traefik and dev overrides

This commit is contained in:
Blair Vanderlugt 2021-08-11 16:58:38 -07:00
parent 98687e6d56
commit b27b12f192
2 changed files with 195 additions and 21 deletions

View File

@ -0,0 +1,50 @@
version: "3.9"
services:
proxy:
ports:
- "80:80"
- "8090:8080"
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker
# Add a constraint to only use services with the label for this stack
# from the env var TRAEFIK_TAG
- --providers.docker.constraints=Label(`traefik.constraint-label-stack`, `${TRAEFIK_TAG?Variable not set}`)
# Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Disable Docker Swarm mode for local development
# - --providers.docker.swarmmode
# Enable the access log, with HTTP requests
- --accesslog
# Enable the Traefik log, for configurations and errors
- --log
# Enable the Dashboard and API
- --api
# Enable the Dashboard and API in insecure mode for local development
- --api.insecure=true
labels:
- traefik.enable=true
- traefik.http.routers.${STACK_NAME?Variable not set}-traefik-public-http.rule=Host(`${DOMAIN?Variable not set}`)
- traefik.http.services.${STACK_NAME?Variable not set}-traefik-public.loadbalancer.server.port=80
postgres:
environment:
POSTGRES_HOST_AUTH_METHOD: trust # for postgres user access w/o password. Obvioulsy not safe but allows easy elevated debugging.
pgadmin:
ports:
- "5050:5050"
flower:
ports:
- "5555:5555"
cic-cache-server:
ports:
- "63313:8000"
networks:
traefik-public:
# For local dev, don't expect an external Traefik network
external: false

View File

@ -1,4 +1,4 @@
version: "3" version: "3.9"
volumes: volumes:
ganache-db: {} ganache-db: {}
@ -8,10 +8,83 @@ volumes:
bloxberg-data: {} bloxberg-data: {}
contract-config: {} contract-config: {}
networks:
traefik-public:
# Allow setting it to false for testing
external: ${TRAEFIK_PUBLIC_NETWORK_IS_EXTERNAL-true}
services: services:
proxy:
image: traefik:v2.2
networks:
- ${TRAEFIK_PUBLIC_NETWORK?Variable not set}
- default
volumes:
- /var/run/docker.sock:/var/run/docker.sock
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker
# Add a constraint to only use services with the label for this stack
# from the env var TRAEFIK_TAG
- --providers.docker.constraints=Label(`traefik.constraint-label-stack`, `${TRAEFIK_TAG?Variable not set}`)
# Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Enable Docker Swarm mode
- --providers.docker.swarmmode
# Enable the access log, with HTTP requests
- --accesslog
# Enable the Traefik log, for configurations and errors
- --log
# Enable the Dashboard and API
- --api
deploy:
placement:
constraints:
- node.role == manager
labels:
# Enable Traefik for this service, to make it available in the public network
- traefik.enable=true
# Use the traefik-public network (declared below)
- traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK?Variable not set}
# Use the custom label "traefik.constraint-label=traefik-public"
# This public Traefik will only use services with this label
- traefik.constraint-label=${TRAEFIK_PUBLIC_TAG?Variable not set}
# traefik-http set up only to use the middleware to redirect to https
- traefik.http.middlewares.${STACK_NAME?Variable not set}-https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.${STACK_NAME?Variable not set}-https-redirect.redirectscheme.permanent=true
# Handle host with and without "www" to redirect to only one of them
# Uses environment variable DOMAIN
# To disable www redirection remove the Host() you want to discard, here and
# below for HTTPS
- traefik.http.routers.${STACK_NAME?Variable not set}-proxy-http.rule=Host(`${DOMAIN?Variable not set}`) || Host(`www.${DOMAIN?Variable not set}`)
- traefik.http.routers.${STACK_NAME?Variable not set}-proxy-http.entrypoints=http
# traefik-https the actual router using HTTPS
- traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.rule=Host(`${DOMAIN?Variable not set}`) || Host(`www.${DOMAIN?Variable not set}`)
- traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.entrypoints=https
- traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.tls=true
# Use the "le" (Let's Encrypt) resolver created below
- traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.tls.certresolver=le
# Define the port inside of the Docker service to use
- traefik.http.services.${STACK_NAME?Variable not set}-proxy.loadbalancer.server.port=80
# Handle domain with and without "www" to redirect to only one
# To disable www redirection remove the next line
- traefik.http.middlewares.${STACK_NAME?Variable not set}-www-redirect.redirectregex.regex=^https?://(www.)?(${DOMAIN?Variable not set})/(.*)
# Redirect a domain with www to non-www
# To disable it remove the next line
- traefik.http.middlewares.${STACK_NAME?Variable not set}-www-redirect.redirectregex.replacement=https://${DOMAIN?Variable not set}/$${3}
# Redirect a domain without www to www
# To enable it remove the previous line and uncomment the next
# - traefik.http.middlewares.${STACK_NAME}-www-redirect.redirectregex.replacement=https://www.${DOMAIN}/$${3}
# Middleware to redirect www, to disable it remove the next line
- traefik.http.routers.${STACK_NAME?Variable not set}-proxy-https.middlewares=${STACK_NAME?Variable not set}-www-redirect
# Middleware to redirect www, and redirect HTTP to HTTPS
# to disable www redirection remove the section: ${STACK_NAME?Variable not set}-www-redirect,
- traefik.http.routers.${STACK_NAME?Variable not set}-proxy-http.middlewares=${STACK_NAME?Variable not set}-www-redirect,${STACK_NAME?Variable not set}-https-redirect
eth: eth:
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/bloxberg-node image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/bloxberg-node
env_file:
- .env
build: build:
context: apps/bloxbergValidatorSetup context: apps/bloxbergValidatorSetup
restart: unless-stopped restart: unless-stopped
@ -26,25 +99,77 @@ services:
# See contents of /initdb/create_db.sql for app user, password and databases # See contents of /initdb/create_db.sql for app user, password and databases
postgres: postgres:
image: postgres:12.5-alpine image: postgres:12.5-alpine
environment: env_file:
POSTGRES_HOST_AUTH_METHOD: trust # for postgres user access w/o password. Obvioulsy not safe but allows easy elevated debugging. - .env
# PGDATA: /tmp/cic/postgres
ports: ports:
- ${DEV_POSTGRES_PORT:-63432}:5432 - ${DEV_POSTGRES_PORT:-63432}:5432
command: [ "-c", "max_connections=200" ] command: [ "-c", "max_connections=200" ]
deploy:
placement:
constraints:
- node.labels.${STACK_NAME?Variable not set}.app-db-data == true
volumes: volumes:
- ./scripts/initdb/create_db.sql:/docker-entrypoint-initdb.d/1-create_all_db.sql - ./scripts/initdb/create_db.sql:/docker-entrypoint-initdb.d/1-create_all_db.sql
- postgres-db:/var/lib/postgresql/data - postgres-db:/var/lib/postgresql/data
redis: redis:
image: redis:6.0.9-alpine image: redis:6.0.9-alpine
env_file:
- .env
ports: ports:
- ${DEV_REDIS_PORT:-63379}:6379 - ${DEV_REDIS_PORT:-63379}:6379
command: "--loglevel verbose" command: "--loglevel verbose"
pgadmin:
image: dpage/pgadmin4
networks:
- ${TRAEFIK_PUBLIC_NETWORK?Variable not set}
- default
depends_on:
- postgres
env_file:
- .env
deploy:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK?Variable not set}
- traefik.constraint-label=${TRAEFIK_PUBLIC_TAG?Variable not set}
- traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-http.rule=Host(`pgadmin.${DOMAIN?Variable not set}`)
- traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-http.entrypoints=http
- traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-http.middlewares=${STACK_NAME?Variable not set}-https-redirect
- traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-https.rule=Host(`pgadmin.${DOMAIN?Variable not set}`)
- traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-https.entrypoints=https
- traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-https.tls=true
- traefik.http.routers.${STACK_NAME?Variable not set}-pgadmin-https.tls.certresolver=le
- traefik.http.services.${STACK_NAME?Variable not set}-pgadmin.loadbalancer.server.port=5050
flower:
image: mher/flower
networks:
- ${TRAEFIK_PUBLIC_NETWORK?Variable not set}
- default
env_file:
- .env
command: [ "celery", "--broker=redis://redis:6379", "flower" ]
deploy:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK?Variable not set}
- traefik.constraint-label=${TRAEFIK_PUBLIC_TAG?Variable not set}
- traefik.http.routers.${STACK_NAME?Variable not set}-flower-http.rule=Host(`flower.${DOMAIN?Variable not set}`)
- traefik.http.routers.${STACK_NAME?Variable not set}-flower-http.entrypoints=http
- traefik.http.routers.${STACK_NAME?Variable not set}-flower-http.middlewares=${STACK_NAME?Variable not set}-https-redirect
- traefik.http.routers.${STACK_NAME?Variable not set}-flower-https.rule=Host(`flower.${DOMAIN?Variable not set}`)
- traefik.http.routers.${STACK_NAME?Variable not set}-flower-https.entrypoints=https
- traefik.http.routers.${STACK_NAME?Variable not set}-flower-https.tls=true
- traefik.http.routers.${STACK_NAME?Variable not set}-flower-https.tls.certresolver=le
- traefik.http.services.${STACK_NAME?Variable not set}-flower.loadbalancer.server.port=5555
bee: bee:
image: ethersphere/bee:0.4.1 image: ethersphere/bee:0.4.1
container_name: bee container_name: bee
env_file:
- .env
environment: environment:
BEE_NETWORK_ID: ${BEE_NETWORK_ID:-313} BEE_NETWORK_ID: ${BEE_NETWORK_ID:-313}
BEE_PASSWORD: ${BEE_PASSWORD:-password} BEE_PASSWORD: ${BEE_PASSWORD:-password}
@ -64,27 +189,17 @@ services:
pip_index_url: ${PIP_DEFAULT_INDEX_URL:-https://pypi.org/simple} pip_index_url: ${PIP_DEFAULT_INDEX_URL:-https://pypi.org/simple}
pip_extra_args: $PIP_EXTRA_ARGS pip_extra_args: $PIP_EXTRA_ARGS
# image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:latest # image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/contract-migration:latest
env_file:
- .env
environment: environment:
CIC_REGISTRY_ADDRESS: $CIC_REGISTRY_ADDRESS
# ETH_PROVIDER should be broken out into host/port but cic-eth expects this # ETH_PROVIDER should be broken out into host/port but cic-eth expects this
ETH_PROVIDER: http://eth:8545
# And these two are for wait-for-it (could parse this) # And these two are for wait-for-it (could parse this)
DEV_USE_DOCKER_WAIT_SCRIPT: 1 DEV_USE_DOCKER_WAIT_SCRIPT: 1
ETH_PROVIDER_HOST: eth ETH_PROVIDER_HOST: eth
ETH_PROVIDER_PORT: 8545 ETH_PROVIDER_PORT: 8545
CIC_CHAIN_SPEC: ${CIC_CHAIN_SPEC:-evm:bloxberg:8996}
CIC_DATA_DIR: ${CIC_DATA_DIR:-/tmp/cic/config} CIC_DATA_DIR: ${CIC_DATA_DIR:-/tmp/cic/config}
DATABASE_HOST: ${DATABASE_HOST:-postgres}
DATABASE_PORT: ${DATABASE_PORT:-5432}
DATABASE_NAME: ${DEV_DATABASE_NAME_CIC_ETH:-cic_eth} DATABASE_NAME: ${DEV_DATABASE_NAME_CIC_ETH:-cic_eth}
DATABASE_ENGINE: ${DATABASE_ENGINE:-postgresql}
DATABASE_DRIVER: ${DATABASE_DRIVER:-psycopg2}
DATABASE_USER: ${DATABASE_USER:-postgres} DATABASE_USER: ${DATABASE_USER:-postgres}
REDIS_HOST: ${REDIS_HOST:-redis}
REDIS_PORT: ${REDIS_PORT:-6379}
REDIS_DB: ${REDIS_DB:-0}
CELERY_BROKER_URL: ${CELERY_BROKER_URL:-redis://redis:6379}
CELERY_RESULT_URL: ${CELERY_RESULT_URL:-redis://redis:6379}
RUN_MASK: ${RUN_MASK:-0} RUN_MASK: ${RUN_MASK:-0}
DEV_FAUCET_AMOUNT: ${DEV_FAUCET_AMOUNT:-0} DEV_FAUCET_AMOUNT: ${DEV_FAUCET_AMOUNT:-0}
#DEV_SARAFU_DEMURRAGE_LEVEL: ${DEV_SARAFU_DEMURRAGE_LEVEL:-196454828847045000000000000000000} #DEV_SARAFU_DEMURRAGE_LEVEL: ${DEV_SARAFU_DEMURRAGE_LEVEL:-196454828847045000000000000000000}
@ -232,12 +347,9 @@ services:
#PGPASSWORD: $DATABASE_PASSWORD #PGPASSWORD: $DATABASE_PASSWORD
SERVER_PORT: 8000 SERVER_PORT: 8000
ports: ports:
- ${HTTP_PORT_CIC_CACHE:-63313}:8000 - 8000
depends_on: depends_on:
- postgres - postgres
deploy:
restart_policy:
condition: on-failure
command: command:
- /bin/bash - /bin/bash
- -c - -c
@ -247,7 +359,19 @@ services:
--wsgi-file /usr/src/cic-cache/cic_cache/runnable/daemons/server.py \ --wsgi-file /usr/src/cic-cache/cic_cache/runnable/daemons/server.py \
--http :8000 \ --http :8000 \
--pyargv "-vv" --pyargv "-vv"
deploy:
labels:
- traefik.enable=true
- traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK?Variable not set}
- traefik.constraint-label=${TRAEFIK_PUBLIC_TAG?Variable not set}
- traefik.http.routers.${STACK_NAME?Variable not set}-cache-http.rule=Host(`cache.${DOMAIN?Variable not set}`)
- traefik.http.routers.${STACK_NAME?Variable not set}-cache-http.entrypoints=http
- traefik.http.routers.${STACK_NAME?Variable not set}-cache-http.middlewares=${STACK_NAME?Variable not set}-https-redirect
- traefik.http.routers.${STACK_NAME?Variable not set}-cache-https.rule=Host(`cache.${DOMAIN?Variable not set}`)
- traefik.http.routers.${STACK_NAME?Variable not set}-cache-https.entrypoints=https
- traefik.http.routers.${STACK_NAME?Variable not set}-cache-https.tls=true
- traefik.http.routers.${STACK_NAME?Variable not set}-cache-https.tls.certresolver=le
- traefik.http.services.${STACK_NAME?Variable not set}-cache.loadbalancer.server.port=80
cic-eth-tasker: cic-eth-tasker:
image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth image: registry.gitlab.com/grassrootseconomics/cic-internal-integration/cic-eth