app/docker-compose.yaml at master · RopeWiki/app · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# This docker compose file will bring up a production system.
# As per README.md, direct docker compose commands are not
# recommended because that requires many environment variables
# to be set.  Instead, the use of deploy_tool.py is recommended
# as per README.md.

# Before any other docker compose commands above are executed,
# the necessary images must be built according to the instructions
# in README.md.
#   python3 deploy_tool.py <SITE_NAME> dc build

# A note on image naming:
#   the build system produces images in the format:
#     ropewiki/webserver:latest
#   however in development environments we might run into different formats:
#     ghcr.io/ropewiki:github-master-latest
#   These envvars can overwrite the expected repo name & tag:
#     DOCKER_IMAGE_REGISTRY
#     DOCKER_IMAGE_TAG

services:

  # The RopeWiki MySQL database; see instructions in README.md to build the image
  ropewiki_db:
    image: ${DOCKER_IMAGE_REGISTRY:-ropewiki}/database:${DOCKER_IMAGE_TAG:-latest}
    hostname: ropewiki_db
    init: true
    build:
      context: .
      dockerfile: database/Dockerfile
    environment:
      - MYSQL_ROOT_PASSWORD=${RW_ROOT_DB_PASSWORD:-thispasswordonlyworksuntildbisrestored}
    volumes:
      - ropewiki_database_storage:/var/lib/mysql
    restart: unless-stopped

  # The main RopeWiki server running MediaWiki; see instructions in README.md to build the image
  ropewiki_webserver:
    image: ${DOCKER_IMAGE_REGISTRY:-ropewiki}/webserver:${DOCKER_IMAGE_TAG:-latest}
    hostname: ropewiki_webserver
    build:
      context: .
      dockerfile: webserver/Dockerfile
      args:
        codebaseversion: ${CODEBASE_VERSION:-When this image was built with docker compose, <pre>CODEBASE_VERSION</pre> environment variable was not present.}
    environment:
      - WG_PROTOCOL=${WG_PROTOCOL:-http}
      - WG_HOSTNAME=${WG_HOSTNAME:-localhost:8080}
      - WG_DB_SERVER=ropewiki_db
      - WG_DB_USER=${WG_DB_USERNAME:-ropewiki}
      - WG_DB_PASSWORD=${WG_DB_PASSWORD:-thispasswordonlyworksuntildbisrestored}
      - RW_ROBOTS=${RW_ROBOTS:-robots_dev.txt}
    depends_on:
      - ropewiki_db
    volumes:
      - ${IMAGES_FOLDER:?IMAGES_FOLDER environment variable must be set}:/usr/share/nginx/html/ropewiki/images
    restart: unless-stopped

  # The reverse proxy that directs traffic to the appropriate places; see instructions in README.md to build the image
  ropewiki_reverse_proxy:
    image: ${DOCKER_IMAGE_REGISTRY:-ropewiki}/reverse_proxy:${DOCKER_IMAGE_TAG:-latest}
    hostname: ropewiki_reverse_proxy
    build:
      context: .
      dockerfile: reverse_proxy/Dockerfile
    logging:
      driver: json-file
      options:
        max-size: 10m
#        max-file: 10
    ports:
      - "80:80"
      - "443:443"
    environment:
      - WG_HOSTNAME=${WG_HOSTNAME:-localhost}
    depends_on:
      - ropewiki_webserver
    volumes:
      - ropewiki_proxy_certs:/etc/letsencrypt
      - ropewiki_proxy_logs:/logs
    restart: unless-stopped

  # The RopeWiki backup manager; see instructions in README.md to build the image
  ropewiki_backup_manager:
    image: ${DOCKER_IMAGE_REGISTRY:-ropewiki}/backup_manager:${DOCKER_IMAGE_TAG:-latest}
    hostname: ropewiki_backup_manager
    init: true
    build:
      context: .
      dockerfile: backup_manager/Dockerfile
    ports:
      - "22001:22"
    environment:
      - RW_ROOT_DB_PASSWORD=${RW_ROOT_DB_PASSWORD:-}
    depends_on:
      - ropewiki_db
    volumes:
      - ${SQL_BACKUP_FOLDER:?SQL_BACKUP_FOLDER environment variable must be set}:/home/backupreader/backups
      - ${IMAGES_FOLDER:?IMAGES_FOLDER environment variable must be set}:/home/backupreader/images:ro
      - ropewiki_backup_ssh:/etc/ssh
    restart: unless-stopped

  ropewiki_mailserver:
    image: ${DOCKER_IMAGE_REGISTRY:-ropewiki}/mailserver:${DOCKER_IMAGE_TAG:-latest}
    hostname: ropewiki_mailserver
    build:
      context: .
      dockerfile: mailserver/Dockerfile
    logging:
      driver: json-file
      options:
        max-size: 10m
    environment:
      - RELAY_HOST_NAME=${WG_HOSTNAME:-localhost}
      - EXT_RELAY_HOST=${RW_SMTP_HOST:-smtp.gmail.com}
      - EXT_RELAY_PORT=${RW_SMTP_PORT:-587}
      - SMTP_LOGIN=${RW_SMTP_USERNAME:?RW_SMTP_USERNAME must be non-empty}
      - SMTP_PASSWORD=${RW_SMTP_PASSWORD:?RW_SMTP_PASSWORD must be non-empty}
      - USE_TLS=yes  # Use TLS to talk upstream to the internet
      - TLS_VERIFY=may
      - INBOUND_TLS=no  # Don't require local clients to use TLS
      - ACCEPTED_NETWORKS=172.16.0.0/12  # Only accept connections from docker's internal network

volumes:
  ropewiki_database_storage:
    name: ropewiki_database_storage
  ropewiki_proxy_certs:
    name: ropewiki_proxy_certs
  ropewiki_proxy_logs:
    name: ropewiki_proxy_logs
  ropewiki_backup_ssh:
    name: ropewiki_backup_ssh