ansible-role-chill/templates/compose.yaml

services:
    frontend:
        image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_nginx_name }}:{{ item.chill_image_tag }}
        links:
            - app:php
        labels:
            - "traefik.enable=true"
            - "traefik.docker.network=traefik"
            - "traefik.http.routers.frontend-{{ item.chill_environment }}.rule=Host(`{{ item.host }}`)"
            - "traefik.http.routers.frontend-{{ item.chill_environment }}.entrypoints=websecure"
            {%+ if item.tls_config == 'self_signed' +%}
            - "traefik.http.routers.frontend-{{ item.chill_environment }}.tls=true"
            {%+ endif +%}
            {%+ if item.expose_port is not false +%}
            - "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.rule=PathPrefix(`/`)"
            - "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.entrypoints=chill{{ item.chill_environment }}"
            {%+ if item.tls_config == 'self_signed' +%}
            - "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.tls=true"
            {%+ endif +%}
            {%+ endif +%}
        networks:
            - traefik
            - default
        restart: always

    app: &defaultApp
        image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_php_name }}:{{ item.chill_image_tag }}
        env_file:
            - env_file.env
        volumes:
            - './config/prod:/var/www/app/config/packages/prod:ro'
            - './var:/var/www/app/var:rw'
            - '/var/logs/chill:/var/www/app/var/logs'
            - '{{ doc_storage_dir }}/{{ item['chill_environment'] }}:/var/storage'
        links:
            - redis
            - relatorio
            - rabbitmq
            {% if item.add_postgres -%}
            - database
            {%- endif %}

        networks:
            - default
        restart: always

    consumer:
        <<: *defaultApp
        entrypoint: "/usr/bin/env"
        command:
            - "/bin/bash"
            - "-c"
            - > 
              sleep 3 && bin/console cache:clear &&
              while ! [ -f /tmp/kill_me ];
              do
              php -d memory_limit=2G bin/console messenger:consume priority async --limit=20 --time-limit=600 -v;
              done;
        pre_stop:
            - command:
                - "/bin/bash"
                - "-c"
                - "touch /tmp/kill_me && bin/console messenger:stop-workers"

    cron:
        <<: *defaultApp
        entrypoint: "/usr/bin/env"
        command: ["bin/console", "chill:cron-job:execute", "-v"]
        restart: "no"

  {% if item.add_postgres %}

    database:
        image: "{{ database_image }}"
        env_file:
            - postgres.env
        volumes:
            - ./docker/db/data:/var/lib/postgresql/data:rw
        networks:
            - default
        restart: always

  {% endif %}

    ###> chill-project/chill-bundles ###
    redis:
        image: redis
        networks:
            - default
        restart: always

    relatorio:
        image: registry.gitlab.com/champs-libres/public/relatorio-tornado/app:latest
        networks:
            - default
        restart: always
    ###< chill-project/chill-bundles ###

#    sign-worker:
#        image: h3m6q87t.gra7.container-registry.ovh.net/sign-pdf-worker/worker:latest
#        environment:
#            AMQP_URL: amqp://guest:guest@rabbitmq:5672/%2f/to_python_sign
#            LOG_LEVEL: INFO
#            PKCS12_PATH: /etc/sign-pdf/dummy.p12
#            TIMESTAMP_URL: http://freetsa.org/tsr
#            QUEUE_IN: to_python_sign
#            EXCHANGE_OUT: signed_docs
#            OUT_ROUTING_KEY: signed_doc
#            TSA_CERT_CHAIN: /etc/sign-pdf/tsa/tsa-chain.pem
#            TSA_CONFIG_PATH: /etc/sign-pdf/rootca.conf
#            TSA_KEY_PASSWORD: "5678"
#        volumes:
#            - "./resources/dev-certificate/dummy.p12:/etc/sign-pdf/dummy.p12:ro"
#            - "./resources/dev-certificate/rootca.conf:/etc/sign-pdf/rootca.conf:ro"
#            - "./resources/dev-certificate/tsa:/etc/sign-pdf/tsa:ro"
#            - "./resources/dev-certificate/tsa_serial:/var/lib/tsa/tsa_serial:rw"
#        links:
#            - rabbitmq
#        depends_on:
#            rabbitmq:
#                condition: service_healthy

    rabbitmq:
        image: rabbitmq:3-management-alpine
        env_file:
            -   rabbitmq.env
        healthcheck:
            test: rabbitmq-diagnostics -q ping
            interval: 30s
            timeout: 30s
            retries: 3
        networks:
            - default
        restart: always

networks:
    traefik:
        external: true
    default:
set-up the role 2024-12-19 10:05:25 +00:00			`services:`
			`frontend:`
			`image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_nginx_name }}:{{ item.chill_image_tag }}`
			`links:`
			`- app:php`
			`labels:`
			`- "traefik.enable=true"`
			`- "traefik.docker.network=traefik"`
ssl / tsl and storage of document 2024-12-30 10:37:55 +00:00			- "traefik.http.routers.frontend-{{ item.chill_environment }}.rule=Host(`{{ item.host }}`)"
			`- "traefik.http.routers.frontend-{{ item.chill_environment }}.entrypoints=websecure"`
			`{%+ if item.tls_config == 'self_signed' +%}`
			`- "traefik.http.routers.frontend-{{ item.chill_environment }}.tls=true"`
			`{%+ endif +%}`
			`{%+ if item.expose_port is not false +%}`
			- "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.rule=PathPrefix(`/`)"
			`- "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.entrypoints=chill{{ item.chill_environment }}"`
			`{%+ if item.tls_config == 'self_signed' +%}`
			`- "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.tls=true"`
			`{%+ endif +%}`
			`{%+ endif +%}`
set-up the role 2024-12-19 10:05:25 +00:00			`networks:`
			`- traefik`
			`- default`
storage configuration and restart containers 2025-01-07 09:56:24 +00:00			`restart: always`
set-up the role 2024-12-19 10:05:25 +00:00
set up worker for async tasks 2024-12-30 11:34:33 +00:00			`app: &defaultApp`
set-up the role 2024-12-19 10:05:25 +00:00			`image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_php_name }}:{{ item.chill_image_tag }}`
			`env_file:`
			`- env_file.env`
			`volumes:`
			`- './config/prod:/var/www/app/config/packages/prod:ro'`
			`- './var:/var/www/app/var:rw'`
Update configs for trusted proxies, HTTPS, and log paths Revised proxy settings to dynamically include trusted IPs and ensured HTTPS redirections. Adjusted log mount path in Docker compose to align with application structure. Removed unused Traefik certificate volume for cleanup. 2025-01-10 11:49:43 +00:00			`- '/var/logs/chill:/var/www/app/var/logs'`
ssl / tsl and storage of document 2024-12-30 10:37:55 +00:00			`- '{{ doc_storage_dir }}/{{ item['chill_environment'] }}:/var/storage'`
set-up the role 2024-12-19 10:05:25 +00:00			`links:`
			`- redis`
			`- relatorio`
			`- rabbitmq`
			`{% if item.add_postgres -%}`
			`- database`
			`{%- endif %}`

			`networks:`
			`- default`
storage configuration and restart containers 2025-01-07 09:56:24 +00:00			`restart: always`
set up worker for async tasks 2024-12-30 11:34:33 +00:00
			`consumer:`
			`<<: *defaultApp`
			`entrypoint: "/usr/bin/env"`
			`command:`
			`- "/bin/bash"`
			`- "-c"`
			`- >`
			`sleep 3 && bin/console cache:clear &&`
			`while ! [ -f /tmp/kill_me ];`
			`do`
			`php -d memory_limit=2G bin/console messenger:consume priority async --limit=20 --time-limit=600 -v;`
			`done;`
			`pre_stop:`
			`- command:`
			`- "/bin/bash"`
			`- "-c"`
			`- "touch /tmp/kill_me && bin/console messenger:stop-workers"`

set up cronjob and timer 2024-12-30 12:19:45 +00:00			`cron:`
			`<<: *defaultApp`
			`entrypoint: "/usr/bin/env"`
			`command: ["bin/console", "chill:cron-job:execute", "-v"]`
storage configuration and restart containers 2025-01-07 09:56:24 +00:00			`restart: "no"`
set up cronjob and timer 2024-12-30 12:19:45 +00:00
set-up the role 2024-12-19 10:05:25 +00:00			`{% if item.add_postgres %}`

			`database:`
			`image: "{{ database_image }}"`
			`env_file:`
			`- postgres.env`
			`volumes:`
			`- ./docker/db/data:/var/lib/postgresql/data:rw`
			`networks:`
			`- default`
storage configuration and restart containers 2025-01-07 09:56:24 +00:00			`restart: always`
set-up the role 2024-12-19 10:05:25 +00:00
			`{% endif %}`

			`###> chill-project/chill-bundles ###`
			`redis:`
			`image: redis`
			`networks:`
			`- default`
storage configuration and restart containers 2025-01-07 09:56:24 +00:00			`restart: always`
set-up the role 2024-12-19 10:05:25 +00:00
			`relatorio:`
			`image: registry.gitlab.com/champs-libres/public/relatorio-tornado/app:latest`
			`networks:`
			`- default`
storage configuration and restart containers 2025-01-07 09:56:24 +00:00			`restart: always`
set-up the role 2024-12-19 10:05:25 +00:00			`###< chill-project/chill-bundles ###`

			`# sign-worker:`
			`# image: h3m6q87t.gra7.container-registry.ovh.net/sign-pdf-worker/worker:latest`
			`# environment:`
			`# AMQP_URL: amqp://guest:guest@rabbitmq:5672/%2f/to_python_sign`
			`# LOG_LEVEL: INFO`
			`# PKCS12_PATH: /etc/sign-pdf/dummy.p12`
			`# TIMESTAMP_URL: http://freetsa.org/tsr`
			`# QUEUE_IN: to_python_sign`
			`# EXCHANGE_OUT: signed_docs`
			`# OUT_ROUTING_KEY: signed_doc`
			`# TSA_CERT_CHAIN: /etc/sign-pdf/tsa/tsa-chain.pem`
			`# TSA_CONFIG_PATH: /etc/sign-pdf/rootca.conf`
			`# TSA_KEY_PASSWORD: "5678"`
			`# volumes:`
			`# - "./resources/dev-certificate/dummy.p12:/etc/sign-pdf/dummy.p12:ro"`
			`# - "./resources/dev-certificate/rootca.conf:/etc/sign-pdf/rootca.conf:ro"`
			`# - "./resources/dev-certificate/tsa:/etc/sign-pdf/tsa:ro"`
			`# - "./resources/dev-certificate/tsa_serial:/var/lib/tsa/tsa_serial:rw"`
			`# links:`
			`# - rabbitmq`
			`# depends_on:`
			`# rabbitmq:`
			`# condition: service_healthy`

			`rabbitmq:`
			`image: rabbitmq:3-management-alpine`
			`env_file:`
			`- rabbitmq.env`
			`healthcheck:`
			`test: rabbitmq-diagnostics -q ping`
			`interval: 30s`
			`timeout: 30s`
			`retries: 3`
			`networks:`
			`- default`
storage configuration and restart containers 2025-01-07 09:56:24 +00:00			`restart: always`
set-up the role 2024-12-19 10:05:25 +00:00
			`networks:`
			`traefik:`
			`external: true`
			`default:`