add production compose file

* secrets are stored in env files, examples were added * add .*.env to .{docker,git}ignore to prevent anybody from mistakenly committing their env files (unless it's forced) * [skip ci]
2021-02-21 20:51:54 +01:00 · 2021-02-21 20:51:54 +01:00 · 5c65ea289b
parent 4cde01394f
commit 5c65ea289b
5 changed files with 75 additions and 0 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -10,3 +10,4 @@ obj/
 .dotnet
 .nuget
 .local
+.*.env
--- a/.example-db.env
+++ b/.example-db.env
@ -0,0 +1,3 @@
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=a6a204ca41effac89a0696ec8c652ba8b6b668129d55b5085eb4453ccb214343481bd0a61b889f1e2ec2ad58d267edf623898892b6cd042f93ad17610871da58
+POSTGRES_INITDB_ARGS="--data-checksums"
--- a/.example-release_app.env
+++ b/.example-release_app.env
@ -0,0 +1,3 @@
+DOTNET_CLI_TELEMETRY_OPTOUT=true
+ASPNETCORE_ENVIRONMENT=Production
+DB_CONNECTION_STRING="User ID=postgres;Password=a6a204ca41effac89a0696ec8c652ba8b6b668129d55b5085eb4453ccb214343481bd0a61b889f1e2ec2ad58d267edf623898892b6cd042f93ad17610871da58;Server=db;Port=5432;Database=pwt;Integrated Security=true;Pooling=true;"
--- a/.gitignore
+++ b/.gitignore
@ -16,3 +16,5 @@ riderModule.iml
 *.jpg
 *.jpeg
 *.png
+
+.*.env
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@ -0,0 +1,66 @@
+version: '3.8'
+
+services:
+  netcoreultimateapp-prod:
+    image: netcoreultimateapp-prod
+    build:
+      context: .
+      dockerfile: Dockerfile
+    networks:
+    - internal-nw
+    labels:
+      traefik.enable: true
+      traefik.http.services.netcoreultimateapp-prod.loadbalancer.server.port: 80
+      traefik.http.routers.netcoreultimateapp-prod.rule: Host(`localhost`) || Host(`127.0.0.1`) || Host(`netcoreultimateapp-prod`) || Host(`pwt`)
+    logging:
+      driver: json-file
+      options:
+        max-size: "5m"
+        max-file: "5"
+    volumes:
+    - ./:/src:z
+    env_file:
+    - ./.release_app.env
+    restart: always
+    cap_drop:
+    - NET_ADMIN
+    - SYS_ADMIN
+    depends_on:
+    - db
+
+  db:
+    container_name: 'db'
+    image: postgres:13.1-alpine
+    networks:
+    - internal-nw
+    labels:
+    - traefik.enable=false
+    volumes:
+    - dbdata-prod:/var/lib/postgresql/data:z
+    env_file:
+    - ./.db.env
+    restart: always
+    cap_drop:
+    - NET_ADMIN
+    - SYS_ADMIN
+
+  reverse-proxy:
+    image: traefik:2.4.5
+    command: --api=false --api.dashboard=false --providers.docker
+    networks:
+    - internal-nw
+    - default
+    ports:
+    - 127.0.0.1:8001:80
+    restart: always
+    volumes:
+    # So that traefik can listen to the Docker events
+    - /var/run/docker.sock:/var/run/docker.sock:ro
+
+volumes:
+  dbdata-prod:
+
+networks:
+  internal-nw:
+    internal: true
+  default: