-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
136 lines (129 loc) · 3.36 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
version: "3.9"
services:
# Python API service
api:
platform: linux/amd64
build:
context: api
labels:
- "edu.stanford.policylab.rt.service=api"
image: ${RT_API_IMAGE}:${RT_API_VERSION}
restart: always
networks:
- private
- frontend
expose:
- 8000
environment:
- RT_DB_NAME
- RT_DB_HOST=db
- RT_DEBUG=True
- GUNICORN_WORKERS=1
- RT_SECRETS_DIR=/run/secrets
- RT_STATIC_DIR=/www
secrets:
- source: db-password
target: /run/secrets/rt_db_pw
mode: 0400
- source: app-secret
target: /run/secrets/rt_secret
mode: 0400
- source: api-env
target: /app/.env
mode: 0400
- source: saml
target: /run/secrets/rt_saml
mode: 0400
- source: saml-userdata
target: /run/secrets/rt_saml_userdata
depends_on:
- db
# Typescript assets
static:
platform: linux/amd64
restart: always
build: client
image: ${RT_CLIENT_IMAGE}:${RT_CLIENT_VERSION}
volumes:
- staticFiles:/www
deploy:
mode: global
# nginx reverse-proxy
nginx:
platform: linux/amd64
image: nginx:1.20
restart: always
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- staticFiles:/www:ro
ports:
- 80:80
networks:
- frontend
depends_on:
- static
- api
deploy:
mode: global
# Postgres database
db:
platform: linux/amd64
image: postgres:13.2
restart: always
volumes:
- pgdata:/var/lib/postgresql/data
environment:
- POSTGRES_DB=${RT_DB_NAME}
- POSTGRES_PASSWORD_FILE=/run/secrets/db-password
secrets:
- db-password
expose:
- 5432
networks:
- private
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres -d ${RT_DB_NAME}"]
interval: 2s
timeout: 2s
retries: 20
deploy:
# NOTE: Postgres is not set up for replication in this compose file.
# You will have problems if you try to scale this db service. This
# config will have to be expanded to set up a high-availability
# database cluster.
replicas: 1
placement:
max_replicas_per_node: 1
volumes:
# Volume to share static assets from TS container to nginx
staticFiles: {}
# Volume to contain postgres data.
# NOTE: By default this is a docker-managed volume. You should provide an
# override with a persistent volume set up in production.
pgdata:
driver_opts: {}
secrets:
# File containing secret database password. The default here is checked into
# the repo and not secure; override it for production.
#
# Note that the postgres user is `postgres`; this is not configurable.
db-password:
file: ./secrets/rt_db_pw
# File containing application secret used for signing cookies. The default
# is checked into the repo and not secure; replace in production.
app-secret:
file: ./secrets/rt_app_secret
# File containing SAML configuration.
saml:
file: ./secrets/rt_saml
# File containing SAML userdata alias map.
saml-userdata:
file: ./secrets/rt_saml_userdata
# File containing environment for the API. These override the settings given
# in ./api/settings.py. The example .env file given here has more info about
# how these overrides work.
api-env:
file: .env
networks:
private:
frontend: