Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Concourse on Docker with Let's Encrypt
## NOTE:
## because this docker-compose.yml is designed to work with a remote docker-machine,
## all mounted volume paths are currently relative to /concourse-data, data is thus stored on the docker host
nginx:
image: nginx
container_name: nginx
ports:
- "80:80"
- "443:443"
volumes:
- "/etc/nginx/conf.d"
- "/etc/nginx/vhost.d"
- "/usr/share/nginx/html"
- "/concourse-data/nginx/certs/:/etc/nginx/certs:ro"
restart: always
log_driver: "json-file"
log_opt: # limit log file size to prevent indefinite growth
max-size: "10m"
# generates nginx conf for docker container
nginx-gen:
image: jwilder/docker-gen
container_name: nginx-gen
volumes:
- "/var/run/docker.sock:/tmp/docker.sock:ro"
- "/concourse-data/nginx/templates:/etc/docker-gen/templates:ro"
volumes_from:
- nginx
command: -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
restart: always
log_driver: "json-file"
log_opt: # limit log file size to prevent indefinite growth
max-size: "10m"
# hooks in with docker-gen to add let's encryipt suppot
letsencrypt-nginx-proxy-companion:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: letsencrypt-nginx-proxy-companion
volumes_from:
- nginx
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/concourse-data/nginx/certs:/etc/nginx/certs:rw"
environment:
NGINX_DOCKER_GEN_CONTAINER: nginx-gen
restart: always
log_driver: "json-file"
log_opt: # limit log file size to prevent indefinite growth
max-size: "10m"
concourse-db:
image: postgres:9.5
volumes:
- "/concourse-data/pgdata:/database"
environment:
POSTGRES_DB: concourse
POSTGRES_USER: concourse
POSTGRES_PASSWORD: ${POSTGRES_PASS}
PGDATA: /database
restart: always
log_driver: "json-file"
log_opt: # limit log file size to prevent indefinite growth
max-size: "10m"
concourse-ui:
image: concourse/concourse:2.5.0
links: [concourse-db]
command: web
expose: ["8080"]
volumes: ["/concourse-data/keys/web:/concourse-keys"]
environment:
CONCOURSE_BASIC_AUTH_USERNAME: main
CONCOURSE_BASIC_AUTH_PASSWORD: ${CONCOURSE_PASS}
CONCOURSE_EXTERNAL_URL: https://${CONCOURSE_DOMAIN}
CONCOURSE_POSTGRES_DATA_SOURCE: |-
postgres://concourse:${POSTGRES_PASS}@concourse-db:5432/concourse?sslmode=disable
VIRTUAL_PORT: 8080
VIRTUAL_HOST: ${CONCOURSE_DOMAIN}
LETSENCRYPT_HOST: ${CONCOURSE_DOMAIN}
LETSENCRYPT_EMAIL: ${LETSENCRYPT_MAIL}
restart: always
log_driver: "json-file"
log_opt: # limit log file size to prevent indefinite growth
max-size: "10m"
concourse-worker:
image: concourse/concourse:2.5.0
privileged: true
links: [concourse-ui]
command: "worker"
volumes: ["/concourse-data/keys/worker:/concourse-keys"]
environment:
CONCOURSE_TSA_HOST: concourse-ui
restart: always
log_driver: "json-file"
log_opt: # limit log file size to prevent indefinite growth
max-size: "10m"
# see http://concourse.ci/docker-repository.html
mkdir -p keys/web keys/worker
ssh-keygen -t rsa -f ./keys/web/tsa_host_key -N ''
ssh-keygen -t rsa -f ./keys/web/session_signing_key -N ''
ssh-keygen -t rsa -f ./keys/worker/worker_key -N ''
cp ./keys/worker/worker_key.pub ./keys/web/authorized_worker_keys
cp ./keys/web/tsa_host_key.pub ./keys/worker
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment