forked from pypiserver/pypiserver
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
149 lines (135 loc) · 6.64 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
---
# ######################################################################
# pypiserver docker-compose examples
# ######################################################################
# The below examples illustrate different ways that pypiserver may be
# configured with docker-compose (and by extension, with Docker) to
# serve your python packages.
#
# Most of the configuration options detailed below can be mixed and
# matched as desired.
# ######################################################################
version: "3.3"
services:
# ##################################################################
# Default
# ##################################################################
# The default configuration serves packages from the /data/packages
# directory inside the container. This directory is mounted as a
# volume in the Dockerfile, so it will be persisted, as long as you
# do not remove it with `docker-compose down -v` or
# `docker volume rm`.
# ##################################################################
pypiserver-default:
image: pypiserver/pypiserver:latest
ports:
- "8080:8080"
# ##################################################################
# Authenticated
# ##################################################################
# This config uses a locally created .htpasswd file to authenticate
# access to pypiserver. We assume our .htpasswd file is in a local
# directory `./auth`, which we mount to `/data/auth` in the
# container, and update the `command` from the Dockerfile to look
# for that file for authentication. Note that because we are
# overriding the default `command`, which tells pypiserver where to
# serve packages from, we need to include that part of the command
# in addition to our authentication information.
# ##################################################################
pypiserver-authenticated:
image: pypiserver/pypiserver:latest
volumes:
- type: bind
source: ./auth
target: /data/auth
command: -P /data/auth/.htpasswd -a update,download,list /data/packages
ports:
- "8081:8080"
# ##################################################################
# Serve local packages
# ##################################################################
# This config allows us to manage our package directory locally,
# rather than in a volume managed directly by docker. Note that
# especially if running from a Mac, this may cause performance
# degradations, which can be worked around by using the `consistency`
# setting if desired. Here, we mount a local `./packages` directory
# to `/data/packages`, overriding the standard volume.
# ##################################################################
pypiserver-local-packages:
image: pypiserver/pypiserver:latest
volumes:
- type: bind
source: ./packages
target: /data/packages
ports:
- "8082:8080"
# ##############################################################################
# Authenticated and serve local packages via HTTPS using Traefik
# ##############################################################################
# This one combines the two configurations above and uses Traefik for HTTPS and
# with automatic HTTP redirect.
# Remember to change "your.domain.com" and "[email protected]" with your domain
# and email address respectively.
#
# The pypiserver will be available at: https://your.domain.com
# The Traefik dashboard will be available at: https://your.domain.com/dashboard/
#
# A Traefik user can be added using the htpasswd tool:
# htpasswd -sc traefik/usersfile username
# ##############################################################################
pypiserver-https:
image: pypiserver/pypiserver:latest
volumes:
- type: bind
source: ./auth
target: /data/auth
- type: bind
source: ./packages
target: /data/packages
command: -P /data/auth/.htpasswd -a update,download,list /data/packages
labels:
# Expose container to Traefik
- "traefik.enable=true"
# Configure the route
- "traefik.http.routers.flask.rule=Host(`your.domain.com`)"
# - "traefik.http.routers.flask.rule=Host(`pypi.docker.localhost`)"
- "traefik.http.routers.flask.entrypoints=websecure"
- "traefik.http.routers.flask.tls=true"
- "traefik.http.routers.flask.tls.certresolver=leresolver"
traefik:
image: traefik:v2.1
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik:/etc/traefik:ro"
- "./traefik/acme:/etc/traefik/acme"
command:
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--api.dashboard=true"
- "--certificatesresolvers.leresolver.acme.storage=/etc/traefik/acme/acme.json"
- "--certificatesresolvers.leresolver.acme.httpChallenge=true"
- "--certificatesresolvers.leresolver.acme.httpChallenge.entrypoint=web"
ports:
- "80:80"
- "443:443"
labels:
# Expose container to Traefik
- "traefik.enable=true"
# Dashboard
- "traefik.http.routers.traefik.rule=Host(`your.domain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
# - "traefik.http.routers.traefik.rule=Host(`traefik.docker.localhost`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.tls.certresolver=leresolver"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.middlewares=authtraefik"
- "traefik.http.middlewares.authtraefik.basicauth.usersfile=/etc/traefik/usersfile"
# Global redirect to HTTPS
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
# Middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"