Added docker-compose and config files

2022-04-04 16:38:08 +02:00 · 2022-04-04 16:38:08 +02:00 · ab28346c6f
commit ab28346c6f
parent 00e27ba776
8 changed files with 188 additions and 0 deletions
--- a/deploy/README.md
+++ b/deploy/README.md
@ -0,0 +1,3 @@
 # Deploy
 Files that are used for deployment.
--- a/deploy/aktienbot/.env.api
+++ b/deploy/aktienbot/.env.api
@ -0,0 +1,16 @@
 BOT_API_KEY=
 SECRET_KEY=
 MYSQL_USER=
 MYSQL_PASSWORD=
 MYSQL_HOST=
 MYSQL_PORT=
 MYSQL_DATABASE=
 BOT_EMAIL=
 BOT_USERNAME=
 BOT_PASSWORD=
 ADMIN_EMAIL=
 ADMIN_USERNAME=
 ADMIN_PASSWORD=
--- a/deploy/aktienbot/.env.bot
+++ b/deploy/aktienbot/.env.bot
@ -0,0 +1,3 @@
 BOT_API_KEY=
 NEWS_API_KEY=
 SECRET_KEY=
--- a/deploy/aktienbot/docker-compose.yml
+++ b/deploy/aktienbot/docker-compose.yml
@ -0,0 +1,62 @@
 version: '3.7'
 services:
  aktienbot_fe:
    image: registry.flokaiser.com/aktienbot/frontend
    labels:
      traefik.enable: 'true'
      traefik.http.routers.aktienbot_fe.rule: Host(`gruppe1.testsites.info`)
      traefik.http.routers.aktienbot_fe.middlewares: secHeaders@file
      traefik.http.routers.aktienbot_fe.priority: 40
      traefik.http.routers.aktienbot_fe.tls: true
      traefik.http.routers.aktienbot_fe.tls.certresolver: myresolver
  aktienbot_api:
    image: registry.flokaiser.com/aktienbot/api
    labels:
      traefik.enable: 'true'
      traefik.http.routers.aktienbot_api.rule: Host(`gruppe1.testsites.info`) && PathPrefix(`/api`)
      traefik.http.routers.aktienbot_api.middlewares: secHeaders@file
      traefik.http.routers.aktienbot_api.priority: 50
      traefik.http.routers.aktienbot_api.tls: true
      traefik.http.routers.aktienbot_api.tls.certresolver: myresolver
    depends_on:
      - mariadb
    env_file:
      - ${PWD}/.env.api
  aktienbot_bot:
    image: registry.flokaiser.com/aktienbot/bot
    env_file:
      - ${PWD}/.env.bot
  mariadb:
    image: mariadb
    volumes:
      - mariadb_data:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=sBvKtMY7ej9*dETatTtk#uRd5f*5wJYovfdDJDa&
  phpmyadmin:
    image: phpmyadmin
    environment:
      - PMA_HOST=mariadb
      - PMA_ABSOLUTE_URI=http://gruppe1.testsites.info/phpmyadmin/
    labels:
      traefik.enable: true
      traefik.http.routers.phpmyadmin.rule: Host(`gruppe1.testsites.info`) && PathPrefix(`/phpmyadmin`)
      traefik.http.routers.phpmyadmin.middlewares: secHeaders@file
      traefik.http.routers.phpmyadmin.priority: 50
      traefik.http.routers.phpmyadmin.middlewares: strip_phpmyadmin
      traefik.http.routers.phpmyadmin.tls: true
      traefik.http.routers.phpmyadmin.tls.certresolver: myresolver
      traefik.http.middlewares.strip_phpmyadmin.stripprefix.prefixes: /phpmyadmin
 networks:
  default:
    external:
      name: net
 volumes:
  portainer_data:
  mariadb_data:
--- a/deploy/base/acme.json
+++ b/deploy/base/acme.json
--- a/deploy/base/docker-compose.yml
+++ b/deploy/base/docker-compose.yml
@ -0,0 +1,38 @@
 version: '3'
 services:
  traefik:
    image: traefik
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${PWD}/traefik.toml:/etc/traefik/traefik.toml
      - ${PWD}/traefik-dynamic.toml:/etc/traefik/traefik-dynamic.toml
      - ${PWD}/acme.json:/etc/traefik/acme.json
      - ${PWD}/access.log:/etc/traefik/access.log
  portainer:
    image: portainer/portainer-ce
    labels:
      traefik.enable: true
      traefik.http.routers.portainer.rule: Host(`gruppe1.testsites.info`) && PathPrefix(`/portainer`)
      traefik.http.routers.portainer.priority: 50
      traefik.http.services.portainer.loadbalancer.server.port: 9000
      traefik.http.routers.portainer.middlewares: strip_portainer,secHeaders@file
      traefik.http.routers.portainer.tls: true
      traefik.http.routers.portainer.tls.certresolver: myresolver
      traefik.http.middlewares.strip_portainer.stripprefix.prefixes: /portainer
    volumes:
      - portainer_data:/data
      - /var/run/docker.sock:/var/run/docker.sock
 networks:
  default:
    external:
      name: net
 volumes:
  portainer_data:
--- a/deploy/base/traefik-dynamic.toml
+++ b/deploy/base/traefik-dynamic.toml
@ -0,0 +1,22 @@
 [tls.options]
    [tls.options.default]
        minVersion = "VersionTLS12"
        cipherSuites = [
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
            "TLS_AES_128_GCM_SHA256",
            "TLS_AES_256_GCM_SHA384",
            "TLS_CHACHA20_POLY1305_SHA256"
        ]
        curvePreferences = [ "CurveP521", "CurveP384" ]
        sniStrict = true
 [http.middlewares.secHeaders.headers]
    browserXssFilter = true
    contentTypeNosniff = true
    frameDeny = true
    stsIncludeSubdomains = true
    stsPreload = true
    stsSeconds = 31_536_000
    customFrameOptionsValue = "SAMEORIGIN"
--- a/deploy/base/traefik.toml
+++ b/deploy/base/traefik.toml
@ -0,0 +1,44 @@
 [log]
  level = "INFO"
 [accessLog]
  filePath = "/etc/traefik/access.log"
 [entryPoints]
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.forwardedHeaders]
      insecure = true
    [entryPoints.web.http]
      [entryPoints.web.http.redirections]
        [entryPoints.web.http.redirections.entryPoint]
          to = "web-secure"
          scheme = "https"
  [entryPoints.web-secure]
    address = ":443"
    [entryPoints.web-secure.forwardedHeaders]
      insecure = true
    [entryPoints.websecure.http]
      middlewares = ["secHeaders@file"]
 [api]
  dashboard = true
  insecure = true
 [providers.docker]
  watch = true
  exposedByDefault = false
 [providers.file]
  filename = "/etc/traefik/traefik-dynamic.toml"
 [certificatesResolvers.myresolver.acme]
  email = "inf20155@lehre.dhbw-stuttgart.de"
  storage = "/etc/traefik/acme.json"
  [certificatesResolvers.myresolver.acme.httpChallenge]
    entryPoint = "web"
		`@ -0,0 +1,3 @@`
							`# Deploy`

							`Files that are used for deployment.`