From 30aabdd8a9a9c9925c2de00e8eb54748b04fb9cd Mon Sep 17 00:00:00 2001 From: Jean-Baptiste DONNETTE Date: Fri, 4 Oct 2024 10:37:14 +0200 Subject: [PATCH] feat(docker-compose): integrate Traefik for SSL management and improve service configurations --- docker-compose.yml | 184 ++++++++++++++++++++++----------------------- 1 file changed, 88 insertions(+), 96 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index a7c4551..a5d1bfe 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,6 +2,8 @@ volumes: lago_postgres_data: lago_redis_data: lago_storage_data: + traefik_certificates: + traefik_config: x-common-environment: &common-environment LAGO_API_URL: ${LAGO_API_URL} @@ -11,7 +13,7 @@ x-common-environment: &common-environment RAILS_LOG_TO_STDOUT: ${LAGO_RAILS_STDOUT} SENTRY_DSN: ${SENTRY_DSN} LAGO_FRONT_URL: ${LAGO_FRONT_URL} - LAGO_RSA_PRIVATE_KEY: ${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded + LAGO_RSA_PRIVATE_KEY: ${LAGO_RSA_PRIVATE_KEY} LAGO_ENCRYPTION_PRIMARY_KEY: ${LAGO_ENCRYPTION_PRIMARY_KEY} LAGO_ENCRYPTION_DETERMINISTIC_KEY: ${LAGO_ENCRYPTION_DETERMINISTIC_KEY} LAGO_ENCRYPTION_KEY_DERIVATION_SALT: ${LAGO_ENCRYPTION_KEY_DERIVATION_SALT} @@ -46,8 +48,85 @@ x-front-environment: &front-environment SENTRY_DSN: ${SENTRY_DSN_FRONT} NANGO_SECRET_KEY: ${NANGO_SECRET_KEY} - services: + traefik: + image: traefik:v2.5 + container_name: traefik + restart: unless-stopped + command: + - "--api.insecure=true" + - "--providers.docker=true" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--entrypoints.web.http.redirections.entrypoint.to=websecure" + - "--certificatesresolvers.selfsigned.acme.tlschallenge=true" + - "--certificatesresolvers.selfsigned.acme.email=your-email@example.com" + - "--certificatesresolvers.selfsigned.acme.storage=/letsencrypt/acme.json" + ports: + - "80:80" + - "8443:443" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - traefik_certificates:/letsencrypt + - traefik_config:/traefik + + labels: + - "traefik.http.routers.api.entrypoints=websecure" + - "traefik.http.routers.api.rule=Host(`localhost`)" + - "traefik.http.services.api.loadbalancer.server.port=3000" + + api: + container_name: lago-api + image: getlago/api:v1.12.2 + restart: unless-stopped + depends_on: + db: + condition: service_healthy + redis: + condition: service_healthy + command: ['./scripts/start.sh'] + environment: + <<: *api-environment + DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?search_path=${POSTGRES_SCHEMA}" + REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT:-6379}" + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:3000/health"] + interval: 10s + timeout: 60s + retries: 5 + ports: + - ${API_PORT}:3000 + labels: + - "traefik.enable=true" + - "traefik.http.routers.api.entrypoints=websecure" + - "traefik.http.routers.api.rule=Host(`localhost`)" + - "traefik.http.services.api.loadbalancer.server.port=3000" + volumes: + - lago_storage_data:/app/storage + + front: + container_name: lago-front + image: getlago/front:v1.12.2 + restart: unless-stopped + depends_on: + api: + condition: service_healthy + environment: + <<: *front-environment + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:${FRONT_PORT}"] + interval: 30s + timeout: 10s + retries: 3 + labels: + - "traefik.enable=true" + - "traefik.http.routers.front.entrypoints=websecure" + - "traefik.http.routers.front.rule=Host(`localhost`)" + - "traefik.http.services.front.loadbalancer.server.port=80" + volumes: + - lago_storage_data:/app/storage + ports: + - ${FRONT_PORT:-8080}:80 db: image: postgres:14-alpine restart: unless-stopped @@ -72,65 +151,17 @@ services: image: redis:6-alpine container_name: lago-redis restart: unless-stopped - command: --port ${REDIS_PORT} + command: --port ${REDIS_PORT:-6379} volumes: - lago_redis_data:/data ports: - - ${REDIS_PORT}:${REDIS_PORT} + - ${REDIS_PORT:-6379}:${REDIS_PORT:-6379} healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 10s timeout: 5s retries: 5 - api: - container_name: lago-api - image: getlago/api:v1.12.2 - restart: unless-stopped - depends_on: - db: - condition: service_healthy - redis: - condition: service_healthy - command: ['./scripts/start.sh'] - healthcheck: - test: curl -f http://localhost:3000/health || exit 1 - interval: 10s - start_period: 30s - timeout: 60s - # uncomment for a potentially faster startup if you have docker --version > 25.0.0 - # start_interval: 2s - environment: - <<: *api-environment - DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?search_path=${POSTGRES_SCHEMA}" - REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT}" - volumes: - - lago_storage_data:/app/storage - # If using GCS, you need to put the credentials keyfile here - # - gcs_keyfile.json:/app/gcs_keyfile.json - ports: - - ${API_PORT}:3000 - - - front: - container_name: lago-front - image: getlago/front:v1.12.2 - restart: unless-stopped - depends_on: - api: - condition: service_healthy - environment: - <<: *front-environment - - ports: - - ${FRONT_PORT}:80 - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:${FRONT_PORT}"] - interval: 30s - timeout: 10s - retries: 3 - start_period: 10s - api-worker: container_name: lago-worker image: getlago/api:v1.12.2 @@ -139,15 +170,13 @@ services: api: condition: service_healthy command: ['./scripts/start.worker.sh'] - healthcheck: - test: ['CMD-SHELL', 'bundle exec sidekiqmon | grep $(hostname) || exit 1'] environment: <<: *common-environment LAGO_REDIS_CACHE_URL: "redis://${LAGO_REDIS_CACHE_HOST}:${LAGO_REDIS_CACHE_PORT}" DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?search_path=${POSTGRES_SCHEMA}" - REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT}" - # SIDEKIQ_EVENTS: ${SIDEKIQ_EVENTS} - # SIDEKIQ_PDFS: ${SIDEKIQ_PDFS} + REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT:-6379}" + healthcheck: + test: ['CMD-SHELL', 'bundle exec sidekiqmon | grep $(hostname) || exit 1'] volumes: - lago_storage_data:/app/storage @@ -163,7 +192,7 @@ services: <<: *common-environment LAGO_REDIS_CACHE_URL: "redis://${LAGO_REDIS_CACHE_HOST}:${LAGO_REDIS_CACHE_PORT}" DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?search_path=${POSTGRES_SCHEMA}" - REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT}" + REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT:-6379}" pdf: image: getlago/lago-gotenberg:7.8.2 @@ -179,41 +208,4 @@ services: command: ['./scripts/start.migrate.sh'] volumes: - lago_storage_data:/app/storage - environment: - RAILS_ENV: ${RAILS_ENV} - SECRET_KEY_BASE: ${SECRET_KEY_BASE} - LAGO_RSA_PRIVATE_KEY: ${LAGO_RSA_PRIVATE_KEY} # Should be base64 encoded - DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?search_path=${POSTGRES_SCHEMA}" - REDIS_URL: "redis://${REDIS_HOST}:${REDIS_PORT}" - REDIS_PASSWORD: ${REDIS_PASSWORD} - - - - - - # You can uncomment this if you want to use a dedicated Sidekiq worker for the event ingestion. - # It is recommendend if you have a high usage of events to not impact the other Sidekiq Jobs. - # api-events-worker: - # container_name: lago-events-worker - # image: getlago/api:v1.12.2 - # restart: unless-stopped - # depends_on: - # api: - # condition: service_healthy - # command: ["./scripts/start.events.worker.sh"] - # environment: - # <<: *api-environment - - - # You can uncomment this if you want to use a dedicated Sidekiq worker for the invoices pdf creation. - # It is recommended if you have a high usage of invoices being created to not impact the other Sidekiq Jobs. - # api-pdfs-worker: - # container_name: lago-pdfs-worker - # image: getlago/api:v1.12.2 - # restart: unless-stopped - # depends_on: - # api: - # condition: service_healthy - # command: ["./scripts/start.pdfs.worker.sh"] - # environment: - # <<: *api-environment \ No newline at end of file +