Added docker-compose and config files

2022-04-04 16:38:08 +02:00 · 2022-04-04 16:38:08 +02:00 · ab28346c6f
commit ab28346c6f
parent 00e27ba776
8 changed files with 188 additions and 0 deletions
--- a/deploy/README.md
+++ b/deploy/README.md
@ -0,0 +1,3 @@
+# Deploy
+
+Files that are used for deployment.
--- a/deploy/aktienbot/.env.api
+++ b/deploy/aktienbot/.env.api
@ -0,0 +1,16 @@
+BOT_API_KEY=
+SECRET_KEY=
+
+MYSQL_USER=
+MYSQL_PASSWORD=
+MYSQL_HOST=
+MYSQL_PORT=
+MYSQL_DATABASE=
+
+BOT_EMAIL=
+BOT_USERNAME=
+BOT_PASSWORD=
+
+ADMIN_EMAIL=
+ADMIN_USERNAME=
+ADMIN_PASSWORD=
--- a/deploy/aktienbot/.env.bot
+++ b/deploy/aktienbot/.env.bot
@ -0,0 +1,3 @@
+BOT_API_KEY=
+NEWS_API_KEY=
+SECRET_KEY=
--- a/deploy/aktienbot/docker-compose.yml
+++ b/deploy/aktienbot/docker-compose.yml
@ -0,0 +1,62 @@
+version: '3.7'
+
+services:
+  aktienbot_fe:
+    image: registry.flokaiser.com/aktienbot/frontend
+    labels:
+      traefik.enable: 'true'
+      traefik.http.routers.aktienbot_fe.rule: Host(`gruppe1.testsites.info`)
+      traefik.http.routers.aktienbot_fe.middlewares: secHeaders@file
+      traefik.http.routers.aktienbot_fe.priority: 40
+      traefik.http.routers.aktienbot_fe.tls: true
+      traefik.http.routers.aktienbot_fe.tls.certresolver: myresolver
+
+  aktienbot_api:
+    image: registry.flokaiser.com/aktienbot/api
+    labels:
+      traefik.enable: 'true'
+      traefik.http.routers.aktienbot_api.rule: Host(`gruppe1.testsites.info`) && PathPrefix(`/api`)
+      traefik.http.routers.aktienbot_api.middlewares: secHeaders@file
+      traefik.http.routers.aktienbot_api.priority: 50
+      traefik.http.routers.aktienbot_api.tls: true
+      traefik.http.routers.aktienbot_api.tls.certresolver: myresolver
+    depends_on:
+      - mariadb
+    env_file:
+      - ${PWD}/.env.api
+
+  aktienbot_bot:
+    image: registry.flokaiser.com/aktienbot/bot
+    env_file:
+      - ${PWD}/.env.bot
+
+  mariadb:
+    image: mariadb
+    volumes:
+      - mariadb_data:/var/lib/mysql
+    environment:
+      - MYSQL_ROOT_PASSWORD=sBvKtMY7ej9*dETatTtk#uRd5f*5wJYovfdDJDa&
+
+  phpmyadmin:
+    image: phpmyadmin
+    environment:
+      - PMA_HOST=mariadb
+      - PMA_ABSOLUTE_URI=http://gruppe1.testsites.info/phpmyadmin/
+    labels:
+      traefik.enable: true
+      traefik.http.routers.phpmyadmin.rule: Host(`gruppe1.testsites.info`) && PathPrefix(`/phpmyadmin`)
+      traefik.http.routers.phpmyadmin.middlewares: secHeaders@file
+      traefik.http.routers.phpmyadmin.priority: 50
+      traefik.http.routers.phpmyadmin.middlewares: strip_phpmyadmin
+      traefik.http.routers.phpmyadmin.tls: true
+      traefik.http.routers.phpmyadmin.tls.certresolver: myresolver
+
+      traefik.http.middlewares.strip_phpmyadmin.stripprefix.prefixes: /phpmyadmin
+
+networks:
+  default:
+    external:
+      name: net
+volumes:
+  portainer_data:
+  mariadb_data:
--- a/deploy/base/acme.json
+++ b/deploy/base/acme.json
--- a/deploy/base/docker-compose.yml
+++ b/deploy/base/docker-compose.yml
@ -0,0 +1,38 @@
+version: '3'
+
+services:
+  traefik:
+    image: traefik
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ${PWD}/traefik.toml:/etc/traefik/traefik.toml
+      - ${PWD}/traefik-dynamic.toml:/etc/traefik/traefik-dynamic.toml
+      - ${PWD}/acme.json:/etc/traefik/acme.json
+      - ${PWD}/access.log:/etc/traefik/access.log
+
+  portainer:
+    image: portainer/portainer-ce
+    labels:
+      traefik.enable: true
+      traefik.http.routers.portainer.rule: Host(`gruppe1.testsites.info`) && PathPrefix(`/portainer`)
+      traefik.http.routers.portainer.priority: 50
+      traefik.http.services.portainer.loadbalancer.server.port: 9000
+      traefik.http.routers.portainer.middlewares: strip_portainer,secHeaders@file
+      traefik.http.routers.portainer.tls: true
+      traefik.http.routers.portainer.tls.certresolver: myresolver
+
+      traefik.http.middlewares.strip_portainer.stripprefix.prefixes: /portainer
+    volumes:
+      - portainer_data:/data
+      - /var/run/docker.sock:/var/run/docker.sock
+
+networks:
+  default:
+    external:
+      name: net
+
+volumes:
+  portainer_data:
--- a/deploy/base/traefik-dynamic.toml
+++ b/deploy/base/traefik-dynamic.toml
@ -0,0 +1,22 @@
+[tls.options]
+    [tls.options.default]
+        minVersion = "VersionTLS12"
+        cipherSuites = [
+            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+            "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
+            "TLS_AES_128_GCM_SHA256",
+            "TLS_AES_256_GCM_SHA384",
+            "TLS_CHACHA20_POLY1305_SHA256"
+        ]
+        curvePreferences = [ "CurveP521", "CurveP384" ]
+        sniStrict = true
+
+[http.middlewares.secHeaders.headers]
+    browserXssFilter = true
+    contentTypeNosniff = true
+    frameDeny = true
+    stsIncludeSubdomains = true
+    stsPreload = true
+    stsSeconds = 31_536_000
+    customFrameOptionsValue = "SAMEORIGIN"
--- a/deploy/base/traefik.toml
+++ b/deploy/base/traefik.toml
@ -0,0 +1,44 @@
+[log]
+  level = "INFO"
+
+[accessLog]
+  filePath = "/etc/traefik/access.log"
+
+[entryPoints]
+  [entryPoints.web]
+    address = ":80"
+
+    [entryPoints.web.forwardedHeaders]
+      insecure = true
+    
+    [entryPoints.web.http]
+      [entryPoints.web.http.redirections]
+        [entryPoints.web.http.redirections.entryPoint]
+          to = "web-secure"
+          scheme = "https"
+
+  [entryPoints.web-secure]
+    address = ":443"
+
+    [entryPoints.web-secure.forwardedHeaders]
+      insecure = true
+    
+    [entryPoints.websecure.http]
+      middlewares = ["secHeaders@file"]
+
+[api]
+  dashboard = true
+  insecure = true
+
+[providers.docker]
+  watch = true
+  exposedByDefault = false
+
+[providers.file]
+  filename = "/etc/traefik/traefik-dynamic.toml"
+
+[certificatesResolvers.myresolver.acme]
+  email = "inf20155@lehre.dhbw-stuttgart.de"
+  storage = "/etc/traefik/acme.json"
+  [certificatesResolvers.myresolver.acme.httpChallenge]
+    entryPoint = "web"