|
|
|
|
|
x-logging: &custom-logging
|
|
|
# docker plugin install grafana/loki-docker-driver:2.7.1 --alias loki --grant-all-permissions
|
|
|
# NOTE: loki logging driver ONLY works for host type networks...
|
|
|
driver: loki
|
|
|
options:
|
|
|
#loki-url: "http://${RC_LOKI_AUTH}loki:3100/loki/api/v1/push"
|
|
|
loki-url: "http://${RC_LOKI_AUTH}127.0.0.1:3100/loki/api/v1/push"
|
|
|
loki-retries: "5"
|
|
|
loki-timeout: "1s"
|
|
|
loki-max-backoff: "800ms"
|
|
|
|
|
|
|
|
|
services:
|
|
|
|
|
|
# base shared options for RhodeCode type services
|
|
|
common_base:
|
|
|
image: rhodecode/rhodecode-${RC_EDITION}:${RC_VERSION:-4.28.0}
|
|
|
stdin_open: true
|
|
|
tty: true
|
|
|
restart: always
|
|
|
deploy:
|
|
|
# override this in .custom/docker-compose-apps.override.yaml to scale up
|
|
|
replicas: 0
|
|
|
networks:
|
|
|
- rhodecode_network
|
|
|
extra_hosts:
|
|
|
- "host.docker.internal:host-gateway"
|
|
|
volumes:
|
|
|
- confvolume:/etc/rhodecode/conf
|
|
|
- rc_reposvolume:/var/opt/rhodecode_repo_store
|
|
|
- rc_datavolume:/var/opt/rhodecode_data
|
|
|
logging:
|
|
|
*custom-logging
|
|
|
|
|
|
# base definition WITHOUT labels to full control over override and custom service
|
|
|
# main rhodecode will use extends + service from that base
|
|
|
rhodecode_base:
|
|
|
extends:
|
|
|
service: common_base
|
|
|
|
|
|
env_file:
|
|
|
- ${RC_ENV_FILE:?must-specify-rc-env-file}
|
|
|
|
|
|
command: [
|
|
|
"/usr/local/bin/rhodecode_bin/bin/gunicorn",
|
|
|
"--error-logfile=-",
|
|
|
"--paster=/etc/rhodecode/conf/rhodecode.ini",
|
|
|
"--config=/etc/rhodecode/conf/gunicorn_conf_rc.py"
|
|
|
]
|
|
|
|
|
|
build:
|
|
|
context: .
|
|
|
dockerfile: service/rhodecode/rhodecode_5.dockerfile
|
|
|
args:
|
|
|
TZ: ${TZ:-UTC}
|
|
|
RHODECODE_VERSION: ${RC_VERSION:-4.28.0}
|
|
|
RHODECODE_DB: postgresql://rhodecode:${DB_PASSWORD:?must-specify-db-password}@database/${DB_NAME:?must-specify-db-name}
|
|
|
RHODECODE_USER_NAME: ${RHODECODE_USER_NAME}
|
|
|
RHODECODE_USER_PASS: ${RHODECODE_USER_PASS}
|
|
|
RHODECODE_USER_EMAIL: ${RHODECODE_USER_EMAIL}
|
|
|
|
|
|
environment:
|
|
|
RC_APP_TYPE: rhodecode_http
|
|
|
RC_APP_PROC: 1
|
|
|
RC_APP_PORT: "10020"
|
|
|
SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt"
|
|
|
REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt"
|
|
|
GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt"
|
|
|
GEVENT_RESOLVER: "ares"
|
|
|
GUNICORN_CMD_ARGS: "--bind=0.0.0.0:10020 --name=gunicorn-rhodecode-1 --workers=2"
|
|
|
|
|
|
DB_UPGRADE: 1 # run the DB upgrade
|
|
|
SETUP_APP: 1 # run the application default settings setup, can be turned off after initial run
|
|
|
#FORCE_DB_INIT_FILE: 1 # force the database init, warning: destroys old DB
|
|
|
#FORCE_RC_SETUP_APP: 1 # force running setup scripts for configuration/license application
|
|
|
MAIN_INI_PATH: /etc/rhodecode/conf/rhodecode.ini
|
|
|
|
|
|
# SVN Specific
|
|
|
MOD_DAV_SVN_PORT: 8090
|
|
|
MOD_DAV_SVN_LOG_LEVEL: info
|
|
|
APACHE_LOG_DIR: /var/log
|
|
|
MOD_DAV_SVN_CONF_FILE: /etc/rhodecode/conf/svn/mod_dav_svn.conf
|
|
|
|
|
|
healthcheck:
|
|
|
test: curl -A RhodeCode-Healthcheck -s -o /dev/null -w '%{http_code}' http://127.0.0.1:$${RC_APP_PORT}/_admin/ops/ping
|
|
|
# requires docker engine 25
|
|
|
#start_period: 2m
|
|
|
#start_interval: 5s
|
|
|
interval: 60s
|
|
|
timeout: 30s
|
|
|
retries: 10
|
|
|
|
|
|
tmpfs:
|
|
|
- /data_ramdisk:size=${RC_DATA_RAMDISK_SIZE:-256M}
|
|
|
|
|
|
rhodecode:
|
|
|
# depends_on:
|
|
|
# - redis
|
|
|
# - database
|
|
|
# - channelstream
|
|
|
# ports:
|
|
|
# - "127.0.0.1::10020"
|
|
|
extends:
|
|
|
service: rhodecode_base
|
|
|
|
|
|
deploy:
|
|
|
# override this in .custom/docker-compose-apps.override.yaml to scale up
|
|
|
# replicas of rhodecode and vcsserver should be equal in most cases
|
|
|
replicas: 1
|
|
|
|
|
|
volumes:
|
|
|
- ./.custom/static_files:/var/opt/rhodecode_static_data
|
|
|
|
|
|
labels:
|
|
|
- "autoheal=true"
|
|
|
- "traefik.enable=true"
|
|
|
- "traefik.http.routers.rhodecode.entrypoints=http"
|
|
|
- "traefik.http.routers.rhodecode.priority=10"
|
|
|
- "traefik.http.routers.rhodecode.rule=Host(`${RC_HOSTNAME:?must-specify-rhodecode-hostname}`)"
|
|
|
- "traefik.http.routers.rhodecode.service=rhodecode-web"
|
|
|
- "traefik.http.services.rhodecode-web.loadbalancer.server.port=10020"
|
|
|
# HTTP + SSL example, should be put into .custom/docker-compose-apps.override.yaml
|
|
|
#- "traefik.http.routers.rhodecode.entrypoints=http,https"
|
|
|
|
|
|
vcsserver:
|
|
|
# depends_on:
|
|
|
# - redis
|
|
|
# ports:
|
|
|
# - "127.0.0.1::10010"
|
|
|
extends:
|
|
|
service: common_base
|
|
|
env_file:
|
|
|
- ${RC_ENV_FILE:?must-specify-rc-env-file}
|
|
|
command: [
|
|
|
"/usr/local/bin/rhodecode_bin/vcs_bin/gunicorn",
|
|
|
"--error-logfile=-",
|
|
|
"--paster=/etc/rhodecode/conf/vcsserver.ini",
|
|
|
"--config=/etc/rhodecode/conf/gunicorn_conf_vcs.py"
|
|
|
]
|
|
|
deploy:
|
|
|
# override this in .custom/docker-compose-apps.override.yaml to scale up
|
|
|
# replicas of rhodecode and vcsserver should be equal in most cases
|
|
|
replicas: 1
|
|
|
environment:
|
|
|
RC_APP_TYPE: rhodecode_vcsserver
|
|
|
RC_APP_PROC: 1
|
|
|
RC_APP_PORT: "10010"
|
|
|
MAIN_INI_PATH: /etc/rhodecode/conf/vcsserver.ini
|
|
|
SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt"
|
|
|
REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt"
|
|
|
GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt"
|
|
|
GUNICORN_CMD_ARGS: "--bind=0.0.0.0:10010 --name=gunicorn-vcsserver-1 --workers=3"
|
|
|
|
|
|
healthcheck:
|
|
|
test: curl -A RhodeCode-Healthcheck -s -o /dev/null -w '%{http_code}' http://127.0.0.1:$${RC_APP_PORT}/status
|
|
|
timeout: 30s
|
|
|
start_period: 5s
|
|
|
interval: 60s
|
|
|
retries: 10
|
|
|
labels:
|
|
|
- "autoheal=true"
|
|
|
|
|
|
celery:
|
|
|
extends:
|
|
|
service: common_base
|
|
|
# depends_on:
|
|
|
# - database
|
|
|
# - redis
|
|
|
env_file:
|
|
|
- ${RC_ENV_FILE:?must-specify-rc-env-file}
|
|
|
command: [
|
|
|
"/usr/local/bin/rhodecode_bin/bin/celery",
|
|
|
"--no-color",
|
|
|
"--app=rhodecode.lib.celerylib.loader",
|
|
|
"worker",
|
|
|
"--autoscale=10,2",
|
|
|
"--max-tasks-per-child=150",
|
|
|
"--hostname=rc-celery-worker@%h",
|
|
|
"--task-events",
|
|
|
"--loglevel=DEBUG",
|
|
|
"--ini=/etc/rhodecode/conf/rhodecode.ini"
|
|
|
]
|
|
|
deploy:
|
|
|
# override this in .custom/docker-compose-apps.override.yaml to scale up
|
|
|
replicas: 1
|
|
|
environment:
|
|
|
RC_APP_TYPE: rhodecode_celery
|
|
|
RC_APP_PROC: 1
|
|
|
MAIN_INI_PATH: /etc/rhodecode/conf/rhodecode.ini
|
|
|
SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt"
|
|
|
REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt"
|
|
|
GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt"
|
|
|
labels:
|
|
|
- "autoheal=true"
|
|
|
|
|
|
celery-beat:
|
|
|
extends:
|
|
|
service: common_base
|
|
|
# depends_on:
|
|
|
# - database
|
|
|
# - redis
|
|
|
env_file:
|
|
|
- ${RC_ENV_FILE:?must-specify-rc-env-file}
|
|
|
command: [
|
|
|
"/usr/local/bin/rhodecode_bin/bin/celery",
|
|
|
"--no-color",
|
|
|
"--app=rhodecode.lib.celerylib.loader",
|
|
|
"beat",
|
|
|
"--scheduler=rhodecode.lib.celerylib.scheduler.RcScheduler",
|
|
|
"--loglevel=DEBUG",
|
|
|
"--ini=/etc/rhodecode/conf/rhodecode.ini"
|
|
|
]
|
|
|
deploy:
|
|
|
# override this in .custom/docker-compose-apps.override.yaml to scale up
|
|
|
replicas: 1
|
|
|
environment:
|
|
|
RC_APP_TYPE: rhodecode_beat
|
|
|
RC_APP_PROC: 1
|
|
|
MAIN_INI_PATH: /etc/rhodecode/conf/rhodecode.ini
|
|
|
SSL_CERT_FILE: "/etc/rhodecode/conf/ca-bundle.crt"
|
|
|
REQUESTS_CA_BUNDLE: "/etc/rhodecode/conf/ca-bundle.crt"
|
|
|
GIT_SSL_CAINFO: "/etc/rhodecode/conf/ca-bundle.crt"
|
|
|
labels:
|
|
|
- "autoheal=true"
|
|
|
|
|
|
svn:
|
|
|
extends:
|
|
|
service: common_base
|
|
|
# depends_on:
|
|
|
# - database
|
|
|
# - redis
|
|
|
|
|
|
# build:
|
|
|
# context: .
|
|
|
# dockerfile: service/svn/rhodecode_svn.dockerfile
|
|
|
# args:
|
|
|
# APACHE_VER: 1.3
|
|
|
|
|
|
env_file:
|
|
|
- ${RC_ENV_FILE:?must-specify-rc-env-file}
|
|
|
command: [
|
|
|
"apachectl",
|
|
|
"-D",
|
|
|
"FOREGROUND"
|
|
|
]
|
|
|
deploy:
|
|
|
# override this in .custom/docker-compose-apps.override.yaml to scale up
|
|
|
replicas: 1
|
|
|
environment:
|
|
|
RC_APP_TYPE: rhodecode_svn
|
|
|
|
|
|
# SVN Specific
|
|
|
APACHE_LOG_DIR: /var/log
|
|
|
|
|
|
MOD_DAV_SVN_PORT: 8090
|
|
|
MOD_DAV_SVN_LOG_LEVEL: info
|
|
|
MOD_DAV_SVN_CONF_FILE: /etc/rhodecode/conf/svn/mod_dav_svn.conf
|
|
|
# image specific, can be skipped, as the info is stored inside the image
|
|
|
#MOD_DAV_CORE_MODULES_DIR: /home/rhodecode/apache2/modules/
|
|
|
#MOD_DAV_SVN_MODULE: /home/rhodecode/apache2/modules/mod_dav.so
|
|
|
|
|
|
healthcheck:
|
|
|
test: curl -A RhodeCode-Healthcheck -s -o /dev/null -w '%{http_code}' http://127.0.0.1:$${MOD_DAV_SVN_PORT}/_server_status
|
|
|
timeout: 30s
|
|
|
interval: 60s
|
|
|
retries: 10
|
|
|
# ports:
|
|
|
# - "127.0.0.1::8090"
|
|
|
labels:
|
|
|
- "autoheal=true"
|
|
|
|
|
|
sshd:
|
|
|
extends:
|
|
|
service: common_base
|
|
|
# depends_on:
|
|
|
# - database
|
|
|
# - redis
|
|
|
env_file:
|
|
|
- ${RC_ENV_FILE:?must-specify-rc-env-file}
|
|
|
command: [
|
|
|
"/usr/sbin/sshd",
|
|
|
"-f",
|
|
|
"/etc/rhodecode/sshd_config",
|
|
|
"-D",
|
|
|
"-e"
|
|
|
]
|
|
|
deploy:
|
|
|
# override this in .custom/docker-compose-apps.override.yaml to scale up
|
|
|
replicas: 1
|
|
|
environment:
|
|
|
RC_APP_TYPE: rhodecode_sshd
|
|
|
SSH_BOOTSTRAP: 1
|
|
|
SSH_ENSURE_PERMS: 1
|
|
|
healthcheck:
|
|
|
# we call ssh internally, to find permission denied, if SSH is DOWN it would be connection refused
|
|
|
test: /usr/bin/ssh -p$${RC_SSH_PORT} -o StrictHostKeyChecking=no -o PasswordAuthentication=No rhodecode@localhost true 2>&1 | grep -c 'Permission denied' > /dev/null
|
|
|
timeout: 30s
|
|
|
interval: 60s
|
|
|
retries: 10
|
|
|
# ports:
|
|
|
# # 9022 is set from .env file too.
|
|
|
# - "9022:$RC_SSH_PORT"
|
|
|
labels:
|
|
|
- "autoheal=true"
|
|
|
- "traefik.enable=true"
|
|
|
- "traefik.tcp.routers.sshd.entrypoints=ssh"
|
|
|
- "traefik.tcp.routers.sshd.rule=HostSNI(`*`)"
|
|
|
- "traefik.tcp.routers.sshd.service=rhodecode-ssh"
|
|
|
- "traefik.tcp.services.rhodecode-ssh.loadbalancer.server.port=${RC_SSH_PORT}"
|
|
|
|