dduportal/.env

## .env
# No double quotes around the rule!
SERVICES_JENKINS_DIR=./
TRAEFIK_ROUTER_RULE_FOR_JENKINS=Host(`localhost`) || Host(`127.0.0.1`) || Host(`172.17.0.1`)
EXTERNAL_HTTP_PORT=80
EXTERNAL_HTTPS_PORT=443
EXTERNAL_JNLP_PORT=50000
JENKINS_MAX_MEMORY=4096M
JENKINS_MAX_CPUS=1.8
JENKINS_INTERNAL_HTTP_PORT=8080
JENKINS_INTERNAL_JNLP_PORT=50000
TRAEFIK_MAX_MEMORY=128M
TRAEFIK_MAX_CPUS=0.2
ACME_CASERVER=https://acme-staging-v02.api.letsencrypt.org/directory
ACME_DATA_PATH=/acme-data
SECRETS_DIR=../../../../services/jenkins-local-secrets
JENKINS_ADMIN_EMAIL=admin@foo.io
DEFAULT_ADMINS_GITHUB_HANDLES=dduportal,ddu-bot

## docker-compose.yml
---
version: '2.4'

services:
  reverse-proxy:
    build: ./traefik/
    command:
      - --ping=true
      - --ping.entrypoint=ping
      - --providers.docker.exposedbydefault=false
      - --providers.docker.network=${PROJECT_ID:-default}_jenkins
      - --providers.file.directory=/traefik.conf.d/
      - --entryPoints.web.address=:${EXTERNAL_HTTP_PORT}
      - --entryPoints.websecure.address=:${EXTERNAL_HTTPS_PORT}
      - --entryPoints.jnlp.address=:${EXTERNAL_JNLP_PORT}
      - --entryPoints.ping.address=:8888
      - --certificatesResolvers.letsencrypt.acme.email=${JENKINS_ADMIN_EMAIL}
      - --certificatesResolvers.letsencrypt.acme.storage=${ACME_DATA_PATH}/acme.json
      - --certificatesResolvers.letsencrypt.acme.tlsChallenge=true
      - --certificatesResolvers.letsencrypt.acme.caServer=${ACME_CASERVER}
      - --accesslog=true
    restart: unless-stopped
    labels:
      - traefik.enable=true
      ## Redirect any HTTP request to its HTTPS version
      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
      - traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)
      - traefik.http.routers.redirs.entrypoints=web
      - traefik.http.routers.redirs.middlewares=redirect-to-https
    read_only: true
    cpus: "${TRAEFIK_MAX_CPUS}"
    mem_limit: "${TRAEFIK_MAX_MEMORY}"
    ports:
      - "${EXTERNAL_HTTP_PORT}:${EXTERNAL_HTTP_PORT}"
      - "${EXTERNAL_HTTPS_PORT}:${EXTERNAL_HTTPS_PORT}"
      - "${EXTERNAL_JNLP_PORT}:${EXTERNAL_JNLP_PORT}"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - "acme-data:${ACME_DATA_PATH}:rw"
    healthcheck:
      test: ["CMD", "wget", "http://127.0.0.1:8888/ping", "--spider"]
      interval: 2s
      timeout: 5s
      retries: 30
      start_period: 5s
    networks:
      jenkins:

  jenkins:
    build: "${SERVICES_JENKINS_DIR}/jenkins/"
    restart: unless-stopped
    labels:
      - traefik.enable=true
      - traefik.http.routers.jenkins.rule=${TRAEFIK_ROUTER_RULE_FOR_JENKINS}
      - traefik.http.routers.jenkins.tls=true
      - traefik.http.routers.jenkins.tls.certresolver=letsencrypt
      - traefik.http.routers.jenkins.entrypoints=websecure
      - traefik.http.services.jenkins.LoadBalancer.server.Port=${JENKINS_INTERNAL_HTTP_PORT}
      - traefik.tcp.routers.jenkins-jnlp.rule=HostSNI(`*`)
      - traefik.tcp.routers.jenkins-jnlp.entrypoints=jnlp
      - traefik.tcp.services.jenkins-jnlp.LoadBalancer.server.Port=${JENKINS_INTERNAL_JNLP_PORT}
    read_only: true
    volumes:
      - jenkins-data:/var/jenkins_home
      # Mounting in /run/secrets allow JCasC to retrieve secrets file content as variables
      - "${SECRETS_DIR}:/run/secrets:ro"
    tmpfs:
      - /var/jenkins_home/war:mode=770,uid=1000,gid=1000 # Expecting there is enough RAM
      - /var/jenkins_home/plugins:mode=770,uid=1000,gid=1000 # Expecting there is enough RAM
      - /run
      - /var/run
      - /tmp:exec
    cpus: "${JENKINS_MAX_CPUS}"
    mem_limit: "${JENKINS_MAX_MEMORY}"
    environment:
      - JENKINS_INTERNAL_HTTP_PORT
      - JENKINS_INTERNAL_JNLP_PORT
      - JENKINS_ADMIN_EMAIL
      - JENKINS_ROOT_URL=https://${JENKINS_LOCAL_HOSTNAME}
      - GH_ORG_ID
      # DEFAULT_ADMINS_GITHUB_HANDLES defines the "production" and default value. ADDITIONAL_ADMINS_GITHUB_HANDLES is used to inject a custom set of users for testing framework
      - JENKINS_ADMINS_GITHUB_HANDLES=${DEFAULT_ADMINS_GITHUB_HANDLES}${ADDITIONAL_ADMINS_GITHUB_HANDLES}
    healthcheck:
      test: ["CMD", "curl", "--silent", "--location", "--show-error", "--fail", "http://127.0.0.1:${JENKINS_INTERNAL_HTTP_PORT}/login"]
      interval: 5s
      timeout: 1s
      retries: 60
      start_period: 1s
    networks:
      jenkins:

volumes:
  jenkins-data:
  acme-data:

networks:
  jenkins:
...
	# No double quotes around the rule!
	SERVICES_JENKINS_DIR=./
	TRAEFIK_ROUTER_RULE_FOR_JENKINS=Host(`localhost`) \|\| Host(`127.0.0.1`) \|\| Host(`172.17.0.1`)
	EXTERNAL_HTTP_PORT=80
	EXTERNAL_HTTPS_PORT=443
	EXTERNAL_JNLP_PORT=50000
	JENKINS_MAX_MEMORY=4096M
	JENKINS_MAX_CPUS=1.8
	JENKINS_INTERNAL_HTTP_PORT=8080
	JENKINS_INTERNAL_JNLP_PORT=50000
	TRAEFIK_MAX_MEMORY=128M
	TRAEFIK_MAX_CPUS=0.2
	ACME_CASERVER=https://acme-staging-v02.api.letsencrypt.org/directory
	ACME_DATA_PATH=/acme-data
	SECRETS_DIR=../../../../services/jenkins-local-secrets
	JENKINS_ADMIN_EMAIL=admin@foo.io
	DEFAULT_ADMINS_GITHUB_HANDLES=dduportal,ddu-bot
	---
	version: '2.4'

	services:
	reverse-proxy:
	build: ./traefik/
	command:
	- --ping=true
	- --ping.entrypoint=ping
	- --providers.docker.exposedbydefault=false
	- --providers.docker.network=${PROJECT_ID:-default}_jenkins
	- --providers.file.directory=/traefik.conf.d/
	- --entryPoints.web.address=:${EXTERNAL_HTTP_PORT}
	- --entryPoints.websecure.address=:${EXTERNAL_HTTPS_PORT}
	- --entryPoints.jnlp.address=:${EXTERNAL_JNLP_PORT}
	- --entryPoints.ping.address=:8888
	- --certificatesResolvers.letsencrypt.acme.email=${JENKINS_ADMIN_EMAIL}
	- --certificatesResolvers.letsencrypt.acme.storage=${ACME_DATA_PATH}/acme.json
	- --certificatesResolvers.letsencrypt.acme.tlsChallenge=true
	- --certificatesResolvers.letsencrypt.acme.caServer=${ACME_CASERVER}
	- --accesslog=true
	restart: unless-stopped
	labels:
	- traefik.enable=true
	## Redirect any HTTP request to its HTTPS version
	- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
	- traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)
	- traefik.http.routers.redirs.entrypoints=web
	- traefik.http.routers.redirs.middlewares=redirect-to-https
	read_only: true
	cpus: "${TRAEFIK_MAX_CPUS}"
	mem_limit: "${TRAEFIK_MAX_MEMORY}"
	ports:
	- "${EXTERNAL_HTTP_PORT}:${EXTERNAL_HTTP_PORT}"
	- "${EXTERNAL_HTTPS_PORT}:${EXTERNAL_HTTPS_PORT}"
	- "${EXTERNAL_JNLP_PORT}:${EXTERNAL_JNLP_PORT}"
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock:ro
	- "acme-data:${ACME_DATA_PATH}:rw"
	healthcheck:
	test: ["CMD", "wget", "http://127.0.0.1:8888/ping", "--spider"]
	interval: 2s
	timeout: 5s
	retries: 30
	start_period: 5s
	networks:
	jenkins:

	jenkins:
	build: "${SERVICES_JENKINS_DIR}/jenkins/"
	restart: unless-stopped
	labels:
	- traefik.enable=true
	- traefik.http.routers.jenkins.rule=${TRAEFIK_ROUTER_RULE_FOR_JENKINS}
	- traefik.http.routers.jenkins.tls=true
	- traefik.http.routers.jenkins.tls.certresolver=letsencrypt
	- traefik.http.routers.jenkins.entrypoints=websecure
	- traefik.http.services.jenkins.LoadBalancer.server.Port=${JENKINS_INTERNAL_HTTP_PORT}
	- traefik.tcp.routers.jenkins-jnlp.rule=HostSNI(`*`)
	- traefik.tcp.routers.jenkins-jnlp.entrypoints=jnlp
	- traefik.tcp.services.jenkins-jnlp.LoadBalancer.server.Port=${JENKINS_INTERNAL_JNLP_PORT}
	read_only: true
	volumes:
	- jenkins-data:/var/jenkins_home
	# Mounting in /run/secrets allow JCasC to retrieve secrets file content as variables
	- "${SECRETS_DIR}:/run/secrets:ro"
	tmpfs:
	- /var/jenkins_home/war:mode=770,uid=1000,gid=1000 # Expecting there is enough RAM
	- /var/jenkins_home/plugins:mode=770,uid=1000,gid=1000 # Expecting there is enough RAM
	- /run
	- /var/run
	- /tmp:exec
	cpus: "${JENKINS_MAX_CPUS}"
	mem_limit: "${JENKINS_MAX_MEMORY}"
	environment:
	- JENKINS_INTERNAL_HTTP_PORT
	- JENKINS_INTERNAL_JNLP_PORT
	- JENKINS_ADMIN_EMAIL
	- JENKINS_ROOT_URL=https://${JENKINS_LOCAL_HOSTNAME}
	- GH_ORG_ID
	# DEFAULT_ADMINS_GITHUB_HANDLES defines the "production" and default value. ADDITIONAL_ADMINS_GITHUB_HANDLES is used to inject a custom set of users for testing framework
	- JENKINS_ADMINS_GITHUB_HANDLES=${DEFAULT_ADMINS_GITHUB_HANDLES}${ADDITIONAL_ADMINS_GITHUB_HANDLES}
	healthcheck:
	test: ["CMD", "curl", "--silent", "--location", "--show-error", "--fail", "http://127.0.0.1:${JENKINS_INTERNAL_HTTP_PORT}/login"]
	interval: 5s
	timeout: 1s
	retries: 60
	start_period: 1s
	networks:
	jenkins:

	volumes:
	jenkins-data:
	acme-data:

	networks:
	jenkins:
	...