-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
183 lines (175 loc) · 4.03 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
version: "3.9"
services:
# Load balancer
lb:
platform: linux/amd64
image: nginx:1.23.3
# Reload to pick up new certificates
command: '/bin/sh -c ''while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"'''
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
ports:
- 80:80
- 443:443
networks:
- public
depends_on:
- api
- web
# UI / Static rendering
web:
platform: linux/amd64
build:
context: web
labels:
- "edu.stanford.bln.usps.service=web"
image: uspsweb:latest
restart: always
networks:
- public
expose:
- 3000
ports:
- 3000:3000
secrets:
- source: node_env
target: /code/.env
mode: 0400
depends_on:
- api
# API service
api:
platform: linux/amd64
build:
context: api
labels:
- "edu.stanford.bln.usps.service=api"
image: uspsapi:latest
restart: always
networks:
- private
- public
expose:
- 8080
ports:
- 8080:8080
secrets:
- source: db_pass
target: /run/secrets/db_pass
mode: 0400
- source: db_user
target: /run/secrets/db_user
mode: 0400
- source: db_host
target: /run/secrets/db_host
mode: 0400
- source: db_name
target: /run/secrets/db_name
- source: sentry_dsn
target: /run/secrets/sentry_dsn
mode: 0400
depends_on:
- db
# PostGIS controller node. Contains scripts and other tools for ingesting
# TIGER and address data.
ctl:
platform: linux/amd64
build:
context: ctl
labels:
- "edu.stanford.bln.usps.service=ctl"
image: uspsctl:latest
restart: always
networks:
- private
# Volume to contain TIGER data.
# This should use a persistent volume, since TIGER data can take a long
# time to download and install.
volumes:
- type: bind
source: ./data/gis
target: /gisdata
- type: bind
source: ./data/addr
target: /addrdata
secrets:
- source: db_pass
target: /run/secrets/db_pass
mode: 0400
- source: db_user
target: /run/secrets/db_user
mode: 0400
- source: db_host
target: /run/secrets/db_host
mode: 0400
- source: db_name
target: /run/secrets/db_name
depends_on:
- db
# PostGIS database.
db:
platform: linux/amd64
image: postgis/postgis:14-3.3
shm_size: 1g
restart: always
volumes:
- pgdata:/var/lib/postgresql/data
- ./postgresql.conf:/etc/postgresql/postgresql.conf
environment:
- POSTGRES_DB_FILE=/run/secrets/db_name
- POSTGRES_USER_FILE=/run/secrets/db_user
- POSTGRES_PASSWORD_FILE=/run/secrets/db_pass
secrets:
- db_name
- db_user
- db_pass
expose:
- 5432
ports:
- 5432:5432
networks:
- private
healthcheck:
test:
[
"CMD-SHELL",
"pg_isready -U postgres -d $$(cat /run/secrets/db_name | tr -d '\n')",
]
interval: 2s
timeout: 2s
retries: 20
deploy:
# NOTE: Postgres is not set up for replication in this compose file.
# You will have problems if you try to scale this db service.
replicas: 1
placement:
max_replicas_per_node: 1
volumes:
# Volume to contain postgres data.
# This is an ephemeral volume in dev.
pgdata:
driver_opts: {}
# Volumes for certificates.
# These are not used on dev and are ephemeral.
certconf:
driver_opts: {}
certwww:
driver_opts: {}
secrets:
# The following secrets are for development only. Override them in production
# to deploy real, secure secrets.
db_pass:
file: ./secrets/db_pass.dev
db_host:
file: ./secrets/db_host.dev
db_user:
file: ./secrets/db_user.dev
db_name:
file: ./secrets/db_name.dev
node_env:
file: ./secrets/node_env.dev
sentry_dsn:
file: ./secrets/sentry_dsn.dev
networks:
private:
public: