-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
109 lines (105 loc) · 3.78 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
version: '3.4'
services:
traefik:
image: traefik:2.5.2
container_name: traefik
restart: always
command:
- "--api=true"
- "--providers.docker=true"
- "--providers.docker.network=${COMPOSE_PROJECT_NAME}_web"
- "--providers.docker.watch=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--certificatesresolvers.traefik.acme.email=${ACME_EMAIL:?err}"
- "--certificatesresolvers.traefik.acme.storage=/lets_encrypt/acme.json"
- "--certificatesresolvers.traefik.acme.httpchallenge.entrypoint=web"
labels:
- traefik.enable=true
- traefik.http.routers.api.rule=Host(`traefik.${DOMAIN_KIBANA:?err}`)
- traefik.http.routers.api.service=api@internal
- traefik.http.routers.api.middlewares=ip-white,auth
- traefik.http.middlewares.auth.basicauth.users=${HT_PASSWD:?err}
- traefik.http.middlewares.ip-white.ipwhitelist.sourcerange=${IP_FILTER:-0.0.0.0/0}
- traefik.http.routers.api.tls.certresolver=traefik
- traefik.http.routers.api.tls=true
ports:
- 80:80
- 443:443
volumes:
- lets_encrypt:/lets_encrypt
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
- web
kibana:
build:
context: ./kibana
dockerfile: ./dockerfile
image: kibana:${VERSION:?lost VERSION variable}
container_name: kibana
restart: always
labels:
- traefik.enable=true
- traefik.http.middlewares.ip-white.ipwhitelist.sourcerange=${IP_FILTER:-0.0.0.0/0}
# - traefik.http.middlewares.auth-kibana.basicauth.users=${HT_PASSWD_KIBANA:?err}
# - traefik.http.routers.kibana.middlewares=ip-white,auth-kibana
- traefik.http.routers.kibana.middlewares=ip-white
- traefik.http.services.kibana.loadbalancer.server.port=5601
- traefik.http.routers.kibana.rule=Host(`${DOMAIN_KIBANA:?err}`)
- traefik.http.routers.kibana.tls.certresolver=traefik
- traefik.http.routers.kibana.tls=true
depends_on:
- elasticsearch
environment:
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=${ELASTIC_PASSWORD:?err}
healthcheck:
test: curl -s https://localhost:5601 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
interval: 30s
timeout: 10s
retries: 5
networks:
- web
elasticsearch:
build:
context: ./elasticsearch
dockerfile: ./dockerfile
image: elasticsearch:${VERSION:?lost VERSION variable}
container_name: elasticsearch
restart: always
labels:
- traefik.enable=true
- traefik.http.services.elasticsearch.loadbalancer.server.port=9200
- traefik.http.routers.elasticsearch.rule=Host(`${DOMAIN_ELASTIC:?err}`)
# - traefik.http.routers.elasticsearch.middlewares=auth-elasticsearch
# - traefik.http.middlewares.auth-elasticsearch.basicauth.users=${HT_PASSWD_ELASTIC:?err}
- traefik.http.routers.elasticsearch.tls.certresolver=traefik
- traefik.http.routers.elasticsearch.tls=true
healthcheck:
test: curl -s https://localhost:5601 >/dev/null; if [[ $$? == 52 ]]; then echo 0; else echo 1; fi
interval: 30s
timeout: 10s
retries: 5
environment:
- discovery.type=single-node
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xmx11716m"
- ELASTIC_PASSWORD=${ELASTIC_PASSWORD:?err}
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- ${ELASTIC_DB_DATA:?err}:/usr/share/elasticsearch/data
ports:
- "127.0.0.1:9200:9200"
networks:
- web
networks:
web:
driver: bridge
volumes:
lets_encrypt: