# Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. ## # How to use this file: # # Change these settings: # VIRTUAL_HOST # LETSENCRYPT_HOST # LETSENCRYPT_EMAIL # # Copy Allura/production-docker-example.ini to /allura-data/production.ini and review its contents, # making changes as appropriate # # In comparision to the development version of docker-compose.yml, this production ready version: # * only exposes ports that are necessary, limiting them to within docker, or to 127.0.0.1 # * sets containers to always restart # * has an nginx proxy to provide HTTPS via letsencrypt. May take a little time to configure itself # * has no debugging "outmail" container, emails should go out into the real world # * git-http container serves git and also proxies back to the "web" container ## version: "2.1" services: web: build: . image: allura-web # default in Compose 2+, makes work in Compose 1.x environment: &env # PATH=/allura-data/virtualenv/bin:$PATH doesn't work; see https://github.com/docker/compose/issues/650 - PATH=/allura-data/virtualenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin expose: - "8080" volumes: &volumes - .:/allura # Allura source code from local host - ${LOCAL_SHARED_DATA_ROOT:-./allura-data}:/allura-data # for virtualenv, scm repos, etc links: - mongo - solr # see http://docs.gunicorn.org/en/latest/settings.html#workers command: gunicorn --paste /allura-data/production.ini --workers 4 --timeout 90 -b :8088 restart: always taskd: image: allura-web working_dir: /allura/Allura environment: *env command: paster taskd /allura-data/production.ini volumes: *volumes links: - mongo - solr restart: always # This is a single-purpose container that does not auto-restart, good for running commands like: # docker-compose run --rm oneoff paster ensure_index /allura-data/production.ini oneoff: image: allura-web working_dir: /allura/Allura environment: *env volumes: *volumes command: ls /dev/null links: - mongo solr: image: solr:6-alpine # alpine is a very small distro base expose: - "8983" volumes: - ./solr_config/allura:/opt/solr/server/solr/allura - ${LOCAL_SHARED_DATA_ROOT:-./allura-data}/solr:/opt/solr/server/solr/allura/data restart: always mongo: image: mongo:4.2 ports: - "127.0.0.1:27017:27017" volumes: - ${LOCAL_SHARED_DATA_ROOT:-./allura-data}/mongo:/data/db command: mongod --storageEngine wiredTiger restart: always inmail: image: allura-web working_dir: /allura/Allura environment: *env volumes: *volumes command: paster smtp_server /allura-data/production.ini ports: - "127.0.0.1:8825:8825" links: - mongo restart: always git-http: build: scm_config/git-http/ expose: - "80" volumes: *volumes links: - mongo - web restart: always environment: VIRTUAL_HOST: allura-vm2.apache.org LETSENCRYPT_HOST: allura-vm2.apache.org LETSENCRYPT_EMAIL: dave@brondsema.net # References for how we set up the nginx-proxy and letsencrypt-nginx-proxy-companion containers # https://github.com/dataminelab/docker-jenkins-nginx-letsencrypt # https://github.com/dmitrym0/simple-lets-encrypt-docker-compose-sample/blob/master/docker-compose.yml nginx-proxy: image: jwilder/nginx-proxy ports: - "80:80" - "443:443" volumes: # you can add configuration to nginx/vhost.d/default like "client_max_body_size 100m;" to avoid 413 Request Entity Too Large on large git pushes - "./nginx/vhost.d:/etc/nginx/vhost.d" - "./nginx/html:/usr/share/nginx/html" - "./nginx/certs:/etc/nginx/certs" - "/var/run/docker.sock:/tmp/docker.sock:ro" restart: always letsencrypt-nginx-proxy-companion: image: jrcs/letsencrypt-nginx-proxy-companion volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" volumes_from: - "nginx-proxy" restart: always