##// END OF EJS Templates
rhodecode-enterprise-docker
RSS
stack: enable auth for loki as it needs public exposure...
super-admin -
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,5 b''
1 # basic auth for traefik middleware.
2 # format here is <user>:<bcrypt_password>
3 # to generate bcrypt password one can use
4 # curl --verbose --request POST --data "password=XlokiAuth101&cost=10" https://www.toptal.com/developers/bcrypt/api/generate-hash.json
5 loki-auth:$2b$10$U8Cui8cO9ZXehYV.7atv8uPuA6rBVrA.Mxzvt8EsdheztkyXZagv6
Show file before | Show file after | Hide comments
@@ -1,42 +1,45 b''
1 1 ## Static configuration, needs traefik reload
2 2
3 3 entryPoints:
4 4 http:
5 5 address: ":80"
6 6
7 7 https:
8 8 address: ":443"
9 9
10 10 ssh:
11 11 address: ":${RC_SSH_PORT:?must-specify-ssh-port}"
12 12
13 loki:
14 address: ":3100"
15
13 16 traefik:
14 17 address: ":7000"
15 18
16 19 api:
17 20 dashboard: false
18 21 insecure: false # change to true to expose dashboard
19 22
20 23 accessLog: {}
21 24
22 25 log:
23 26 # DEBUG / INFO
24 27 level: INFO
25 28
26 29 metrics:
27 30 prometheus: {}
28 31
29 32
30 33 providers:
31 34 docker:
32 35 exposedByDefault: false
33 36 swarmMode: false
34 37
35 38 file:
36 39 filename: "/etc/traefik/traefik_dynamic.yaml"
37 40 watch: true
38 41
39 42
40 43 serversTransport:
41 44 #this disables SSL certificate verification for legacy own cert services like NextCloud etc
42 45 insecureSkipVerify: true
Show file before | Show file after | Hide comments
@@ -1,24 +1,28 b''
1 1
2 2 ## Setting up the middleware for redirect to https ##
3 3 http:
4 4
5 5 middlewares:
6 6
7 7 https-redirect:
8 8 redirectScheme:
9 9 scheme: https
10 10 # permanent: true
11 11
12 12 middlewares-rate-limit:
13 13 rateLimit:
14 14 average: 100
15 15 burst: 50
16 16
17 basic-auth:
18 basicAuth:
19 usersfile: /etc/traefik/.htpasswd
20
17 21 # Dynamic configuration for standard file based SSL cert
18 22 # create a custom copy of the traefik into .custom/ and remount this
19 23 # to enable custom certificates
20 24 #tls:
21 25 # certificates:
22 26 # # first certificate
23 27 # - certFile: /etc/traefik/certs/rhodecode-com.cert
24 28 # keyFile: /etc/traefik/certs/rhodecode-com.key
Show file before | Show file after | Hide comments
@@ -1,336 +1,336 b''
1 1 version: '3.9'
2 2
3 3 x-logging: &custom-logging
4 4 # docker plugin install grafana/loki-docker-driver:2.7.1 --alias loki --grant-all-permissions
5 5 # NOTE: loki logging driver ONLY works for host type networks...
6 6 driver: loki
7 7 options:
8 #loki-url: "http://loki:3100/loki/api/v1/push"
9 loki-url: "http://127.0.0.1:3100/loki/api/v1/push"
8 #loki-url: "http://${RC_LOKI_AUTH}loki:3100/loki/api/v1/push"
9 loki-url: "http://${RC_LOKI_AUTH}127.0.0.1:3100/loki/api/v1/push"
10 10 loki-retries: "5"
11 11 loki-timeout: "1s"
12 12 loki-max-backoff: "800ms"
13 13
14 14
15 15 services:
16 16
17 17 rhodecode:
18 18 networks:
19 19 - rhodecode_network
20 20 extra_hosts:
21 21 - "host.docker.internal:host-gateway"
22 22 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:-4.28.0}
23 23 stdin_open: true
24 24 tty: true
25 25 restart: always
26 26 env_file:
27 27 - ${RC_ENV_FILE:?must-specify-rc-env-file}
28 28 command: [
29 29 "/usr/local/bin/rhodecode_bin/bin/gunicorn",
30 30 "--name=gunicorn-rhodecode-1",
31 31 "--error-logfile=-",
32 32 "--paster=/etc/rhodecode/conf/rhodecode.ini",
33 33 "--config=/etc/rhodecode/conf/gunicorn_conf_rc.py"
34 34 ]
35 35 deploy:
36 36 # override this in .custom/docker-compose-apps.override.yaml to scale up
37 37 replicas: 1
38 38
39 39 # ports:
40 40 # - "127.0.0.1::10020"
41 41
42 42 build:
43 43 context: .
44 44 dockerfile: service/rhodecode/rhodecode.dockerfile
45 45 args:
46 46 TZ: ${TZ}
47 47 RHODECODE_VERSION: ${RC_VERSION:-4.28.0}
48 48 RHODECODE_DB: postgresql://rhodecode:${DB_PASSWORD:?must-specify-db-password}@database/${DB_NAME:?must-specify-db-name}
49 49 RHODECODE_USER_NAME: ${RHODECODE_USER_NAME}
50 50 RHODECODE_USER_PASS: ${RHODECODE_USER_PASS}
51 51 RHODECODE_USER_EMAIL: ${RHODECODE_USER_EMAIL}
52 52
53 53 environment:
54 54 RC_APP_TYPE: rhodecode_http
55 55 RC_APP_PROC: 1
56 56 SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt"
57 57 REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt"
58 58 GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt"
59 59 GEVENT_RESOLVER: "ares"
60 60
61 61 DB_UPGRADE: 1 # run the DB upgrade
62 62 SETUP_APP: 1 # run the application default settings setup, can be turned off after initial run
63 63 #FORCE_DB_INIT_FILE: 1 # force the database init, warning: destroys old DB
64 64 #FORCE_RC_SETUP_APP: 1 # force running setup scripts for configuration/license application
65 65 MAIN_INI_PATH: /etc/rhodecode/conf/rhodecode.ini
66 66
67 67 # SVN Specific
68 68 MOD_DAV_SVN_PORT: 8090
69 69 APACHE_LOG_DIR: /var/log/rhodecode/svn
70 70 MOD_DAV_SVN_CONF_FILE: /etc/rhodecode/conf/svn/mod_dav_svn.conf
71 71
72 72 healthcheck:
73 73 test: [ "CMD", "curl", "-A", "RhodeCode-Healthcheck", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "http://127.0.0.1:10020/_admin/ops/ping" ]
74 74 timeout: 30s
75 75 interval: 60s
76 76 retries: 10
77 77
78 78 # depends_on:
79 79 # - database
80 80 # - redis
81 81 # - channelstream
82 82
83 83 volumes:
84 84 - confvolume:/etc/rhodecode/conf
85 85 - logvolume:/var/log/rhodecode
86 86 - rc_reposvolume:/var/opt/rhodecode_repo_store
87 87 - rc_datavolume:/var/opt/rhodecode_data
88 88
89 89 tmpfs:
90 90 - /data_ramdisk:size=${RC_DATA_RAMDISK_SIZE:?specify-RC_DATA_RAMDISK_SIZE-env-var}
91 91
92 92 logging:
93 93 *custom-logging
94 94
95 95 labels:
96 96 - "traefik.enable=true"
97 97 - "traefik.http.routers.rhodecode.entrypoints=http"
98 98 - "traefik.http.routers.rhodecode.rule=Host(`${RC_HOSTNAME:?must-specify-rhodecode-hostname}`)"
99 99 - "traefik.http.routers.rhodecode.service=rhodecode-web"
100 100 - "traefik.http.services.rhodecode-web.loadbalancer.server.port=10020"
101 101 # SSL + proxy prefix example, should be put into .custom/docker-compose-apps.override.yaml
102 102 #- "traefik.http.routers.rhodecode-rt.entrypoints=https"
103 103 #- "traefik.http.routers.rhodecode-rt.rule=Host(`${RC_HOSTNAME:?must-specify-rhodecode-hostname}`)"
104 104 #- "traefik.http.routers.rhodecode-rt.tls=true"
105 105 #- "traefik.http.routers.rhodecode-rt.service=rhodecode-ssl"
106 106 #- "traefik.http.services.rhodecode-ssl.loadbalancer.server.port=10020"
107 107
108 108 vcsserver:
109 109 networks:
110 110 - rhodecode_network
111 111 extra_hosts:
112 112 - "host.docker.internal:host-gateway"
113 113 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:-4.28.0}
114 114
115 115 stdin_open: true
116 116 tty: true
117 117 restart: always
118 118 env_file:
119 119 - ${RC_ENV_FILE:?must-specify-rc-env-file}
120 120 command: [
121 121 "/home/rhodecode/.rccontrol/vcsserver-1/profile/bin/gunicorn",
122 122 "--name=gunicorn-vcsserver-1",
123 123 "--error-logfile=-",
124 124 "--paster=/etc/rhodecode/conf/vcsserver.ini",
125 125 "--config=/etc/rhodecode/conf/gunicorn_conf_vcs.py"
126 126 ]
127 127 deploy:
128 128 # override this in .custom/docker-compose-apps.override.yaml to scale up
129 129 replicas: 1
130 130
131 131 # ports:
132 132 # - "127.0.0.1::10010"
133 133
134 134 healthcheck:
135 135 test: [ "CMD", "curl", "-A", "RhodeCode-Healthcheck", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "http://127.0.0.1:10010/status" ]
136 136 timeout: 30s
137 137 interval: 60s
138 138 retries: 10
139 139
140 140 environment:
141 141 RC_APP_TYPE: rhodecode_vcsserver
142 142 RC_APP_PROC: 1
143 143 MAIN_INI_PATH: /etc/rhodecode/conf/vcsserver.ini
144 144 SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt"
145 145 REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt"
146 146 GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt"
147 147
148 148 # depends_on:
149 149 # - redis
150 150
151 151 volumes:
152 152 - confvolume:/etc/rhodecode/conf
153 153 - logvolume:/var/log/rhodecode
154 154 - rc_reposvolume:/var/opt/rhodecode_repo_store
155 155 - rc_datavolume:/var/opt/rhodecode_data
156 156
157 157 logging:
158 158 *custom-logging
159 159
160 160 celery:
161 161 networks:
162 162 - rhodecode_network
163 163 extra_hosts:
164 164 - "host.docker.internal:host-gateway"
165 165 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:-4.28.0}
166 166
167 167 stdin_open: true
168 168 tty: true
169 169 restart: always
170 170 env_file:
171 171 - ${RC_ENV_FILE:?must-specify-rc-env-file}
172 172 command: [
173 173 "/usr/local/bin/rhodecode_bin/bin/celery",
174 174 "worker",
175 175 "--task-events",
176 176 "--autoscale=10,2",
177 177 "--no-color",
178 178 "--app=rhodecode.lib.celerylib.loader",
179 179 "--loglevel=DEBUG",
180 180 "--ini=/etc/rhodecode/conf/rhodecode.ini"
181 181 ]
182 182
183 183 environment:
184 184 RC_APP_TYPE: rhodecode_celery
185 185 RC_APP_PROC: 1
186 186 MAIN_INI_PATH: /etc/rhodecode/conf/rhodecode.ini
187 187 SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt"
188 188 REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt"
189 189 GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt"
190 190
191 191 # depends_on:
192 192 # - database
193 193 # - redis
194 194
195 195 volumes:
196 196 - confvolume:/etc/rhodecode/conf
197 197 - logvolume:/var/log/rhodecode
198 198 - rc_reposvolume:/var/opt/rhodecode_repo_store
199 199 - rc_datavolume:/var/opt/rhodecode_data
200 200
201 201 logging:
202 202 *custom-logging
203 203
204 204 labels:
205 205 - "traefik.enable=false"
206 206
207 207 celery-beat:
208 208 # This service is not scalable
209 209 networks:
210 210 - rhodecode_network
211 211 extra_hosts:
212 212 - "host.docker.internal:host-gateway"
213 213 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:-4.28.0}
214 214
215 215 stdin_open: true
216 216 tty: true
217 217 restart: always
218 218 env_file:
219 219 - ${RC_ENV_FILE:?must-specify-rc-env-file}
220 220 command: [
221 221 "/usr/local/bin/rhodecode_bin/bin/celery",
222 222 "beat",
223 223 "--no-color",
224 224 "--app=rhodecode.lib.celerylib.loader",
225 225 "--scheduler=rhodecode.lib.celerylib.scheduler.RcScheduler",
226 226 "--loglevel=DEBUG",
227 227 "--ini=/etc/rhodecode/conf/rhodecode.ini"
228 228 ]
229 229
230 230 environment:
231 231 RC_APP_TYPE: rhodecode_beat
232 232 RC_APP_PROC: 1
233 233 MAIN_INI_PATH: /etc/rhodecode/conf/rhodecode.ini
234 234 SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt"
235 235 REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt"
236 236 GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt"
237 237
238 238 # depends_on:
239 239 # - database
240 240 # - redis
241 241
242 242 volumes:
243 243 - confvolume:/etc/rhodecode/conf
244 244 - logvolume:/var/log/rhodecode
245 245 - rc_reposvolume:/var/opt/rhodecode_repo_store
246 246 - rc_datavolume:/var/opt/rhodecode_data
247 247
248 248 logging:
249 249 *custom-logging
250 250
251 251 labels:
252 252 - "traefik.enable=false"
253 253
254 254 svn:
255 255 networks:
256 256 - rhodecode_network
257 257 extra_hosts:
258 258 - "host.docker.internal:host-gateway"
259 259 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:-4.28.0}
260 260
261 261 # build:
262 262 # context: .
263 263 # dockerfile: service/svn/rhodecode_svn.dockerfile
264 264 # args:
265 265 # APACHE_VER: 1.3
266 266
267 267 stdin_open: true
268 268 tty: true
269 269 restart: always
270 270 env_file:
271 271 - ${RC_ENV_FILE:?must-specify-rc-env-file}
272 272 command: ["apachectl", "-D", "FOREGROUND"]
273 273
274 274 environment:
275 275 RC_APP_TYPE: rhodecode_svn
276 276
277 277 # SVN Specific
278 278 MOD_DAV_SVN_PORT: 8090
279 279 APACHE_LOG_DIR: /var/log/rhodecode/svn
280 280 MOD_DAV_SVN_CONF_FILE: /etc/rhodecode/conf/svn/mod_dav_svn.conf
281 281
282 282 # ports:
283 283 # - "127.0.0.1::8090"
284 284
285 285 healthcheck:
286 286 test: [ "CMD", "curl", "-A", "RhodeCode-Healthcheck", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "http://127.0.0.1:8090/_server_status" ]
287 287 timeout: 30s
288 288 interval: 60s
289 289 retries: 10
290 290
291 291 volumes:
292 292 - confvolume:/etc/rhodecode/conf
293 293 - logvolume:/var/log/rhodecode
294 294 - rc_reposvolume:/var/opt/rhodecode_repo_store
295 295 - rc_datavolume:/var/opt/rhodecode_data
296 296
297 297 logging:
298 298 *custom-logging
299 299
300 300 sshd:
301 301 networks:
302 302 - rhodecode_network
303 303 extra_hosts:
304 304 - "host.docker.internal:host-gateway"
305 305 image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:-4.28.0}
306 306
307 307 stdin_open: true
308 308 tty: true
309 309 restart: always
310 310 env_file:
311 311 - ${RC_ENV_FILE:?must-specify-rc-env-file}
312 312 command: ["/usr/sbin/sshd", "-f", "/etc/rhodecode/sshd_config", "-D", "-e"]
313 313
314 314 environment:
315 315 RC_APP_TYPE: rhodecode_sshd
316 316 SSH_BOOTSTRAP: 1
317 317
318 318 # ports:
319 319 # # set from .env file
320 320 # - "${RC_SSH_PORT:?must-specify-ssh-port}:22"
321 321
322 322 volumes:
323 323 - confvolume:/etc/rhodecode/conf
324 324 - logvolume:/var/log/rhodecode
325 325 - rc_reposvolume:/var/opt/rhodecode_repo_store
326 326 - rc_datavolume:/var/opt/rhodecode_data
327 327
328 328 logging:
329 329 *custom-logging
330 330
331 331 labels:
332 332 - "traefik.enable=true"
333 333 - "traefik.http.routers.sshd.entrypoints=ssh"
334 334 - "traefik.http.routers.sshd.rule=Host(`*`)"
335 335 - "traefik.http.routers.sshd.service=rhodecode-ssh"
336 336 - "traefik.http.services.rhodecode-ssh.loadbalancer.server.port=${RC_SSH_PORT:?must-specify-ssh-port}"
Show file before | Show file after | Hide comments
@@ -1,55 +1,55 b''
1 1 version: '3.9'
2 2
3 3 ## Shared base stuff for all compose files in stack
4 4
5 5 x-logging: &custom-logging
6 6 # Install loki plugin
7 7 # docker plugin install grafana/loki-docker-driver:2.7.1 --alias loki --grant-all-permissions
8 8 # NOTE: loki logging driver ONLY works for host type networks...
9 9 # To cleanly uninstall the plugin, disable and remove it
10 10 # docker plugin disable loki --force && docker plugin rm loki
11 11 # debug: sudo journalctl -u docker.service | grep loki
12 12 driver: loki
13 13 options:
14 #loki-url: "http://loki:3100/loki/api/v1/push"
15 loki-url: "http://127.0.0.1:3100/loki/api/v1/push"
14 #loki-url: "http://${RC_LOKI_AUTH}loki:3100/loki/api/v1/push"
15 loki-url: "http://${RC_LOKI_AUTH}127.0.0.1:3100/loki/api/v1/push"
16 16 loki-retries: "5"
17 17 loki-timeout: "1s"
18 18 loki-max-backoff: "800ms"
19 19
20 20 volumes:
21 21 # shared logvolume
22 22 logvolume:
23 23 driver: local
24 24 driver_opts:
25 25 type: none
26 26 o: bind
27 27 device: $PWD/logs
28 28
29 29 # bind-mount with configs
30 30 confvolume:
31 31 driver: local
32 32 driver_opts:
33 33 type: none
34 34 o: bind
35 35 device: $PWD/config/_shared
36 36
37 37 # SHARED volume for rhodecode caches, archive caches, nginx static,
38 38 # must be run via: docker volume create --name=rc_datavolume
39 39 rc_datavolume:
40 40 external: true
41 41
42 42 # volume for RhodeCode repo-store, it's where the repositories will be stored
43 43 # must be run via: docker volume create --name=rc_reposvolume
44 44 rc_reposvolume:
45 45 external: true
46 46
47 47 networks:
48 48
49 49 # SHARED network for all containers
50 50 # must be run via: docker network create --name=rhodecode_network
51 51 rhodecode_network:
52 52 name: rhodecode_network
53 53 driver: bridge
54 54 external: true
55 55
Show file before | Show file after | Hide comments
@@ -1,131 +1,138 b''
1 1 version: '3.9'
2 2
3 3 volumes:
4 4
5 5 prometheus_data:
6 6 labels:
7 7 "keep": 1
8 8
9 9 grafana_data:
10 10 labels:
11 11 "keep": 1
12 12
13 13 services:
14 14
15 15 statsd-exporter:
16 16 image: prom/statsd-exporter:v0.22.8
17 17 restart: always
18 18 command: [
19 19 '--statsd.mapping-config=/etc/statsd/statsd.yaml',
20 20 '--statsd.listen-udp=:9125',
21 21 '--web.listen-address=:9102'
22 22 ]
23 23 networks:
24 24 - rhodecode_network
25 25 # ports:
26 26 # - "9125:9125/udp"
27 27 # - "9102:9102"
28 28
29 29 volumes:
30 30 - ./config/statsd-exporter:/etc/statsd
31 31 labels:
32 32 - "traefik.enable=false"
33 33 - "traefik.http.services.statsd-exporter.loadbalancer.server.port=9125"
34 34 - "traefik.http.services.statsd-exporter.loadbalancer.server.port=9102"
35 35
36 36 node-exporter:
37 37 image: prom/node-exporter:v1.4.1
38 38 command:
39 39 - "--path.procfs=/host/proc"
40 40 - "--path.rootfs=/rootfs"
41 41 - "--path.sysfs=/host/sys"
42 42 - "--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)"
43 43 - "--collector.systemd"
44 44 - "--collector.processes"
45 45 networks:
46 46 - rhodecode_network
47 47 pid: host
48 48 restart: always
49 49 # ports:
50 50 # - "9100:9100"
51 51 volumes:
52 52 - "/proc:/host/proc:ro"
53 53 - "/sys:/host/sys:ro"
54 54 - "/:/rootfs:ro"
55 55 labels:
56 56 - "traefik.enable=false"
57 57 - "traefik.http.services.node-exporter.loadbalancer.server.port=9100"
58 58
59 59 prometheus:
60 60 image: prom/prometheus:v2.40.6
61 61 restart: always
62 62 command:
63 63 - "--config.file=/etc/prometheus/prometheus.yml"
64 64 - "--storage.tsdb.path=/prometheus"
65 65 - "--web.console.libraries=/etc/prometheus/console_libraries"
66 66 - "--web.console.templates=/etc/prometheus/consoles"
67 67 - "--storage.tsdb.retention.time=24h"
68 68 - "--web.enable-lifecycle"
69 69 # ports:
70 70 # - "9090:9090"
71 71 networks:
72 72 - rhodecode_network
73 73 volumes:
74 74 - ./config/prometheus:/etc/prometheus
75 75 - prometheus_data:/prometheus
76 76 labels:
77 77 - "traefik.enable=false"
78 78 - "traefik.http.services.prometheus.loadbalancer.server.port=9090"
79 79
80 80 grafana:
81 81 image: grafana/grafana:9.3.1
82 82 restart: always
83 83 # ports:
84 84 # - "3000:3000"
85 85 volumes:
86 86 - grafana_data:/var/lib/grafana
87 87 - ./config/grafana:/etc/grafana
88 88 networks:
89 89 - rhodecode_network
90 90 labels:
91 91 - "traefik.enable=true"
92 92 - "traefik.http.routers.grafana.entrypoints=http"
93 93 - "traefik.http.routers.grafana.rule=PathPrefix(`/_grafana`)"
94 94 - "traefik.http.routers.grafana.service=grafana-http"
95 95 - "traefik.http.services.grafana-http.loadbalancer.server.port=3000"
96 96 # SSL + proxy prefix example, should be put into .custom/docker-compose-metrics.override.yaml
97 97 #- "traefik.http.routers.grafana-rt.entrypoints=https"
98 98 #- "traefik.http.routers.grafana-rt.rule=Host(`metrics.example.com`) && PathPrefix(`/_grafana`)"
99 99 #- "traefik.http.routers.grafana-rt.tls=true"
100 100 #- "traefik.http.routers.grafana-rt.service=grafana-ssl"
101 101 #- "traefik.http.services.grafana-ssl.loadbalancer.server.port=3000"
102 102
103 103 loki:
104 104 image: grafana/loki:2.7.1
105 105 restart: always
106 ports:
107 # Loki port is the only one that needs explicitly
108 # be exposed because of logging driver host-only woking mode
109 - "3100:3100"
106 # ports:
107 # - "3100:3100"
110 108 # - "9095:9095"
111 109 command: [
112 110 "-config.file=/etc/loki/loki-config.yaml"
113 111 ]
114 112 networks:
115 113 - rhodecode_network
116 114 volumes:
117 115 - ./config/loki:/etc/loki
116 # optionally mount host container to scrape docker logs...
117 # - /var/lib/docker/containers:/var/lib/docker/containers:ro
118 labels:
119 # Loki port is the only one that needs explicitly
120 # be exposed because of logging driver host-only working mode
121 - "traefik.enable=true"
122 - "traefik.http.routers.loki.entrypoints=loki"
123 - "traefik.http.routers.loki.rule=PathPrefix(`/`)"
124 - "traefik.http.routers.loki.middlewares=basic-auth@file"
125 - "traefik.http.routers.loki.service=loki-http"
126 - "traefik.http.services.loki-http.loadbalancer.server.port=3100"
118 127
119 128 promtail:
120 129 image: grafana/promtail:2.7.1
121 130 command: [
122 131 "-config.file=/etc/promtail/promtail-config.yaml"
123 132 ]
124 133 networks:
125 134 - rhodecode_network
126 135 volumes:
127 136 - /var/log:/var/log
128 137 - logvolume:/var/log_volume
129 138 - ./config/promtail:/etc/promtail
130 labels:
131 - "traefik.enable=false"
Show file before | Show file after | Hide comments
@@ -1,44 +1,46 b''
1 1 version: '3.9'
2 2
3 3 x-logging: &custom-logging
4 4 # docker plugin install grafana/loki-docker-driver:2.7.1 --alias loki --grant-all-permissions
5 5 # NOTE: loki logging driver ONLY works for host type networks...
6 6 driver: loki
7 7 options:
8 #loki-url: "http://loki:3100/loki/api/v1/push"
9 loki-url: "http://127.0.0.1:3100/loki/api/v1/push"
8 #loki-url: "http://${RC_LOKI_AUTH}loki:3100/loki/api/v1/push"
9 loki-url: "http://${RC_LOKI_AUTH}127.0.0.1:3100/loki/api/v1/push"
10 10 loki-retries: "5"
11 11 loki-timeout: "1s"
12 12 loki-max-backoff: "800ms"
13 13
14 14 ## docker network create -d overlay lb-net
15 15 services:
16 16
17 17 traefik:
18 18
19 19 image: traefik:v2.9.6
20 20
21 21 ports:
22 22 # The HTTP port, exposed as http entrypoint
23 23 - "80:80"
24 24 # The HTTPS port, exposed as https entrypoint
25 25 - "443:443"
26 # The loki port, exposed as http entrypoint behind auth
27 - "3100:3100"
26 28 # The SSH port
27 29 - "${RC_SSH_PORT}:${RC_SSH_PORT}"
28 30 volumes:
29 31 # So that Traefik can listen to the Docker events
30 32 - /var/run/docker.sock:/var/run/docker.sock
31 33 - ./config/traefik:/etc/traefik
32 34 deploy:
33 35 placement:
34 36 constraints:
35 37 # limit swarm deploy to MANAGER only
36 38 - node.role == manager
37 39 networks:
38 40 - rhodecode_network
39 41
40 42 labels:
41 43 - "traefik.enable=true"
42 44
43 45 logging:
44 46 *custom-logging
Show file before | Show file after | Hide comments
@@ -1,248 +1,248 b''
1 1 version: '3.9'
2 2
3 3 x-logging: &custom-logging
4 4 # docker plugin install grafana/loki-docker-driver:2.7.1 --alias loki --grant-all-permissions
5 5 # NOTE: loki logging driver ONLY works for host type networks...
6 6 driver: loki
7 7 options:
8 #loki-url: "http://loki:3100/loki/api/v1/push"
9 loki-url: "http://127.0.0.1:3100/loki/api/v1/push"
8 #loki-url: "http://${RC_LOKI_AUTH}loki:3100/loki/api/v1/push"
9 loki-url: "http://${RC_LOKI_AUTH}127.0.0.1:3100/loki/api/v1/push"
10 10 loki-retries: "5"
11 11 loki-timeout: "1s"
12 12 loki-max-backoff: "800ms"
13 13
14 14 volumes:
15 15
16 16 # volume for redis data store
17 17 redis_data:
18 18 labels:
19 19 "keep": 1
20 20
21 21 # volume for Postgres db store
22 22
23 23 # volume for Postgres Data
24 24 pg_data:
25 25 labels:
26 26 "keep": 1
27 27
28 28 # volume for rhodecode elasticsearch
29 29 es_data:
30 30 labels:
31 31 "keep": 1
32 32
33 33
34 34 services:
35 35
36 36 channelstream:
37 37 networks:
38 38 - rhodecode_network
39 39 image: channelstream/channelstream:0.7.1
40 40
41 41 restart: always
42 42
43 43 # ports:
44 44 # - "127.0.0.1:9800:9800"
45 45 env_file:
46 46 - ${RC_ENV_FILE:?must-specify-rc-env-file}
47 47 command: ["channelstream"]
48 48
49 49 healthcheck:
50 50 test: [ "CMD", "curl", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "http://channelstream:8000/admin/sign_in" ]
51 51 timeout: 5s
52 52 interval: 60s
53 53 retries: 10
54 54
55 55 volumes:
56 56 - confvolume:/etc/rhodecode/conf
57 57 - logvolume:/var/log/rhodecode
58 58
59 59 logging:
60 60 *custom-logging
61 61
62 62 labels:
63 63 - "traefik.enable=false"
64 64 #- "traefik.http.routers.channelstream.entrypoints=http"
65 65 #- "traefik.http.services.channelstream.loadbalancer.server.port=9800"
66 66
67 67 profiles:
68 68 ["channelstream"]
69 69
70 70 nginx:
71 71 networks:
72 72 - rhodecode_network
73 73 image: library/nginx:1.23.3
74 74
75 75 restart: always
76 76
77 77 environment:
78 78 NGINX_ENTRYPOINT_QUIET_LOGS: 1
79 79 env_file:
80 80 - ${RC_ENV_FILE:?must-specify-rc-env-file}
81 81
82 82 healthcheck:
83 83 # change port 80 to 443 when only using SSL
84 84 test: [ "CMD", "curl", "-A", "RhodeCode-Healthcheck", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "http://127.0.0.1:80/_health" ]
85 85 timeout: 30s
86 86 interval: 60s
87 87 retries: 10
88 88
89 89 # depends_on:
90 90 # - channelstream
91 91
92 92 volumes:
93 93 - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
94 94 - ./config/nginx/http.conf:/etc/nginx/http.conf:ro
95 95 - ./config/nginx/proxy.conf:/etc/nginx/proxy.conf:ro
96 96 - logvolume:/var/log/rhodecode
97 97 - rc_datavolume:/var/opt/rhodecode_data
98 98
99 99 logging:
100 100 *custom-logging
101 101
102 102 labels:
103 103 - "traefik.enable=true"
104 104 - "traefik.http.routers.nginx.entrypoints=http"
105 105 - "traefik.http.routers.nginx.rule=Host(`${RC_HOSTNAME:?must-specify-rhodecode-hostname}`) && ( PathPrefix(`/_health`) || PathPrefix(`/_channelstream`) || PathPrefix(`/_static/rhodecode`) )"
106 106 - "traefik.http.services.nginx.loadbalancer.server.port=80"
107 107
108 108 elasticsearch:
109 109 networks:
110 110 - rhodecode_network
111 111 image: elasticsearch:6.8.23
112 112
113 113 environment:
114 114 - cluster.name=elasticsearch-cluster
115 115 - network.host=0.0.0.0
116 116 - bootstrap.memory_lock=true
117 117 - discovery.type=single-node
118 118 - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
119 119 env_file:
120 120 - ${RC_ENV_FILE:?must-specify-rc-env-file}
121 121 healthcheck:
122 122 # change port 80 to 443 when only using SSL
123 123 test: [ "CMD", "curl", "-A", "RhodeCode-Healthcheck", "-s", "-o", "/dev/null", "-w", "'%{http_code}'", "elasticsearch:9200/_cat/health" ]
124 124 timeout: 30s
125 125 interval: 60s
126 126 retries: 10
127 127
128 128 ulimits:
129 129 memlock:
130 130 soft: -1
131 131 hard: -1
132 132
133 133 volumes:
134 134 - es_data:/usr/share/elasticsearch/data
135 135
136 136 logging:
137 137 *custom-logging
138 138
139 139 profiles:
140 140 ["elasticsearch"]
141 141
142 142 redis:
143 143 networks:
144 144 - rhodecode_network
145 145 image: library/redis:7.0.6
146 146
147 147 restart: always
148 148 env_file:
149 149 - ${RC_ENV_FILE:?must-specify-rc-env-file}
150 150 command:
151 151 - "redis-server"
152 152 - "/etc/redis/redis.conf"
153 153 - "--maxmemory-policy allkeys-lru"
154 154 - "--maxmemory ${RC_REDIS_MAXMEMORY:?must-specify-redis-maxmemory}"
155 155
156 156 # ports:
157 157 # - "127.0.0.1::6379"
158 158
159 159 healthcheck:
160 160 test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
161 161 interval: 60s
162 162
163 163 volumes:
164 164 - ./config/redis/redis.conf:/etc/redis/redis.conf:ro
165 165 - logvolume:/var/log/rhodecode
166 166 - redis_data:/data
167 167
168 168 profiles:
169 169 ["redis"]
170 170
171 171 logging:
172 172 *custom-logging
173 173
174 174 database:
175 175 networks:
176 176 - rhodecode_network
177 177 image: library/postgres:14.6
178 178
179 179 environment:
180 180 POSTGRES_DB: ${DB_NAME:?must-specify-db-name}
181 181 POSTGRES_USER: ${DB_USER:?must-specify-db-user}
182 182 PGUSER: ${DB_USER:?must-specify-db-user}
183 183 POSTGRES_PASSWORD: ${DB_PASSWORD:?must-specify-db-password}
184 184 POSTGRES_HOST_AUTH_METHOD: md5
185 185 POSTGRES_INITDB_ARGS: "--auth-host=md5 --auth-local=md5"
186 186 env_file:
187 187 - ${RC_ENV_FILE:?must-specify-rc-env-file}
188 188
189 189 restart: always
190 190 command:
191 191 - "postgres"
192 192 - "-c"
193 193 - "log_statement=ddl"
194 194 - "-c"
195 195 - "config_file=/etc/conf.d/pg_customized.conf"
196 196
197 197 # ports:
198 198 # - "127.0.0.1::5432"
199 199
200 200 healthcheck:
201 201 test: ["CMD-SHELL", "pg_isready", '-U', "$DB_USER"]
202 202 interval: 10s
203 203 timeout: 5s
204 204 retries: 5
205 205
206 206 volumes:
207 207 - $PWD/config/database/pg_customized.conf:/etc/conf.d/pg_customized.conf:ro
208 208 # db dumps reverse mount
209 209 - $PWD/.custom/db_dump:/var/rc-data-dump
210 210 # save the pg_data volume
211 211 - pg_data:/var/lib/postgresql/data
212 212 - logvolume:/var/log/rhodecode
213 213
214 214 profiles:
215 215 ["postgres"]
216 216
217 217 logging:
218 218 *custom-logging
219 219
220 220 database-mysql:
221 221 networks:
222 222 - rhodecode_network
223 223 image: library/mysql:8.0.31
224 224
225 225 environment:
226 226 MYSQL_DATABASE: ${DB_NAME:?must-specify-db-name}
227 227 MYSQL_USER: ${DB_USER:?must-specify-db-user}
228 228 MYSQL_PASSWORD: ${DB_PASSWORD:?must-specify-db-password}
229 229 MYSQL_ROOT_PASSWORD: ${DB_PASSWORD:?must-specify-db-password}
230 230 env_file:
231 231 - ${RC_ENV_FILE:?must-specify-rc-env-file}
232 232
233 233 restart: always
234 234
235 235 # ports:
236 236 # - "127.0.0.1::3306"
237 237
238 238 volumes:
239 239 - ./config/database/mysql_customized.conf:/etc/mysql/conf.d/config-file.cnf:ro
240 240 # save the mysql_data volume
241 241 - $PWD/mysql_dir:/var/lib/mysql
242 242 - logvolume:/var/log/rhodecode
243 243
244 244 profiles:
245 245 ["mysql"]
246 246
247 247 logging:
248 248 *custom-logging
Show file before | Show file after | Hide comments
@@ -1,33 +1,42 b''
1 1 version: '3.9'
2 2
3 3 services:
4 4
5 5 rhodecode:
6 ports:
7 - "10020:10020"
6 #ports:
7 # # expose port for optional direct port connection
8 # - "10020:10020"
8 9 environment:
9 10 DB_UPGRADE: 0 # run the DB upgrade
10 11 SETUP_APP: 0 # run the application default settings setup, can be turned off after initial run
11 12
13 #healthcheck:
14 # # disable the healthcheck
15 # test: ['CMD','true']
16
12 17 deploy:
13 18 replicas: 1
14 19
15 20 vcsserver:
16 21
17 22 environment:
18 23 {}
19 24
20 25 deploy:
21 26 replicas: 1
22 27
28 #healthcheck:
29 # # disable the healthcheck
30 # test: ['CMD','true']
31
23 32 sshd:
24 33 {}
25 34
26 35 svn:
27 36 {}
28 37
29 38 celery-beat:
30 39 {}
31 40
32 41 celery:
33 42 {}
General Comments 0
You need to be logged in to leave comments. Login now