From b27b12f1924263d4d8cc0daf5a6257f1b6977c25 Mon Sep 17 00:00:00 2001 From: Blair Vanderlugt Date: Wed, 11 Aug 2021 16:58:38 -0700 Subject: [PATCH] traefik and dev overrides --- docker-compose.override.yml | 50 +++++++++++ docker-compose.yml | 166 +++++++++++++++++++++++++++++++----- 2 files changed, 195 insertions(+), 21 deletions(-) create mode 100644 docker-compose.override.yml diff --git a/docker-compose.override.yml b/docker-compose.override.yml new file mode 100644 index 00000000..f45e40e6 --- /dev/null +++ b/docker-compose.override.yml @@ -0,0 +1,50 @@ +version: "3.9" + +services: + proxy: + ports: + - "80:80" + - "8090:8080" + command: + # Enable Docker in Traefik, so that it reads labels from Docker services + - --providers.docker + # Add a constraint to only use services with the label for this stack + # from the env var TRAEFIK_TAG + - --providers.docker.constraints=Label(`traefik.constraint-label-stack`, `${TRAEFIK_TAG?Variable not set}`) + # Do not expose all Docker services, only the ones explicitly exposed + - --providers.docker.exposedbydefault=false + # Disable Docker Swarm mode for local development + # - --providers.docker.swarmmode + # Enable the access log, with HTTP requests + - --accesslog + # Enable the Traefik log, for configurations and errors + - --log + # Enable the Dashboard and API + - --api + # Enable the Dashboard and API in insecure mode for local development + - --api.insecure=true + labels: + - traefik.enable=true + - traefik.http.routers.${STACK_NAME?Variable not set}-traefik-public-http.rule=Host(`${DOMAIN?Variable not set}`) + - traefik.http.services.${STACK_NAME?Variable not set}-traefik-public.loadbalancer.server.port=80 + + postgres: + environment: + POSTGRES_HOST_AUTH_METHOD: trust # for postgres user access w/o password. Obvioulsy not safe but allows easy elevated debugging. + + pgadmin: + ports: + - "5050:5050" + + flower: + ports: + - "5555:5555" + + cic-cache-server: + ports: + - "63313:8000" + +networks: + traefik-public: + # For local dev, don't expect an external Traefik network + external: false diff --git a/docker-compose.yml b/docker-compose.yml index b91ffb38..f3964270 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,4 @@ -version: "3" +version: "3.9" volumes: ganache-db: {} @@ -8,10 +8,83 @@ volumes: bloxberg-data: {} contract-config: {} +networks: + traefik-public: + # Allow setting it to false for testing + external: ${TRAEFIK_PUBLIC_NETWORK_IS_EXTERNAL-true} services: + proxy: + image: traefik:v2.2 + networks: + - ${TRAEFIK_PUBLIC_NETWORK?Variable not set} + - default + volumes: + - /var/run/docker.sock:/var/run/docker.sock + command: + # Enable Docker in Traefik, so that it reads labels from Docker services + - --providers.docker + # Add a constraint to only use services with the label for this stack + # from the env var TRAEFIK_TAG + - --providers.docker.constraints=Label(`traefik.constraint-label-stack`, `${TRAEFIK_TAG?Variable not set}`) + # Do not expose all Docker services, only the ones explicitly exposed + - --providers.docker.exposedbydefault=false + # Enable Docker Swarm mode + - --providers.docker.swarmmode + # Enable the access log, with HTTP requests + - --accesslog + # Enable the Traefik log, for configurations and errors + - --log + # Enable the Dashboard and API + - --api + deploy: + placement: + constraints: + - node.role == manager + labels: + # Enable Traefik for this service, to make it available in the public network + - traefik.enable=true + # Use the traefik-public network (declared below) + - traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK?Variable not set} + # Use the custom label "traefik.constraint-label=traefik-public" + # This public Traefik will only use services with this label + - traefik.constraint-label=${TRAEFIK_PUBLIC_TAG?Variable not set} + # traefik-http set up only to use the middleware to redirect to https + - traefik.http.middlewares.${STACK_NAME?Variable not set}-https-redirect.redirectscheme.scheme=https + - traefik.http.middlewares.${STACK_NAME?Variable not set}-https-redirect.redirectscheme.permanent=true + # Handle host with and without "www" to redirect to only one of them + # Uses environment variable DOMAIN + # To disable www redirection remove the Host() you want to discard, here and + # below for HTTPS + - traefik.http.routers.${STACK_NAME?Variable not set}-proxy-http.rule=Host(`${DOMAIN?Variable not set}`) || Host(`www.${DOMAIN?Variable not set}`) + - traefik.http.routers.${STACK_NAME?Variable not set}-proxy-http.entrypoints=http + # traefik-https the actual router using HTTPS + - traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.rule=Host(`${DOMAIN?Variable not set}`) || Host(`www.${DOMAIN?Variable not set}`) + - traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.entrypoints=https + - traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.tls=true + # Use the "le" (Let's Encrypt) resolver created below + - traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.tls.certresolver=le + # Define the port inside of the Docker service to use + - traefik.http.services.${STACK_NAME?Variable not set}-proxy.loadbalancer.server.port=80 + # Handle domain with and without "www" to redirect to only one + # To disable www redirection remove the next line + - traefik.http.middlewares.${STACK_NAME?Variable not set}-www-redirect.redirectregex.regex=^https?://(www.)?(${DOMAIN?Variable not set})/(.*) + # Redirect a domain with www to non-www + # To disable it remove the next line + - traefik.http.middlewares.${STACK_NAME?Variable not set}-www-redirect.redirectregex.replacement=https://${DOMAIN?Variable not set}/$${3} + # Redirect a domain without www to www + # To enable it remove the previous line and uncomment the next + # - traefik.http.middlewares.${STACK_NAME}-www-redirect.redirectregex.replacement=https://www.${DOMAIN}/$${3} + # Middleware to redirect www, to disable it remove the next line + - traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.middlewares=${STACK_NAME?Variable not set}-www-redirect + # Middleware to redirect www, and redirect HTTP to HTTPS + # to disable www redirection remove the section: ${STACK_NAME?Variable not set}-www-redirect, + - traefik.http.routers.${STACK_NAME?Variable not set}-proxy-http.middlewares=${STACK_NAME?Variable not set}-www-redirect,${STACK_NAME?Variable not set}-https-redirect + eth: image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/bloxberg-node + env_file: + - .env build: context: apps/bloxbergValidatorSetup restart: unless-stopped @@ -26,25 +99,77 @@ services: # See contents of /initdb/create_db.sql for app user, password and databases postgres: image: postgres:12.5-alpine - environment: - POSTGRES_HOST_AUTH_METHOD: trust # for postgres user access w/o password. Obvioulsy not safe but allows easy elevated debugging. - # PGDATA: /tmp/cic/postgres + env_file: + - .env ports: - ${DEV_POSTGRES_PORT:-63432}:5432 command: [ "-c", "max_connections=200" ] + deploy: + placement: + constraints: + - node.labels.${STACK_NAME?Variable not set}.app-db-data == true volumes: - ./scripts/initdb/create_db.sql:/docker-entrypoint-initdb.d/1-create_all_db.sql - postgres-db:/var/lib/postgresql/data redis: image: redis:6.0.9-alpine + env_file: + - .env ports: - ${DEV_REDIS_PORT:-63379}:6379 command: "--loglevel verbose" + pgadmin: + image: dpage/pgadmin4 + networks: + - ${TRAEFIK_PUBLIC_NETWORK?Variable not set} + - default + depends_on: + - postgres + env_file: + - .env + deploy: + labels: + - traefik.enable=true + - traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK?Variable not set} + - traefik.constraint-label=${TRAEFIK_PUBLIC_TAG?Variable not set} + - traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-http.rule=Host(`pgadmin.${DOMAIN?Variable not set}`) + - traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-http.entrypoints=http + - traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-http.middlewares=${STACK_NAME?Variable not set}-https-redirect + - traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-https.rule=Host(`pgadmin.${DOMAIN?Variable not set}`) + - traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-https.entrypoints=https + - traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-https.tls=true + - traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-https.tls.certresolver=le + - traefik.http.services.${STACK_NAME?Variable not set}-pgadmin.loadbalancer.server.port=5050 + + flower: + image: mher/flower + networks: + - ${TRAEFIK_PUBLIC_NETWORK?Variable not set} + - default + env_file: + - .env + command: [ "celery", "--broker=redis://redis:6379", "flower" ] + deploy: + labels: + - traefik.enable=true + - traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK?Variable not set} + - traefik.constraint-label=${TRAEFIK_PUBLIC_TAG?Variable not set} + - traefik.http.routers.${STACK_NAME?Variable not set}-flower-http.rule=Host(`flower.${DOMAIN?Variable not set}`) + - traefik.http.routers.${STACK_NAME?Variable not set}-flower-http.entrypoints=http + - traefik.http.routers.${STACK_NAME?Variable not set}-flower-http.middlewares=${STACK_NAME?Variable not set}-https-redirect + - traefik.http.routers.${STACK_NAME?Variable not set}-flower-https.rule=Host(`flower.${DOMAIN?Variable not set}`) + - traefik.http.routers.${STACK_NAME?Variable not set}-flower-https.entrypoints=https + - traefik.http.routers.${STACK_NAME?Variable not set}-flower-https.tls=true + - traefik.http.routers.${STACK_NAME?Variable not set}-flower-https.tls.certresolver=le + - traefik.http.services.${STACK_NAME?Variable not set}-flower.loadbalancer.server.port=5555 + bee: image: ethersphere/bee:0.4.1 container_name: bee + env_file: + - .env environment: BEE_NETWORK_ID: ${BEE_NETWORK_ID:-313} BEE_PASSWORD: ${BEE_PASSWORD:-password} @@ -64,27 +189,17 @@ services: pip_index_url: ${PIP_DEFAULT_INDEX_URL:-https://pypi.org/simple} pip_extra_args: $PIP_EXTRA_ARGS # image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:latest + env_file: + - .env environment: - CIC_REGISTRY_ADDRESS: $CIC_REGISTRY_ADDRESS # ETH_PROVIDER should be broken out into host/port but cic-eth expects this - ETH_PROVIDER: http://eth:8545 # And these two are for wait-for-it (could parse this) DEV_USE_DOCKER_WAIT_SCRIPT: 1 ETH_PROVIDER_HOST: eth ETH_PROVIDER_PORT: 8545 - CIC_CHAIN_SPEC: ${CIC_CHAIN_SPEC:-evm:bloxberg:8996} CIC_DATA_DIR: ${CIC_DATA_DIR:-/tmp/cic/config} - DATABASE_HOST: ${DATABASE_HOST:-postgres} - DATABASE_PORT: ${DATABASE_PORT:-5432} DATABASE_NAME: ${DEV_DATABASE_NAME_CIC_ETH:-cic_eth} - DATABASE_ENGINE: ${DATABASE_ENGINE:-postgresql} - DATABASE_DRIVER: ${DATABASE_DRIVER:-psycopg2} DATABASE_USER: ${DATABASE_USER:-postgres} - REDIS_HOST: ${REDIS_HOST:-redis} - REDIS_PORT: ${REDIS_PORT:-6379} - REDIS_DB: ${REDIS_DB:-0} - CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://redis:6379} - CELERY_RESULT_URL: ${CELERY_RESULT_URL:-redis://redis:6379} RUN_MASK: ${RUN_MASK:-0} DEV_FAUCET_AMOUNT: ${DEV_FAUCET_AMOUNT:-0} #DEV_SARAFU_DEMURRAGE_LEVEL: ${DEV_SARAFU_DEMURRAGE_LEVEL:-196454828847045000000000000000000} @@ -232,12 +347,9 @@ services: #PGPASSWORD: $DATABASE_PASSWORD SERVER_PORT: 8000 ports: - - ${HTTP_PORT_CIC_CACHE:-63313}:8000 + - 8000 depends_on: - postgres - deploy: - restart_policy: - condition: on-failure command: - /bin/bash - -c @@ -247,7 +359,19 @@ services: --wsgi-file /usr/src/cic-cache/cic_cache/runnable/daemons/server.py \ --http :8000 \ --pyargv "-vv" - + deploy: + labels: + - traefik.enable=true + - traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK?Variable not set} + - traefik.constraint-label=${TRAEFIK_PUBLIC_TAG?Variable not set} + - traefik.http.routers.${STACK_NAME?Variable not set}-cache-http.rule=Host(`cache.${DOMAIN?Variable not set}`) + - traefik.http.routers.${STACK_NAME?Variable not set}-cache-http.entrypoints=http + - traefik.http.routers.${STACK_NAME?Variable not set}-cache-http.middlewares=${STACK_NAME?Variable not set}-https-redirect + - traefik.http.routers.${STACK_NAME?Variable not set}-cache-https.rule=Host(`cache.${DOMAIN?Variable not set}`) + - traefik.http.routers.${STACK_NAME?Variable not set}-cache-https.entrypoints=https + - traefik.http.routers.${STACK_NAME?Variable not set}-cache-https.tls=true + - traefik.http.routers.${STACK_NAME?Variable not set}-cache-https.tls.certresolver=le + - traefik.http.services.${STACK_NAME?Variable not set}-cache.loadbalancer.server.port=80 cic-eth-tasker: image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth