-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose-burcu-photo.yml
107 lines (103 loc) · 4.22 KB
/
docker-compose-burcu-photo.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
version: "3.9"
services:
burcuphoto:
image: ndhakara/burcuphoto
init: true
deploy:
mode: global
rollback_config:
parallelism: 1
delay: 10s
failure_action: rollback
monitor: 5s
# max_failure_ratio: 0.3
labels:
- "traefik.enable=true"
# Routers
## HTTP
- "traefik.http.routers.burcuphoto.rule=(Host(`burcuatak.com`) || Host(`www.burcuatak.com`))"
- "traefik.http.routers.burcuphoto.entrypoints=web"
- "traefik.http.routers.burcuphoto.middlewares=burcuphoto-redirect"
## HTTPS
- "traefik.http.routers.burcuphoto-secure.rule=(Host(`burcuatak.com`) || Host(`www.burcuatak.com`))"
- "traefik.http.routers.burcuphoto-secure.tls.certresolver=awsresolver"
- "traefik.http.routers.burcuphoto-secure.entrypoints=websecure"
- "traefik.http.routers.burcuphoto-secure.middlewares=burcuphoto-inflightreq,burcuphoto-ratelimit,burcuphoto-retry,burcuphoto-compress,burcuphoto-headers"
- "traefik.http.services.burcuphoto-secure.loadbalancer.server.port=8000"
- "traefik.docker.network=frontend"
# Middlewares
# Redirect Middleware
- "traefik.http.middlewares.burcuphoto-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.burcuphoto-redirect.redirectscheme.permanent=true"
## Rate Limit
- "traefik.http.middlewares.burcuphoto-ratelimit.ratelimit.average=10"
- "traefik.http.middlewares.burcuphoto-ratelimit.ratelimit.burst=20"
- "traefik.http.middlewares.burcuphoto-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=10.0.2.0/24"
## Retries
- "traefik.http.middlewares.burcuphoto-retry.retry.attempts=2"
- "traefik.http.middlewares.burcuphoto-retry.retry.initialinterval=100ms"
## InFlightReq
- "traefik.http.middlewares.burcuphoto-inflightreq.inflightreq.amount=3"
- "traefik.http.middlewares.burcuphoto-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=10.0.2.0/24"
## Compress
- "traefik.http.middlewares.burcuphoto-compress.compress=true"
## Headers
- "traefik.http.middlewares.burcuphoto-headers.headers.sslredirect=true"
- "traefik.http.middlewares.burcuphoto-headers.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.burcuphoto-headers.headers.stspreload=true"
- "traefik.http.middlewares.burcuphoto-headers.headers.stsseconds=63072000"
- "traefik.http.middlewares.burcuphoto-headers.headers.permissionsPolicy=geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=self,payment=()"
- "traefik.http.middlewares.burcuphoto-headers.headers.contentSecurityPolicy=default-src 'self'; script-src 'self' https:; object-src 'self'; style-src 'self' https: data:; img-src 'self' https: data:; media-src 'self'; frame-src 'self'; font-src 'self' https: data:; connect-src 'self' https: data:; frame-ancestors 'self';"
placement:
constraints:
- node.role==worker
- node.labels.project==burcuphoto
env_file:
- ./environments/burcuphoto_environment.txt
environment:
SECRET_KEY: /run/secrets/secret-key
EMAIL_HOST_USER: /run/secrets/email-user
EMAIL_HOST_PASSWORD: /run/secrets/email-pass
POSTGRES_USER: /run/secrets/postgres-user
POSTGRES_PASSWORD: /run/secrets/postgres-pass
AWS_ACCESS_KEY_ID: /run/secrets/aws-access
AWS_SECRET_ACCESS_KEY: /run/secrets/aws-secret
secrets:
- secret-key
- email-pass
- email-user
- postgres-user
- postgres-pass
- aws-secret
- aws-access
ports:
- 8000:8000
networks:
- frontend
- backend
healthcheck:
test: curl -fsSL -o /dev/null -w '%{http_code}' http://localhost:8000/ping || exit 1
interval: 15s
timeout: 5s
retries: 3
start_period: 5s
networks:
frontend:
external: true
backend:
external: true
secrets:
secret-key:
external: true
email-pass:
external: true
email-user:
external: true
postgres-user:
external: true
postgres-pass:
external: true
aws-secret:
external: true
aws-access:
external: true