Created
May 31, 2024 17:35
-
-
Save thomascenni/9a15f2192ae874390d8860db69c292fb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yaml-language-server: $schema=https://raw.githubusercontent.com/kjellberg/mrsk/validate-with-json-schema/lib/mrsk/configuration/schema.yaml | |
# Name of your application. Used to uniquely configure containers. | |
service: my-app | |
# Name of the container image. | |
image: my-app | |
# Deploy to these servers. | |
servers: | |
web: | |
hosts: | |
- web104 | |
options: | |
network: "private" | |
labels: | |
traefik.http.routers.my-app.tls: "true" | |
traefik.http.routers.my-app.tls.certresolver: letsencrypt | |
traefik.http.routers.my-app.rule: Host(`my-app.example.com`) | |
healthcheck: | |
path: /up | |
port: 8000 | |
interval: 5s | |
max_attempts: 7 | |
# Credentials for your image host. | |
registry: | |
# Specify the registry server, if you're not using Docker Hub | |
server: ghcr.io | |
username: USERNAME | |
# Always use an access token rather than real password when possible. | |
password: | |
- CR_PAT | |
# Use a different ssh user than root | |
ssh: | |
user: admin | |
# Configure builder setup. | |
builder: | |
remote: | |
arch: amd64 | |
# Configure custom arguments for Traefik | |
traefik: | |
options: | |
publish: | |
- "443:443" | |
volume: | |
- "/letsencrypt/acme.json:/letsencrypt/acme.json" # To save the configuration file. | |
network: "private" | |
args: | |
accesslog: true | |
accesslog.format: json | |
entryPoints.web.address: ":80" | |
entryPoints.web.http.redirections.entryPoint.to: websecure # We want to force https | |
entryPoints.web.http.redirections.entryPoint.scheme: https | |
entryPoints.web.http.redirections.entrypoint.permanent: true | |
entryPoints.websecure.address: ":443" | |
entryPoints.websecure.forwardedHeaders.trustedIPs: "127.0.0.1/32,10.42.0.0/16,173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22" # CloudFlare IPs per https://www.cloudflare.com/ips-v4/# | |
certificatesResolvers.letsencrypt.acme.email: "hello@example.com" | |
certificatesResolvers.letsencrypt.acme.storage: "/letsencrypt/acme.json" # Must match the path in `volume` | |
certificatesResolvers.letsencrypt.acme.httpchallenge: true | |
certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint: web # Must match the role in `servers` | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment