-
Notifications
You must be signed in to change notification settings - Fork 204
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #639 from moqui/acme-docker-compose
Acme docker compose
- Loading branch information
Showing
4 changed files
with
203 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,187 @@ | ||
# A Docker Compose application with Moqui, Postgres, OpenSearch, OpenSearch Dashboards, and virtual hosting through | ||
# nginx-proxy supporting multiple moqui instances on different hostnames. | ||
|
||
# Run with something like this for detached mode: | ||
# $ docker compose -f moqui-postgres-compose.yml -p moqui up -d | ||
# Or to copy runtime directories for mounted volumes, set default settings, etc use something like this: | ||
# $ ./compose-run.sh moqui-postgres-compose.yml | ||
# This sets the project/app name to 'moqui' and the network will be 'moqui_default', to be used by external moqui containers | ||
|
||
# Test locally by adding the virtual host to /etc/hosts or with something like: | ||
# $ curl -H "Host: moqui.local" localhost/Login | ||
|
||
# To run an additional instance of moqui run something like this (but with | ||
# many more arguments for volume mapping, db setup, etc): | ||
# $ docker run -e VIRTUAL_HOST=moqui2.local --name moqui2_local --network moqui_default moqui | ||
|
||
# To import data from the docker host using port 5432 mapped for 127.0.0.1 only use something like this: | ||
# $ psql -h 127.0.0.1 -p 5432 -U moqui -W moqui < pg-dump.sql | ||
|
||
version: "2" | ||
services: | ||
nginx-proxy: | ||
# For documentation on SSL and other settings see: | ||
# https://github.com/nginxproxy/nginx-proxy | ||
image: nginxproxy/nginx-proxy | ||
container_name: nginx-proxy | ||
restart: always | ||
ports: | ||
- 80:80 | ||
- 443:443 | ||
labels: | ||
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true" | ||
volumes: | ||
- /var/run/docker.sock:/tmp/docker.sock:ro | ||
- /etc/localtime:/etc/localtime:ro | ||
# note: .crt, .key, and .dhparam.pem files start with the domain name in VIRTUAL_HOST (ie 'acetousk.com.*') or use CERT_NAME env var | ||
- ./certs:/etc/nginx/certs | ||
- ./nginx/conf.d:/etc/nginx/conf.d | ||
- ./nginx/vhost.d:/etc/nginx/vhost.d | ||
- ./nginx/html:/usr/share/nginx/html | ||
environment: | ||
# change this for the default host to use when accessing directly by IP, etc | ||
- DEFAULT_HOST=moqui.local | ||
# use SSL_POLICY to disable TLSv1.0, etc in nginx-proxy | ||
- SSL_POLICY=AWS-TLS-1-1-2017-01 | ||
networks: | ||
- proxy-tier | ||
|
||
acme-companion: | ||
image: nginxproxy/acme-companion | ||
container_name: acme-companion | ||
restart: always | ||
volumes: | ||
- /var/run/docker.sock:/var/run/docker.sock:ro | ||
- /etc/localtime:/etc/localtime:ro | ||
- ./certs:/etc/nginx/certs | ||
- ./nginx/conf.d:/etc/nginx/conf.d | ||
- ./nginx/vhost.d:/etc/nginx/vhost.d | ||
- ./nginx/html:/usr/share/nginx/html | ||
- ./acme.sh:/etc/acme.sh | ||
networks: | ||
- proxy-tier | ||
environment: | ||
# TODO: For production change this to your email | ||
- [email protected] | ||
# TODO: For production change this to false | ||
- LETSENCRYPT_TEST=true | ||
depends_on: | ||
- nginx-proxy | ||
|
||
moqui-server: | ||
image: moqui | ||
container_name: moqui-server | ||
command: conf=conf/MoquiProductionConf.xml no-run-es | ||
restart: always | ||
links: | ||
- moqui-database | ||
- moqui-search | ||
volumes: | ||
- /etc/localtime:/etc/localtime:ro | ||
- ./runtime/conf:/opt/moqui/runtime/conf | ||
- ./runtime/lib:/opt/moqui/runtime/lib | ||
- ./runtime/classes:/opt/moqui/runtime/classes | ||
- ./runtime/ecomponent:/opt/moqui/runtime/ecomponent | ||
- ./runtime/log:/opt/moqui/runtime/log | ||
- ./runtime/txlog:/opt/moqui/runtime/txlog | ||
- ./runtime/sessions:/opt/moqui/runtime/sessions | ||
# this one isn't needed when not using H2/etc:- ./runtime/db:/opt/moqui/runtime/db | ||
environment: | ||
- "JAVA_TOOL_OPTIONS=-Xms1024m -Xmx1024m" | ||
- instance_purpose=production | ||
- entity_ds_db_conf=postgres | ||
- entity_ds_host=moqui-database | ||
- entity_ds_port=5432 | ||
- entity_ds_database=moqui | ||
- entity_ds_schema=public | ||
- entity_ds_user=moqui | ||
- entity_ds_password='MOQUI_CHANGE_ME!!!' | ||
- entity_ds_crypt_pass='DEFAULT_CHANGE_ME!!!' | ||
# configuration for ElasticFacade.ElasticClient, make sure the old moqui-elasticsearch component is NOT included in the Moqui build | ||
- elasticsearch_url=https://moqui-search:9200 | ||
# prefix for index names, use something distinct and not 'moqui_' or 'mantle_' which match the beginning of OOTB index names | ||
- elasticsearch_index_prefix=default_ | ||
- elasticsearch_user=admin | ||
- elasticsearch_password=admin | ||
# CHANGE ME - note that VIRTUAL_HOST is for nginx-proxy so it picks up this container as one it should reverse proxy | ||
# this can be a comma separate list of hosts like 'example.com,www.example.com' | ||
- VIRTUAL_HOST=moqui.local | ||
- LETSENCRYPT_HOST=moqui.local | ||
# moqui will accept traffic from other hosts but these are the values used for URL writing when specified: | ||
# - webapp_http_host=moqui.local | ||
- webapp_http_port=80 | ||
- webapp_https_port=443 | ||
- webapp_https_enabled=true | ||
# nginx-proxy populates X-Real-IP with remote_addr by default, better option for outer proxy than X-Forwarded-For which defaults to proxy_add_x_forwarded_for | ||
- webapp_client_ip_header=X-Real-IP | ||
- default_locale=en_US | ||
- default_time_zone=US/Pacific | ||
networks: | ||
- proxy-tier | ||
- default | ||
|
||
moqui-database: | ||
image: postgres:14.5 | ||
container_name: moqui-database | ||
restart: always | ||
ports: | ||
# change this as needed to bind to any address or even comment to not expose port outside containers | ||
- 127.0.0.1:5432:5432 | ||
volumes: | ||
- /etc/localtime:/etc/localtime:ro | ||
# edit these as needed to map configuration and data storage | ||
- ./db/postgres/data:/var/lib/postgresql/data | ||
environment: | ||
- POSTGRES_DB=moqui | ||
- POSTGRES_DB_SCHEMA=public | ||
- POSTGRES_USER=moqui | ||
- POSTGRES_PASSWORD='MOQUI_CHANGE_ME!!!' | ||
# PGDATA, POSTGRES_INITDB_ARGS | ||
networks: | ||
default: | ||
|
||
moqui-search: | ||
image: opensearchproject/opensearch:2.4.0 | ||
container_name: moqui-search | ||
restart: always | ||
ports: | ||
# change this as needed to bind to any address or even comment to not expose port outside containers | ||
- 127.0.0.1:9200:9200 | ||
- 127.0.0.1:9300:9300 | ||
volumes: | ||
- /etc/localtime:/etc/localtime:ro | ||
# edit these as needed to map configuration and data storage | ||
- ./opensearch/data/nodes:/usr/share/opensearch/data/nodes | ||
# - ./opensearch/config/opensearch.yml:/usr/share/opensearch/config/opensearch.yml | ||
# - ./opensearch/logs:/usr/share/opensearch/logs | ||
environment: | ||
- "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" | ||
- discovery.type=single-node | ||
- network.host=_site_ | ||
ulimits: | ||
memlock: | ||
soft: -1 | ||
hard: -1 | ||
nofile: | ||
soft: 65536 | ||
hard: 65536 | ||
networks: | ||
proxy-tier: | ||
|
||
opensearch-dashboards: | ||
image: opensearchproject/opensearch-dashboards:2.4.0 | ||
container_name: opensearch-dashboards | ||
volumes: | ||
- /etc/localtime:/etc/localtime:ro | ||
links: | ||
- moqui-search | ||
ports: | ||
- 127.0.0.1:5601:5601 | ||
environment: | ||
OPENSEARCH_HOSTS: '["https://moqui-search:9200"]' | ||
networks: | ||
default: | ||
proxy-tier: | ||
|
||
networks: | ||
proxy-tier: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
This directory must exist for mapping otherwise created as root in container and opensearch cannot access it. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters