wanderer/pwt-0x01-ng
Archived
2
1
Fork 1
Code Issues 5 Pull Requests Releases Activity
This repository has been archived on 2023-10-28. You can view files and clone it, but cannot push or open issues or pull requests.
feature-add-webpack
pwt-0x01-ng/docker-compose.prod.yml
surtur 4fd4146b1d
All checks were successful
continuous-integration/drone/push Build is passing
Details
feat: unprivileged prod container w/ nobody+alpine 
* let restore run as root in base container
* switch runtime container to alpine (was using debian before)
* chown stuff as nobody:nobody and become nobody to run the app
* as a consequence, we're no longer allowed to bind to :80 so the port
  has been changed to :8081. that also needed to be reflected in the
  compose file for traefik to know where to route traffic
* ASPNETCORE_ENVIRONMENT env var properly set to Production
2021-02-23 15:19:16 +01:00

76 lines
2.2 KiB
YAML
Raw Permalink Blame History

version: '3.8'
services:
netcoreultimateapp-prod:
image: netcoreultimateapp-prod
build:
context: .
dockerfile: Dockerfile
networks:
- internal-nw
labels:
traefik.enable: true
traefik.http.services.netcoreultimateapp-prod.loadbalancer.server.port: 8081
traefik.http.services.netcoreultimateapp-prod.loadbalancer.sticky.cookie: true
traefik.http.services.netcoreultimateapp-prod.loadbalancer.sticky.cookie.name: lb-session_pwt
traefik.http.services.netcoreultimateapp-prod.loadbalancer.sticky.cookie.secure: true
traefik.http.services.netcoreultimateapp-prod.loadbalancer.sticky.cookie.httpOnly: true
traefik.http.services.netcoreultimateapp-prod.loadbalancer.healthCheck: true
traefik.http.services.netcoreultimateapp-prod.loadbalancer.healthCheck.path: /health
traefik.http.services.netcoreultimateapp-prod.loadbalancer.healthCheck.interval: 30s
traefik.http.services.netcoreultimateapp-prod.loadbalancer.healthCheck.timeout: 3s
traefik.http.services.netcoreultimateapp-prod.loadbalancer.healthCheck.port: 8081
traefik.http.routers.netcoreultimateapp-prod.rule: Host(`localhost`) || Host(`127.0.0.1`) || Host(`netcoreultimateapp-prod`) || Host(`pwt`)
logging:
driver: json-file
options:
max-size: "5m"
max-file: "5"
volumes:
- ./:/src:z
env_file:
- ./.release_app.env
restart: always
cap_drop:
- NET_ADMIN
- SYS_ADMIN
depends_on:
- db
db:
container_name: 'db'
image: postgres:13.1-alpine
networks:
- internal-nw
labels:
- traefik.enable=false
volumes:
- dbdata-prod:/var/lib/postgresql/data:z
env_file:
- ./.db.env
restart: always
cap_drop:
- NET_ADMIN
- SYS_ADMIN
reverse-proxy:
image: traefik:2.4.5
command: --api=false --api.dashboard=false --providers.docker
networks:
- internal-nw
- default
ports:
- 127.0.0.1:8001:80
restart: always
volumes:
# So that traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes:
dbdata-prod:
networks:
internal-nw:
internal: true
default:
Reference in New Issue View Git Blame Copy Permalink