Skip to content

Instantly share code, notes, and snippets.

@JohannesRudolph

JohannesRudolph/docker-compose.yml

Last active August 25, 2017 23:38
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save JohannesRudolph/d86ae89b786dc23272172f20ed0a884e to your computer and use it in GitHub Desktop.
Save JohannesRudolph/d86ae89b786dc23272172f20ed0a884e to your computer and use it in GitHub Desktop.
Download ZIP
Concourse on Docker with Let's Encrypt
Raw
docker-compose.yml
## NOTE:
## because this docker-compose.yml is designed to work with a remote docker-machine,
## all mounted volume paths are currently relative to /concourse-data, data is thus stored on the docker host
nginx:
image: nginx
container_name: nginx
ports:
- "80:80"
- "443:443"
volumes:
- "/etc/nginx/conf.d"
- "/etc/nginx/vhost.d"
- "/usr/share/nginx/html"
- "/concourse-data/nginx/certs/:/etc/nginx/certs:ro"
restart: always
log_driver: "json-file"
log_opt: # limit log file size to prevent indefinite growth
max-size: "10m"
# generates nginx conf for docker container
nginx-gen:
image: jwilder/docker-gen
container_name: nginx-gen
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "/concourse-data/nginx/templates:/etc/docker-gen/templates:ro"
volumes_from:
- nginx
command: -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
restart: always
log_driver: "json-file"
log_opt: # limit log file size to prevent indefinite growth
max-size: "10m"
# hooks in with docker-gen to add let's encryipt suppot
letsencrypt-nginx-proxy-companion:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: letsencrypt-nginx-proxy-companion
volumes_from:
- nginx
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/concourse-data/nginx/certs:/etc/nginx/certs:rw"
environment:
NGINX_DOCKER_GEN_CONTAINER: nginx-gen
restart: always
log_driver: "json-file"
log_opt: # limit log file size to prevent indefinite growth
max-size: "10m"
concourse-db:
image: postgres:9.5
volumes:
- "/concourse-data/pgdata:/database"
environment:
POSTGRES_DB: concourse
POSTGRES_USER: concourse
POSTGRES_PASSWORD: ${POSTGRES_PASS}
PGDATA: /database
restart: always
log_driver: "json-file"
log_opt: # limit log file size to prevent indefinite growth
max-size: "10m"
concourse-ui:
image: concourse/concourse:2.5.0
links: [concourse-db]
command: web
expose: ["8080"]
volumes: ["/concourse-data/keys/web:/concourse-keys"]
environment:
CONCOURSE_BASIC_AUTH_USERNAME: main
CONCOURSE_BASIC_AUTH_PASSWORD: ${CONCOURSE_PASS}
CONCOURSE_EXTERNAL_URL: https://${CONCOURSE_DOMAIN}
CONCOURSE_POSTGRES_DATA_SOURCE: |-
postgres://concourse:${POSTGRES_PASS}@concourse-db:5432/concourse?sslmode=disable
VIRTUAL_PORT: 8080
VIRTUAL_HOST: ${CONCOURSE_DOMAIN}
LETSENCRYPT_HOST: ${CONCOURSE_DOMAIN}
LETSENCRYPT_EMAIL: ${LETSENCRYPT_MAIL}
restart: always
log_driver: "json-file"
log_opt: # limit log file size to prevent indefinite growth
max-size: "10m"
concourse-worker:
image: concourse/concourse:2.5.0
privileged: true
links: [concourse-ui]
command: "worker"
volumes: ["/concourse-data/keys/worker:/concourse-keys"]
environment:
CONCOURSE_TSA_HOST: concourse-ui
restart: always
log_driver: "json-file"
log_opt: # limit log file size to prevent indefinite growth
max-size: "10m"
Raw
generate-keys.sh
# see http://concourse.ci/docker-repository.html
mkdir -p keys/web keys/worker
ssh-keygen -t rsa -f ./keys/web/tsa_host_key -N ''
ssh-keygen -t rsa -f ./keys/web/session_signing_key -N ''
ssh-keygen -t rsa -f ./keys/worker/worker_key -N ''
cp ./keys/worker/worker_key.pub ./keys/web/authorized_worker_keys
cp ./keys/web/tsa_host_key.pub ./keys/worker
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment