services: frontend: image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_nginx_name }}:{{ item.chill_image_tag }} links: - app:php labels: - "traefik.enable=true" - "traefik.docker.network=traefik" - "traefik.http.routers.frontend-{{ item.chill_environment }}.rule=Host(`{{ item.host }}`)" - "traefik.http.routers.frontend-{{ item.chill_environment }}.entrypoints=websecure" {%+ if item.tls_config == 'self_signed' +%} - "traefik.http.routers.frontend-{{ item.chill_environment }}.tls=true" {%+ endif +%} {%+ if item.expose_port is not false +%} - "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.rule=PathPrefix(`/`)" - "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.entrypoints=chill{{ item.chill_environment }}" {%+ if item.tls_config == 'self_signed' +%} - "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.tls=true" {%+ endif +%} {%+ endif +%} networks: - traefik - default restart: always app: &defaultApp image: {{ registry_url }}/{{ registry_project }}/{{ chill_image_php_name }}:{{ item.chill_image_tag }} env_file: - env_file.env volumes: - './config/prod:/var/www/app/config/packages/prod:ro' - './var:/var/www/app/var:rw' - '/var/logs/chill:/var/www/app/logs' - '{{ doc_storage_dir }}/{{ item['chill_environment'] }}:/var/storage' links: - redis - relatorio - rabbitmq {% if item.add_postgres -%} - database {%- endif %} networks: - default restart: always consumer: <<: *defaultApp entrypoint: "/usr/bin/env" command: - "/bin/bash" - "-c" - > sleep 3 && bin/console cache:clear && while ! [ -f /tmp/kill_me ]; do php -d memory_limit=2G bin/console messenger:consume priority async --limit=20 --time-limit=600 -v; done; pre_stop: - command: - "/bin/bash" - "-c" - "touch /tmp/kill_me && bin/console messenger:stop-workers" cron: <<: *defaultApp entrypoint: "/usr/bin/env" command: ["bin/console", "chill:cron-job:execute", "-v"] restart: "no" {% if item.add_postgres %} database: image: "{{ database_image }}" env_file: - postgres.env volumes: - ./docker/db/data:/var/lib/postgresql/data:rw networks: - default restart: always {% endif %} ###> chill-project/chill-bundles ### redis: image: redis networks: - default restart: always relatorio: image: registry.gitlab.com/champs-libres/public/relatorio-tornado/app:latest networks: - default restart: always ###< chill-project/chill-bundles ### # sign-worker: # image: h3m6q87t.gra7.container-registry.ovh.net/sign-pdf-worker/worker:latest # environment: # AMQP_URL: amqp://guest:guest@rabbitmq:5672/%2f/to_python_sign # LOG_LEVEL: INFO # PKCS12_PATH: /etc/sign-pdf/dummy.p12 # TIMESTAMP_URL: http://freetsa.org/tsr # QUEUE_IN: to_python_sign # EXCHANGE_OUT: signed_docs # OUT_ROUTING_KEY: signed_doc # TSA_CERT_CHAIN: /etc/sign-pdf/tsa/tsa-chain.pem # TSA_CONFIG_PATH: /etc/sign-pdf/rootca.conf # TSA_KEY_PASSWORD: "5678" # volumes: # - "./resources/dev-certificate/dummy.p12:/etc/sign-pdf/dummy.p12:ro" # - "./resources/dev-certificate/rootca.conf:/etc/sign-pdf/rootca.conf:ro" # - "./resources/dev-certificate/tsa:/etc/sign-pdf/tsa:ro" # - "./resources/dev-certificate/tsa_serial:/var/lib/tsa/tsa_serial:rw" # links: # - rabbitmq # depends_on: # rabbitmq: # condition: service_healthy rabbitmq: image: rabbitmq:3-management-alpine env_file: - rabbitmq.env healthcheck: test: rabbitmq-diagnostics -q ping interval: 30s timeout: 30s retries: 3 networks: - default restart: always networks: traefik: external: true default: