Last active
August 25, 2017 23:38
-
-
Save JohannesRudolph/d86ae89b786dc23272172f20ed0a884e to your computer and use it in GitHub Desktop.
Concourse on Docker with Let's Encrypt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## NOTE: | |
## because this docker-compose.yml is designed to work with a remote docker-machine, | |
## all mounted volume paths are currently relative to /concourse-data, data is thus stored on the docker host | |
nginx: | |
image: nginx | |
container_name: nginx | |
ports: | |
- "80:80" | |
- "443:443" | |
volumes: | |
- "/etc/nginx/conf.d" | |
- "/etc/nginx/vhost.d" | |
- "/usr/share/nginx/html" | |
- "/concourse-data/nginx/certs/:/etc/nginx/certs:ro" | |
restart: always | |
log_driver: "json-file" | |
log_opt: # limit log file size to prevent indefinite growth | |
max-size: "10m" | |
# generates nginx conf for docker container | |
nginx-gen: | |
image: jwilder/docker-gen | |
container_name: nginx-gen | |
volumes: | |
- "/var/run/docker.sock:/tmp/docker.sock:ro" | |
- "/concourse-data/nginx/templates:/etc/docker-gen/templates:ro" | |
volumes_from: | |
- nginx | |
command: -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf | |
restart: always | |
log_driver: "json-file" | |
log_opt: # limit log file size to prevent indefinite growth | |
max-size: "10m" | |
# hooks in with docker-gen to add let's encryipt suppot | |
letsencrypt-nginx-proxy-companion: | |
image: jrcs/letsencrypt-nginx-proxy-companion | |
container_name: letsencrypt-nginx-proxy-companion | |
volumes_from: | |
- nginx | |
volumes: | |
- "/var/run/docker.sock:/var/run/docker.sock:ro" | |
- "/concourse-data/nginx/certs:/etc/nginx/certs:rw" | |
environment: | |
NGINX_DOCKER_GEN_CONTAINER: nginx-gen | |
restart: always | |
log_driver: "json-file" | |
log_opt: # limit log file size to prevent indefinite growth | |
max-size: "10m" | |
concourse-db: | |
image: postgres:9.5 | |
volumes: | |
- "/concourse-data/pgdata:/database" | |
environment: | |
POSTGRES_DB: concourse | |
POSTGRES_USER: concourse | |
POSTGRES_PASSWORD: ${POSTGRES_PASS} | |
PGDATA: /database | |
restart: always | |
log_driver: "json-file" | |
log_opt: # limit log file size to prevent indefinite growth | |
max-size: "10m" | |
concourse-ui: | |
image: concourse/concourse:2.5.0 | |
links: [concourse-db] | |
command: web | |
expose: ["8080"] | |
volumes: ["/concourse-data/keys/web:/concourse-keys"] | |
environment: | |
CONCOURSE_BASIC_AUTH_USERNAME: main | |
CONCOURSE_BASIC_AUTH_PASSWORD: ${CONCOURSE_PASS} | |
CONCOURSE_EXTERNAL_URL: https://${CONCOURSE_DOMAIN} | |
CONCOURSE_POSTGRES_DATA_SOURCE: |- | |
postgres://concourse:${POSTGRES_PASS}@concourse-db:5432/concourse?sslmode=disable | |
VIRTUAL_PORT: 8080 | |
VIRTUAL_HOST: ${CONCOURSE_DOMAIN} | |
LETSENCRYPT_HOST: ${CONCOURSE_DOMAIN} | |
LETSENCRYPT_EMAIL: ${LETSENCRYPT_MAIL} | |
restart: always | |
log_driver: "json-file" | |
log_opt: # limit log file size to prevent indefinite growth | |
max-size: "10m" | |
concourse-worker: | |
image: concourse/concourse:2.5.0 | |
privileged: true | |
links: [concourse-ui] | |
command: "worker" | |
volumes: ["/concourse-data/keys/worker:/concourse-keys"] | |
environment: | |
CONCOURSE_TSA_HOST: concourse-ui | |
restart: always | |
log_driver: "json-file" | |
log_opt: # limit log file size to prevent indefinite growth | |
max-size: "10m" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# see http://concourse.ci/docker-repository.html | |
mkdir -p keys/web keys/worker | |
ssh-keygen -t rsa -f ./keys/web/tsa_host_key -N '' | |
ssh-keygen -t rsa -f ./keys/web/session_signing_key -N '' | |
ssh-keygen -t rsa -f ./keys/worker/worker_key -N '' | |
cp ./keys/worker/worker_key.pub ./keys/web/authorized_worker_keys | |
cp ./keys/web/tsa_host_key.pub ./keys/worker |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment