0c3bda1a89
- Added an example .env file, where all variables start with `OBS_` - `OBS_` variables are handled by the portal as configuration variables - Uncomment some variables in the config.py, since the config.py overrides the env-vars - Use env-vars and env-file in the docker-compose.yaml - Add the worker to the docker-compose.yaml - Add KeyCloak with its own postgres to the docker-compose.yaml
151 lines
4.2 KiB
YAML
151 lines
4.2 KiB
YAML
version: '3.5'
|
|
|
|
networks:
|
|
gateway:
|
|
external: true
|
|
name: gateway
|
|
backend:
|
|
internal: true
|
|
|
|
services:
|
|
|
|
############################################################
|
|
# Portal
|
|
############################################################
|
|
|
|
postgres:
|
|
image: "openmaptiles/postgis:6.0"
|
|
environment:
|
|
- POSTGRES_DB=${OBS_POSTGRES_DB}
|
|
- POSTGRES_USER=${OBS_POSTGRES_USER}
|
|
- POSTGRES_PASSWORD=${OBS_POSTGRES_PASSWORD}
|
|
volumes:
|
|
- ./data/postgres/data:/var/lib/postgresql/data
|
|
networks:
|
|
- backend
|
|
|
|
portal:
|
|
image: openbikesensor-portal
|
|
build:
|
|
context: ./source
|
|
env_file: .env
|
|
volumes:
|
|
- ./data/api-data:${OBS_DATA_DIR}
|
|
- ./config/config.py:/opt/obs/api/config.py
|
|
- ./data/tiles/:/tiles
|
|
- ./data/pbf/:/pbf
|
|
restart: on-failure
|
|
depends_on:
|
|
- traefik
|
|
- postgres
|
|
- worker
|
|
# - keycloak
|
|
labels:
|
|
- traefik.http.routers.portal.rule=Host(`${OBS_PORTAL_URI}`)
|
|
- traefik.http.routers.portal.entrypoints=websecure
|
|
- traefik.http.routers.portal.tls=true
|
|
- traefik.http.routers.portal.tls.certresolver=leresolver
|
|
- traefik.docker.network=gateway
|
|
# - traefik.http.services.portal.loadbalancer.server.port=3000
|
|
networks:
|
|
- gateway
|
|
- backend
|
|
|
|
worker:
|
|
image: openbikesensor-portal
|
|
build:
|
|
context: ./source
|
|
env_file: .env
|
|
volumes:
|
|
- ./data/api-data:${OBS_DATA_DIR}
|
|
- ./config/config.py:/opt/obs/api/config.py
|
|
restart: on-failure
|
|
depends_on:
|
|
- postgres
|
|
networks:
|
|
- backend
|
|
command:
|
|
- python
|
|
- tools/process_track.py
|
|
|
|
############################################################
|
|
# Traefik
|
|
############################################################
|
|
|
|
traefik:
|
|
image: traefik:2.4.8
|
|
restart: always
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
# The Web UI (enabled by [api] in traefik.toml)
|
|
# - "8080:8080"
|
|
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- ./config/traefik.toml:/traefik.toml
|
|
- ./config/usersfile:/usersfile
|
|
- ./config/acme:/acme
|
|
|
|
networks:
|
|
- gateway
|
|
|
|
labels:
|
|
# global redirect from http to https
|
|
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
|
|
- "traefik.http.routers.http-catchall.entrypoints=web"
|
|
# Define middlewares to be used
|
|
- "traefik.http.routers.http-catchall.middlewares=redirect-http-to-https"
|
|
# Configure middlewares
|
|
- "traefik.http.middlewares.redirect-http-to-https.redirectscheme.scheme=https"
|
|
|
|
############################################################
|
|
# Keycloak
|
|
############################################################
|
|
|
|
keycloak:
|
|
image: jboss/keycloak:15.1.0
|
|
restart: always
|
|
networks:
|
|
- gateway
|
|
- backend
|
|
env_file: .env
|
|
environment:
|
|
# database
|
|
- DB_VENDOR=postgres
|
|
- DB_ADDR=${OBS_KEYCLOAK_POSTGRES_HOST}
|
|
- DB_DATABASE=${OBS_KEYCLOAK_POSTGRES_DB}
|
|
- DB_USER=${OBS_KEYCLOAK_POSTGRES_USER}
|
|
- DB_PASSWORD=${OBS_KEYCLOAK_POSTGRES_PASSWORD}
|
|
# admin user
|
|
- KEYCLOAK_USER=${OBS_KEYCLOAK_ADMIN_USER}
|
|
- KEYCLOAK_PASSWORD=${OBS_KEYCLOAK_ADMIN_PASSWORD}
|
|
- PROXY_ADDRESS_FORWARDING=true
|
|
- OBS_KEYCLOAK_PORTAL_REDIRECT_URI=${OBS_KEYCLOAK_PORTAL_REDIRECT_URI}
|
|
depends_on:
|
|
- traefik
|
|
- postgres-keycloak
|
|
labels:
|
|
- "traefik.http.routers.login.rule=Host(`${OBS_KEYCLOAK_URI}`)"
|
|
- "traefik.http.routers.login.entrypoints=websecure"
|
|
- "traefik.http.routers.login.tls=true"
|
|
- "traefik.http.routers.login.tls.certresolver=leresolver"
|
|
# This container runs on two ports (8080/tcp, 8443/tcp). Tell traefik, which one to use.
|
|
- "traefik.http.services.login.loadbalancer.server.port=8080"
|
|
# This container runs on more than one network. Tell traefik, which one to use.
|
|
- "traefik.docker.network=gateway"
|
|
|
|
postgres-keycloak:
|
|
image: postgres:13.3
|
|
restart: always
|
|
networks:
|
|
- backend
|
|
volumes:
|
|
- ./data/postgres-keycloak:/var/lib/postgresql/data
|
|
environment:
|
|
- POSTGRES_DB=${OBS_KEYCLOAK_POSTGRES_DB}
|
|
- POSTGRES_USER=${OBS_KEYCLOAK_POSTGRES_USER}
|
|
- POSTGRES_PASSWORD=${OBS_KEYCLOAK_POSTGRES_PASSWORD}
|
|
labels:
|
|
- traefik.enable=false
|