mirrors/lago
1
0
Fork 0
mirror of https://github.com/getlago/lago.git synced 2025-01-03 13:30:02 +07:00
Code Issues Packages Projects Releases Wiki Activity

feat(docker-compose): integrate Traefik for SSL management and improve service configurations

Browse Source
This commit is contained in:
Jean-Baptiste DONNETTE 2024-10-04 10:37:14 +02:00
parent c4b2323546
commit 30aabdd8a9
1 changed files with 88 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

184
docker-compose.yml
View File

@ -2,6 +2,8 @@ volumes:
lago_postgres_data:
lago_redis_data:
lago_storage_data:
traefik_certificates:
traefik_config:
x-common-environment: &common-environment
LAGO_API_URL: ${LAGO_API_URL}
@ -11,7 +13,7 @@ x-common-environment: &common-environment
RAILS_LOG_TO_STDOUT: ${LAGO_RAILS_STDOUT}
SENTRY_DSN: ${SENTRY_DSN}
LAGO_FRONT_URL: ${LAGO_FRONT_URL}
LAGO_RSA_PRIVATE_KEY: ${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded
LAGO_RSA_PRIVATE_KEY: ${LAGO_RSA_PRIVATE_KEY}
LAGO_ENCRYPTION_PRIMARY_KEY: ${LAGO_ENCRYPTION_PRIMARY_KEY}
LAGO_ENCRYPTION_DETERMINISTIC_KEY: ${LAGO_ENCRYPTION_DETERMINISTIC_KEY}
LAGO_ENCRYPTION_KEY_DERIVATION_SALT: ${LAGO_ENCRYPTION_KEY_DERIVATION_SALT}
@ -46,8 +48,85 @@ x-front-environment: &front-environment
SENTRY_DSN: ${SENTRY_DSN_FRONT}
NANGO_SECRET_KEY: ${NANGO_SECRET_KEY}
services:
traefik:
image: traefik:v2.5
container_name: traefik
restart: unless-stopped
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--certificatesresolvers.selfsigned.acme.tlschallenge=true"
- "--certificatesresolvers.selfsigned.acme.email=your-email@example.com"
- "--certificatesresolvers.selfsigned.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "8443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- traefik_certificates:/letsencrypt
- traefik_config:/traefik
labels:
- "traefik.http.routers.api.entrypoints=websecure"
- "traefik.http.routers.api.rule=Host(`localhost`)"
- "traefik.http.services.api.loadbalancer.server.port=3000"
api:
container_name: lago-api
image: getlago/api:v1.12.2
restart: unless-stopped
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
command: ['./scripts/start.sh']
environment:
<<: *api-environment
DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?search_path=${POSTGRES_SCHEMA}"
REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT:-6379}"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 10s
timeout: 60s
retries: 5
ports:
- ${API_PORT}:3000
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.entrypoints=websecure"
- "traefik.http.routers.api.rule=Host(`localhost`)"
- "traefik.http.services.api.loadbalancer.server.port=3000"
volumes:
- lago_storage_data:/app/storage
front:
container_name: lago-front
image: getlago/front:v1.12.2
restart: unless-stopped
depends_on:
api:
condition: service_healthy
environment:
<<: *front-environment
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:${FRONT_PORT}"]
interval: 30s
timeout: 10s
retries: 3
labels:
- "traefik.enable=true"
- "traefik.http.routers.front.entrypoints=websecure"
- "traefik.http.routers.front.rule=Host(`localhost`)"
- "traefik.http.services.front.loadbalancer.server.port=80"
volumes:
- lago_storage_data:/app/storage
ports:
- ${FRONT_PORT:-8080}:80
db:
image: postgres:14-alpine
restart: unless-stopped
@ -72,65 +151,17 @@ services:
image: redis:6-alpine
container_name: lago-redis
restart: unless-stopped
command: --port ${REDIS_PORT}
command: --port ${REDIS_PORT:-6379}
volumes:
- lago_redis_data:/data
ports:
- ${REDIS_PORT}:${REDIS_PORT}
- ${REDIS_PORT:-6379}:${REDIS_PORT:-6379}
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
api:
container_name: lago-api
image: getlago/api:v1.12.2
restart: unless-stopped
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
command: ['./scripts/start.sh']
healthcheck:
test: curl -f http://localhost:3000/health || exit 1
interval: 10s
start_period: 30s
timeout: 60s
# uncomment for a potentially faster startup if you have docker --version > 25.0.0
# start_interval: 2s
environment:
<<: *api-environment
DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?search_path=${POSTGRES_SCHEMA}"
REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT}"
volumes:
- lago_storage_data:/app/storage
# If using GCS, you need to put the credentials keyfile here
# - gcs_keyfile.json:/app/gcs_keyfile.json
ports:
- ${API_PORT}:3000
front:
container_name: lago-front
image: getlago/front:v1.12.2
restart: unless-stopped
depends_on:
api:
condition: service_healthy
environment:
<<: *front-environment
ports:
- ${FRONT_PORT}:80
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:${FRONT_PORT}"]
interval: 30s
timeout: 10s
retries: 3
start_period: 10s
api-worker:
container_name: lago-worker
image: getlago/api:v1.12.2
@ -139,15 +170,13 @@ services:
api:
condition: service_healthy
command: ['./scripts/start.worker.sh']
healthcheck:
test: ['CMD-SHELL', 'bundle exec sidekiqmon | grep $(hostname) || exit 1']
environment:
<<: *common-environment
LAGO_REDIS_CACHE_URL: "redis://${LAGO_REDIS_CACHE_HOST}:${LAGO_REDIS_CACHE_PORT}"
DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?search_path=${POSTGRES_SCHEMA}"
REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT}"
# SIDEKIQ_EVENTS: ${SIDEKIQ_EVENTS}
# SIDEKIQ_PDFS: ${SIDEKIQ_PDFS}
REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT:-6379}"
healthcheck:
test: ['CMD-SHELL', 'bundle exec sidekiqmon | grep $(hostname) || exit 1']
volumes:
- lago_storage_data:/app/storage
@ -163,7 +192,7 @@ services:
<<: *common-environment
LAGO_REDIS_CACHE_URL: "redis://${LAGO_REDIS_CACHE_HOST}:${LAGO_REDIS_CACHE_PORT}"
DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?search_path=${POSTGRES_SCHEMA}"
REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT}"
REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT:-6379}"
pdf:
image: getlago/lago-gotenberg:7.8.2
@ -179,41 +208,4 @@ services:
command: ['./scripts/start.migrate.sh']
volumes:
- lago_storage_data:/app/storage
environment:
RAILS_ENV: ${RAILS_ENV}
SECRET_KEY_BASE: ${SECRET_KEY_BASE}
LAGO_RSA_PRIVATE_KEY: ${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded
DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?search_path=${POSTGRES_SCHEMA}"
REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT}"
REDIS_PASSWORD: ${REDIS_PASSWORD}
# You can uncomment this if you want to use a dedicated Sidekiq worker for the event ingestion.
# It is recommendend if you have a high usage of events to not impact the other Sidekiq Jobs.
# api-events-worker:
# container_name: lago-events-worker
# image: getlago/api:v1.12.2
# restart: unless-stopped
# depends_on:
# api:
# condition: service_healthy
# command: ["./scripts/start.events.worker.sh"]
# environment:
# <<: *api-environment
# You can uncomment this if you want to use a dedicated Sidekiq worker for the invoices pdf creation.
# It is recommended if you have a high usage of invoices being created to not impact the other Sidekiq Jobs.
# api-pdfs-worker:
# container_name: lago-pdfs-worker
# image: getlago/api:v1.12.2
# restart: unless-stopped
# depends_on:
# api:
# condition: service_healthy
# command: ["./scripts/start.pdfs.worker.sh"]
# environment:
# <<: *api-environment