
|
NO CONTENT: file was removed |
1 | NO CONTENT: file was removed |
|
NO CONTENT: file was removed |
1 | NO CONTENT: file was removed |
|
NO CONTENT: file was removed |
General Comments 0
You need to be logged in to leave comments.
Login now