version: '3' volumes: production_postgres_data: {} production_postgres_data_backups: {} production_traefik: {} services: django: image: "cyber5k/mistborn:${MISTBORN_TAG}" container_name: mistborn_production_django depends_on: - postgres - redis ports: - "10.2.3.1:5000:5000/tcp" # auth access labels: - "traefik.enable=true" - "traefik.http.routers.django-http.rule=Host(`home.mistborn`)" - "traefik.http.routers.django-http.entrypoints=web" - "traefik.http.routers.django-http.middlewares=mistborn_headers@file" - "traefik.http.routers.django-https.rule=Host(`home.mistborn`)" - "traefik.http.routers.django-https.entrypoints=websecure" - "traefik.http.routers.django-https.middlewares=mistborn_headers@file" - "traefik.http.routers.django-https.tls.certresolver=basic" - "traefik.http.services.django-service.loadbalancer.server.port=5000" env_file: - ./.envs/.production/.django - ./.envs/.production/.postgres volumes: - ../mistborn_volumes/base/media:/mistborn-media - ../mistborn_volumes/base/private_media:/mistborn-private-media command: /start restart: unless-stopped postgres: build: context: . dockerfile: ./compose/production/postgres/Dockerfile image: mistborn_production_postgres container_name: mistborn_production_postgres volumes: - production_postgres_data:/var/lib/postgresql/data - production_postgres_data_backups:/backups env_file: - ./.envs/.production/.postgres restart: unless-stopped traefik: #build: # context: . # dockerfile: ./compose/production/traefik/Dockerfile #image: mistborn_production_traefik image: traefik:v2.2 container_name: mistborn_production_traefik depends_on: - django - redis volumes: #- production_traefik:/etc/traefik/acme - ./compose/production/traefik/dynamic.toml:/dynamic.toml:ro - /var/run/docker.sock:/var/run/docker.sock:ro - ../mistborn_volumes/base/tls:/tls:ro network_mode: host #ports: # - "0.0.0.0:80:80/tcp" # - "0.0.0.0:443:443/tcp" # #- "0.0.0.0:8080:8080/tcp" # dashboard command: ## API settings #- --api.insecure=true #- --api.dashboard=true #- --api.debug=true ## Logs - --log.level=ERROR ## Providers - --providers.docker=true - --providers.docker.exposedbydefault=false - --providers.file.filename=/dynamic.toml #- --providers.docker.network=default ## Entrypoints - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 ## Certificates #- --serversTransport.insecureSkipVerify=true restart: unless-stopped redis: image: redis:5.0 container_name: mistborn_production_redis restart: unless-stopped celeryworker: image: "cyber5k/mistborn:${MISTBORN_TAG}" container_name: mistborn_production_celeryworker volumes: - /home/mistborn/.ssh:/ssh - ../mistborn_volumes/base/media:/mistborn-media - ../mistborn_volumes/base/private_media:/mistborn-private-media env_file: - ./.envs/.production/.django - ./.envs/.production/.postgres - ./.envs/.production/.pihole networks: default: dns_net: ipv4_address: 10.2.1.3 dns: - 10.2.1.2 depends_on: - traefik - pihole command: /start-celeryworker restart: unless-stopped celeryworker-low-priority: image: "cyber5k/mistborn:${MISTBORN_TAG}" container_name: mistborn_production_celeryworker_low_priority volumes: - /home/mistborn/.ssh:/ssh - ../mistborn_volumes/base/media:/mistborn-media - ../mistborn_volumes/base/private_media:/mistborn-private-media env_file: - ./.envs/.production/.django - ./.envs/.production/.postgres - ./.envs/.production/.pihole networks: default: dns_net: ipv4_address: 10.2.1.4 dns: - 10.2.1.2 depends_on: - traefik - pihole command: /start-celeryworker-low-priority restart: unless-stopped celerybeat: image: "cyber5k/mistborn:${MISTBORN_TAG}" container_name: mistborn_production_celerybeat env_file: - ./.envs/.production/.django - ./.envs/.production/.postgres command: /start-celerybeat restart: unless-stopped # flower: # image: "cyber5k/mistborn:${MISTBORN_TAG}" # container_name: mistborn_production_flower # env_file: # - ./.envs/.production/.django # - ./.envs/.production/.postgres # ports: # - "5555:5555/tcp" # command: /start-flower # restart: unless-stopped pihole: container_name: mistborn_production_pihole image: pihole/pihole:latest env_file: - /opt/mistborn_volumes/base/base.txt ports: - "${MISTBORN_DNS_BIND_IP}:53:53/tcp" - "${MISTBORN_DNS_BIND_IP}:53:53/udp" labels: - "traefik.enable=true" - "traefik.http.routers.pihole-http.rule=Host(`pihole.mistborn`)" - "traefik.http.routers.pihole-http.entrypoints=web" - "traefik.http.routers.pihole-http.middlewares=mistborn_auth@file" - "traefik.http.routers.pihole-https.rule=Host(`pihole.mistborn`)" - "traefik.http.routers.pihole-https.entrypoints=websecure" - "traefik.http.routers.pihole-https.middlewares=mistborn_auth@file" - "traefik.http.routers.pihole-https.tls.certresolver=basic" - "traefik.http.services.pihole-service.loadbalancer.server.port=80" environment: - ServerIP=10.2.0.3 - DNS1='10.2.0.2#5054' # docs say port 5054, was 54; use network_mode: host to see which port is used - DNS2='' - IPv6='false' - DNSMASQ_LISTENING=all # TZ: 'America/New York' # Volumes store your data between container upgrades env_file: - ./.envs/.production/.pihole volumes: - ../mistborn_volumes/base/pihole/etc-pihole:/etc/pihole/ - ../mistborn_volumes/base/pihole/etc-dnsmasqd:/etc/dnsmasq.d/ dns: - 127.0.0.1 networks: default: pihole_net: ipv4_address: 10.2.0.3 dns_net: ipv4_address: 10.2.1.2 restart: unless-stopped dnscrypt-proxy: container_name: mistborn_production_dnscrypt_proxy image: cyber5k/dnscrypt-proxy:latest environment: - DNSCRYPT_LISTEN_PORT=5054 # resolvers: https://download.dnscrypt.info/dnscrypt-resolvers/v2/public-resolvers.md #- DNSCRYPT_SERVER_NAMES=['scaleway-fr','google','yandex','cloudflare'] - DNSCRYPT_SERVER_NAMES=['cloudflare','dnswarden-doh1','dnswarden-doh2','dnswarden-doh3','adguard-dns-doh'] networks: pihole_net: ipv4_address: 10.2.0.2 restart: unless-stopped networks: pihole_net: driver: bridge ipam: config: - subnet: 10.2.0.0/29 dns_net: driver: bridge ipam: config: - subnet: 10.2.1.0/24