-
-
Save erguotou520/a677ed5262146c208d159dacd0aed812 to your computer and use it in GitHub Desktop.
gogs+drone+traefix docker-compose config file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 顶级域名 | |
| SERVER_DOMAIN=erguotou.me | |
| # Time Zone | |
| TIME_ZONE=Asia/Shanghai | |
| # ACME | |
| ACME_EMAIL=erguotou525@gmail.com | |
| # Drone | |
| DRONE_SECRET=xx | |
| DRONE_ADMIN=erguotou |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3' | |
| services: | |
| bitwarden: | |
| image: bitwardenrs/server:latest | |
| container_name: bitwarden | |
| hostname: bitwarden | |
| restart: always | |
| environment: | |
| - WEBSOCKET_ENABLED=true | |
| # 成功后改为false | |
| - SIGNUPS_ALLOWED=true | |
| # 成功后设置 - INVITATIONS_ALLOWED=false | |
| - DOMAIN=https://bitwarden.erguotou.me | |
| - DATABASE_URL=/data/bitwarden.db | |
| # - ROCKET_WORKERS=1 | |
| - WEB_VAULT_ENABLED=true | |
| volumes: | |
| - ./data:/data | |
| networks: | |
| - traefik | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.docker.network=traefik_webgateway" | |
| - "traefik.http.routers.bitwarden.rule=Host(`bitwarden.erguotou.me`)" | |
| - "traefik.http.routers.bitwarden.entrypoints=websecure" | |
| - "traefik.http.routers.bitwarden.tls.certresolver=mytlschallenge" | |
| - "traefik.http.routers.bitwarden.service=bitwarden" | |
| - "traefik.http.services.bitwarden.loadbalancer.server.port=80" | |
| - "traefik.http.routers.bitwarden-websocket.rule=Host(`bitwarden.erguotou.me`) && Path(`/notifications/hub`)" | |
| - "traefik.http.routers.bitwarden-websocket.entrypoints=websecure" | |
| - "traefik.http.routers.bitwarden-websocket.tls.certresolver=mytlschallenge" | |
| - "traefik.http.routers.bitwarden-websocket.service=bitwarden-websocket" | |
| - "traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012" | |
| networks: | |
| traefik: | |
| external: | |
| name: traefik_webgateway |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3.5" | |
| services: | |
| traefik: | |
| # The official Traefik docker image | |
| image: traefik:latest | |
| container_name: traefik | |
| # Enables the web UI and tells Traefik to listen to docker | |
| command: | |
| - "--api.insecure=true" | |
| # 这里如果不改为debug会导致bitwarden不能启动 | |
| - "--log.level=DEBUG" | |
| - "--providers.docker=true" | |
| - "--providers.docker.network=traefik_webgateway" | |
| - "--providers.docker.exposedbydefault=false" | |
| - "--entryPoints.websecure.address=:443" | |
| - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true" | |
| # - "--certificatesResolvers.mytlschallenge.acme.httpchallenge.entryPoint=web" | |
| - "--certificatesResolvers.mytlschallenge.acme.email=${ACME_EMAIL}" | |
| - "--certificatesResolvers.mytlschallenge.acme.storage=/etc/acme/acme.json" | |
| ports: | |
| - "443:443" | |
| # The Web UI (enabled by --api.insecure=true) | |
| - "8080:8080" | |
| volumes: | |
| # So that Traefik can listen to the Docker events | |
| - "./devops/acme:/etc/acme" | |
| - "/var/run/docker.sock:/var/run/docker.sock:ro" | |
| environment: | |
| - TZ=${TIME_ZONE} | |
| networks: | |
| - traefik_webgateway | |
| # whoami: | |
| # image: "containous/whoami" | |
| # container_name: "simple-service" | |
| # labels: | |
| # - "traefik.enable=true" | |
| # - "traefik.http.services.whoami.loadbalancer.server.port=80" | |
| # - "traefik.http.routers.whoami.rule=Host(`whoami.${SERVER_DOMAIN}`)" | |
| # - "traefik.http.routers.whoami.entrypoints=websecure" | |
| # - "traefik.http.routers.whoami.tls.certresolver=mytlschallenge" | |
| gogs: | |
| container_name: gogs | |
| image: gogs/gogs | |
| restart: always | |
| hostname: gogs | |
| ports: | |
| - "10022:22" | |
| volumes: | |
| - ./devops/gogs:/data | |
| environment: | |
| - TZ=${TIME_ZONE} | |
| networks: | |
| - traefik_webgateway | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.http.services.gogs.loadbalancer.server.port=3000" | |
| - "traefik.http.routers.gogs.rule=Host(`gogs.${SERVER_DOMAIN}`)" | |
| - "traefik.http.routers.gogs.entrypoints=websecure" | |
| - "traefik.http.routers.gogs.tls.certresolver=mytlschallenge" | |
| drone-server: | |
| container_name: drone-server | |
| image: drone/drone | |
| restart: always | |
| hostname: drone-server | |
| volumes: | |
| - ./devops/drone-server:/var/lib/drone/ | |
| environment: | |
| - TZ=${TIME_ZONE} | |
| - DRONE_GOGS_SERVER=https://gogs.${SERVER_DOMAIN} | |
| - DRONE_RPC_SECRET=${DRONE_SECRET} | |
| - DRONE_SERVER_HOST=drone.${SERVER_DOMAIN} | |
| - DRONE_SERVER_PROTO=https | |
| - DRONE_USER_CREATE=username:${DRONE_ADMIN},admin:true | |
| networks: | |
| - drone | |
| - traefik_webgateway | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.http.routers.drone-server.rule=Host(`drone.${SERVER_DOMAIN}`)" | |
| - "traefik.http.routers.drone-server.entrypoints=websecure" | |
| - "traefik.http.routers.drone-server.tls.certresolver=mytlschallenge" | |
| drone-agent: | |
| container_name: drone-agent | |
| image: drone/agent | |
| restart: always | |
| hostname: drone-agent | |
| depends_on: | |
| - drone-server | |
| networks: | |
| - drone | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| environment: | |
| - TZ=${TIME_ZONE} | |
| - DRONE_RPC_HOST=drone.${SERVER_DOMAIN} | |
| - DRONE_RPC_SECRET=${DRONE_SECRET} | |
| - DRONE_SERVER_PROTO=https | |
| - DRONE_RUNNER_CAPACITY=2 | |
| - DRONE_RUNNER_NAME=${HOSTNAME} | |
| labels: | |
| - "traefik.enable=false" | |
| registry: | |
| container_name: registry | |
| image: registry | |
| restart: always | |
| hostname: registry | |
| networks: | |
| - traefik_webgateway | |
| volumes: | |
| - ./devops/registry:/var/lib/registry | |
| environment: | |
| - TZ=${TIME_ZONE} | |
| - REGISTRY_STORAGE_DELETE_ENABLED=true | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.http.routers.registry.rule=Host(`registry.${SERVER_DOMAIN}`)" | |
| - "traefik.http.routers.registry.entrypoints=websecure" | |
| - "traefik.http.routers.registry.tls.certresolver=mytlschallenge" | |
| registry-ui: | |
| container_name: registry-ui | |
| image: quiq/docker-registry-ui | |
| #image: jc21/registry-ui | |
| #image: konradkleine/docker-registry-frontend:v2 | |
| restart: always | |
| hostname: registry-ui | |
| depends_on: | |
| - registry | |
| environment: | |
| - TZ=${TIME_ZONE} | |
| #- REGISTRY_HOST=registry.erguotou.me | |
| #- REGISTRY_SSL=true | |
| #- REGISTRY_DOMAIN=registry.erguotou.me | |
| #- ENV_DOCKER_REGISTRY_HOST=registry | |
| #- ENV_DOCKER_REGISTRY_PORT=443 | |
| #- ENV_DOCKER_REGISTRY_USE_SSL=1 | |
| expose: | |
| - 8000 | |
| networks: | |
| - traefik_webgateway | |
| volumes: | |
| - ./devops/registry-ui.yml:/opt/config.yml:ro | |
| labels: | |
| - "traefik.enable=true" | |
| # 使用 echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g 生成用户密钥 | |
| - "traefik.http.middlewares.test-auth.basicauth.users=xxx:xxx" | |
| - "traefik.http.middlewares.test-auth.basicauth.removeheader=true" | |
| - "traefik.http.services.registry-ui.loadbalancer.server.port=8000" | |
| - "traefik.http.routers.registry-ui.rule=Host(`registry-ui.${SERVER_DOMAIN}`)" | |
| - "traefik.http.routers.registry-ui.entrypoints=websecure" | |
| - "traefik.http.routers.registry-ui.tls.certresolver=mytlschallenge" | |
| - "traefik.http.routers.registry-ui.middlewares=test-auth@docker" | |
| networks: | |
| traefik_webgateway: | |
| name: traefik_webgateway | |
| driver: bridge | |
| drone: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3" | |
| services: | |
| whoami: | |
| image: "containous/whoami" | |
| container_name: "simple-service" | |
| networks: | |
| - traefik | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.docker.network=traefik_webgateway" | |
| - "traefik.http.services.whoami.loadbalancer.server.port=80" | |
| - "traefik.http.routers.whoami.rule=Host(`whoami.erguotou.me`)" | |
| - "traefik.http.routers.whoami.entrypoints=websecure" | |
| - "traefik.http.routers.whoami.tls.certresolver=mytlschallenge" | |
| networks: | |
| traefik: | |
| external: | |
| name: traefik_webgateway |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment