diff options
Diffstat (limited to 'deploy/docker-compose.yml')
-rw-r--r-- | deploy/docker-compose.yml | 225 |
1 files changed, 114 insertions, 111 deletions
diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml index ed09d0c..c8a2cba 100644 --- a/deploy/docker-compose.yml +++ b/deploy/docker-compose.yml @@ -1,167 +1,170 @@ version: '2.4' services: - nginx: - restart: always - image: nginx:mainline-alpine - ports: - - 80:80 - - 443:443 - environment: - - NGINX_HOST=plural.cafe - volumes: - - /etc/localtime:/etc/localtime:ro - - ./.docker/nginx/nginx.conf:/etc/nginx/conf.d/web.template:ro - - ./.acme.sh/${NGINX_HOST}_ecc/${NGINX_HOST}.cer:/etc/ssl/cert.pem:ro - - ./.acme.sh/${NGINX_HOST}_ecc/${NGINX_HOST}.key:/etc/ssl/privkey.pem:ro - - ./.acme.sh/${NGINX_HOST}_ecc/fullchain.cer:/etc/ssl/fullchain.pem:ro - - ./public:/var/www/html:ro - command: sh -c "envsubst \"`env | awk -F = '{printf \" $$%s\", $$1}'`\" < /etc/nginx/conf.d/web.template > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'" - networks: - - external_network - - mstweb_network - - mststreaming_network - - netdata_network - - netdata: - restart: always - image: titpetric/netdata - cap_add: - - SYS_PTRACE + # automatically update images + watchtower: + image: containrrr/watchtower + restart: unless-stopped volumes: - - /etc/localtime:/etc/localtime:ro - - ./.docker/netdata:/etc/netdata - - /proc:/host/proc:ro - - /sys:/host/sys:ro - /var/run/docker.sock:/var/run/docker.sock networks: - - netdata_network + - external + # may not be necessary with recent docker, need to investigate ipv6nat: + image: robbertkl/ipv6nat restart: always + privileged: true + network_mode: host volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - /lib/modules:/lib/modules:ro - privileged: true - network_mode: host - image: robbertkl/ipv6nat - mstdb: - restart: always - image: postgres:9.6-alpine - networks: - - mstdb_network + logrotate: + image: blacklabelops/logrotate + restart: unless-stopped + environment: + - LOGS_DIRECTORIES=/var/lib/docker/containers + - LOGROTATE_INTERVAL=daily + - LOGROTATE_COPIES=90 volumes: - /etc/localtime:/etc/localtime:ro - - ./.docker/mastodon/db:/var/lib/postgresql/data + - /var/lib/docker/containers:/var/lib/docker/containers + logging: + driver: "json-file" + options: + max-size: "50m" + max-file: "3" - mstredis: + db: restart: always - image: redis:4-alpine + image: postgres:11-alpine + healthcheck: + test: ["CMD", "pg_isready", "-U", "postgres"] networks: - - mstredis_network + - db_network volumes: - /etc/localtime:/etc/localtime:ro - - ./.docker/mastodon/redis:/data + - /etc/timezone:/etc/timezone:ro + - ./mastodon/db:/var/lib/postgresql/data - mstes: + redis: restart: always - image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.2.3 - environment: - - bootstrap.memory_lock=true - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - ulimits: - memlock: - soft: -1 - hard: -1 + image: redis:alpine + healthcheck: + test: ["CMD", "redis-cli", "ping"] networks: - - mstes_network + - redis_network volumes: - /etc/localtime:/etc/localtime:ro - - ./.docker/mastodon/es:/usr/share/elasticsearch/data + - /etc/timezone:/etc/timezone:ro + - ./mastodon/redis:/data - mstweb: - image: pluralcafe/mastodon:stable + mastodon-web: + image: pluralcafe/mastodon:edge + healthcheck: + test: ["CMD-SHELL", "wget -q --spider --header 'x-forwarded-proto: https' --proxy=off localhost:3000/health || exit 1"] restart: always - env_file: ./.docker/mastodon/.env.production - environment: - - WEB_CONCURRENCY=1 - - MAX_THREADS=15 - command: sh -c "rm -f /mastodon/tmp/pids/server.pid; rake db:migrate; bundle exec rails s -p 3000 -b '0.0.0.0'" + env_file: ./mastodon/.env.production + command: sh -c "rm -f /mastodon/tmp/pids/server.pid; RAILS_ENV=production bundle exec rails db:migrate; bundle exec rails s -p 3000 -b '0.0.0.0'" networks: - - mstdb_network - - mstes_network - - mstredis_network - - mstweb_network + - db_network + - redis_network + - external depends_on: - - mstdb - - mstredis - - mstes + - ipv6nat + - db + - redis + ports: + - "127.0.0.1:3010:3000" volumes: - /etc/localtime:/etc/localtime:ro - - ./public/system:/mastodon/public/system + - /etc/timezone:/etc/timezone:ro + - ./html/system:/mastodon/public/system - mststreaming: - image: pluralcafe/mastodon:stable + mastodon-streaming: + image: pluralcafe/mastodon:edge + healthcheck: + test: ["CMD-SHELL", "wget -q --spider --header 'x-forwarded-proto: https' --proxy=off localhost:4000/api/v1/streaming/health || exit 1"] restart: always - env_file: .docker/mastodon/.env.production + env_file: ./mastodon/.env.production command: yarn start + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro networks: - - mstdb_network - - mstredis_network - - mststreaming_network + - db_network + - redis_network + - external depends_on: - - mstdb - - mstredis + - db + - redis + ports: + - "127.0.0.1:3011:4000" - mstsidekiq: - image: pluralcafe/mastodon:stable + sidekiq: + image: pluralcafe/mastodon:edge restart: always - env_file: .docker/mastodon/.env.production - environment: - - DB_POOL=10 - command: bundle exec sidekiq -q default -q mailers -q pull -q push + env_file: ./mastodon/.env.production + command: bundle exec sidekiq -q default -q mailers -q push -q pull -q scheduler depends_on: - - mstdb - - mstes - - mstredis + - ipv6nat + - db + - redis networks: - - external_network - - mstdb_network - - mstes_network - - mstredis_network + - external + - db_network + - redis_network volumes: - - ./public/system:/mastodon/public/system + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + - ./html/system:/mastodon/public/system - mstbarkeep: + # after the Twitter migration of november 2022, separating ingress only makes sense + sidekiq-ingress: + image: pluralcafe/mastodon:edge + restart: always + env_file: ./mastodon/.env.production + command: bundle exec sidekiq -q default -q ingress + depends_on: + - ipv6nat + - db + - redis + networks: + - external + - db_network + - redis_network + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + - ./html/system:/mastodon/public/system + + barkeep: image: pluralcafe/barkeep restart: always - env_file: ./.docker/mastodon/.env.ambassador + env_file: ./mastodon/.env.ambassador command: yarn start depends_on: - - mstdb + - db + - ipv6nat + - mastodon-web networks: - - external_network - - mstdb_network + - external + - db_network + volumes: + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro networks: - external_network: + external: driver: bridge enable_ipv6: true ipam: driver: default config: - subnet: 172.18.0.0/16 - - subnet: fd00:dead:beef::/48 - mstdb_network: - internal: true - mstes_network: - internal: true - mstredis_network: - internal: true - mststreaming_network: - internal: true - mstweb_network: - internal: true - netdata_network: + - subnet: fd00:0000:0000::/48 + db_network: internal: true + redis_network: + internal: true |