davejansen/ghost-matomo-mariadb-traefik-ssl
1
0
Fork 0
Code Issues Pull Requests Activity
Files
45d219ce925cb4fbed801b22c4bee3ca64acde8a
ghost-matomo-mariadb-traefi…/docker-compose.yml
Dave Jansen 45d219ce92 Updated docker-compose to working state. Removed reliance on traefik.toml 
- New .env example with streamlined variable names
- Assumes https by default with http-to-http redirect enabled (Remove the redirect on line 25 to disable this)
- Assumes each domain(s) specified are different from one another, so that all parts can all be accessed from the same port (443).
- Forcibly disabled traefik on the db so that it won't try to get a certificate for it (I don't know why it does this)
- Set specific versions for Matomo (3) and Ghost (2) to avoid watchtower automatically making big upgrades

Still missing:
- The first time Ghost will fail to launch as MariaDB isn't ready right away. docker-compose got away with a health check. I might want to play with https://github.com/vishnubob/wait-for-it later
2019-02-20 15:31:20 +09:00

181 lines
6.0 KiB
YAML
Raw Blame History

version: '3'
# See https://docs.docker.com/compose/overview/ for more information.
# If you make changes to this file or any related files, apply them by
# navigating to the directory that holds this file and run this as root:
# docker-compose down; docker-compose up -d
networks:
frontend:
backend:
# Create persistent Docker volumes to preserve DB data.
volumes:
vol-db:
services:
# Traefik is a reverse proxy. It handles SSL and passes traffic to
# Docker containers via rules you define in docker-compose labels.
# Its dashboard is at http://example.com/traefik/ (behind a login).
traefik:
# https://hub.docker.com/_/traefik/
image: traefik:alpine
command:
- --web
- --entryPoints=Name:http Address::80 Redirect.EntryPoint:https
- --entryPoints=Name:https Address::443 TLS
- --defaultEntryPoints=http,https
- --docker
- --docker.endpoint=unix:///var/run/docker.sock
- --docker.domain=domain.localhost
- --docker.watch=true
- --acme
- --acme.storage=/etc/traefik/acme/acme.json
- --acme.email=${ACME_EMAIL}
- --acme.OnHostRule=true
- --acme.entryPoint=https
- --acme.httpChallenge.entrypoint=http
restart: unless-stopped
networks:
- backend
- frontend
volumes:
- /var/run/docker.sock:/var/run/docker.sock
# - ./config/traefik.toml:/traefik.toml
- ./config/acme:/etc/traefik/acme
ports:
# Map port 80 and 443 on the host to this container.
- "80:80"
- "443:443"
#- "8000:8080" # Traefik Dashboard
labels:
- "traefik.enable=true"
- "traefik.docker.network=frontend"
- "traefik.frontend.rule=Host:${DOMAINS_TRAEFIK}"
- "traefik.port=8080"
- "traefik.protocol=http"
# Remove next line to disable login prompt for the dashboard.
#- "traefik.frontend.auth.basic=${BASIC_AUTH}"
# Watchtower detects if any linked containers have an new image
# available, automatically updating & restarting them if needed.
watchtower:
# https://hub.docker.com/r/centurylink/watchtower/
image: v2tec/watchtower:latest
# https://github.com/v2tec/watchtower#options
# This schedule applies updates (if available) at midnight.
command: --cleanup --schedule "0 0 0 * * *"
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
db:
# https://hub.docker.com/_/mariadb/
# Specify 10.3 as we only want watchtower to apply minor updates
# (eg, 10.3.1) and not major updates (eg, 10.4).
image: mariadb:10.3
restart: unless-stopped
networks:
- backend
volumes:
# Ensure the database persists between restarts.
- vol-db:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
MYSQL_DATABASE: ${DB_NAME}
MYSQL_USER: ${DB_USER}
MYSQL_PASSWORD: ${DB_PASSWORD}
labels:
- "traefik.enable=false"
ghost:
image: ghost:2-alpine
restart: unless-stopped
links:
- db
networks:
- backend
- frontend
volumes:
- ./content:/var/lib/ghost/content
#- ./logs:/var/www/html/logs
labels:
- "traefik.docker.network=frontend"
- "traefik.enable=true"
- "traefik.frontend.rule=Host:${DOMAINS_BLOG}"
- "traefik.port=2368"
- "traefik.protocol=http"
environment:
database__client: mysql
database__connection__host: db
database__connection__database: ${DB_NAME}
database__connection__user: ${DB_USER}
database__connection__password: ${DB_PASSWORD}
# Uncomment the next line to enable HSTS header.
#- "traefik.frontend.headers.STSSeconds=15768000"
matomo:
image: matomo:3
restart: unless-stopped
links:
- db
networks:
- backend
- frontend
volumes:
# To allow you to view/edit Matomo configuration files:
- ./config/matomo:/var/www/html/config:rw
# To allow you to easily view Matomo log files:
- ./logs:/var/www/html/logs
# Install our own php.ini, which can be customized:
- ./config/php.ini:/usr/local/etc/php/php.ini
# Use MaxMind GeoLite2 databases.
#- /var/lib/GeoIP/GeoLite2-City.mmdb:/var/www/html/misc/GeoLite2-City.mmdb
#- /var/lib/GeoIP/GeoLite2-Country.mmdb:/var/www/html/misc/GeoLite2-Country.mmdb
#- /var/lib/GeoIP/GeoLite2-ASN.mmdb:/var/www/html/misc/GeoLite2-ASN.mmdb
labels:
- "traefik.enable=true"
- "traefik.docker.network=frontend"
- "traefik.frontend.rule=Host:${DOMAINS_MATOMO}"
- "traefik.port=80"
# Uncomment the next line to enable HSTS header.
#- "traefik.frontend.headers.STSSeconds=15768000"
# Navigate to http://example.com/phpmyadmin/ to manage your MySQL
# databases. (Don't forget the last forward slash.) Like the Traefik
# dashboard, this is behind a login prompt to help you stay secure.
# matomo-phpmyadmin:
# # https://hub.docker.com/r/phpmyadmin/phpmyadmin/
# image: phpmyadmin/phpmyadmin:latest
# depends_on:
# - db
# restart: always
# networks:
# - backend
# - frontend
# volumes:
# # Install our own php.ini, which can be customized.
# - ./php.ini:/usr/local/etc/php/php.ini
# environment:
# PMA_HOST: db
# PMA_ABSOLUTE_URI: /phpmyadmin/
# MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
# labels:
# - "traefik.docker.network=frontend"
# - "traefik.enable=true"
# - "traefik.frontend.rule=Host:${MATOMO_DOMAINS}; PathPrefixStrip:/phpmyadmin/"
# - "traefik.port=80"
# - "traefik.protocol=http"
# # Remove the next line if you don't want a browser login prompt.
# - "traefik.frontend.auth.basic=${BASIC_AUTH}"
# This allows Matomo to send email straight out of the box without
# having to rely on an external provider like SendGrid or MailGun.
# It makes an SMTP host available at the hostname "mail".
# mail:
# image: bytemark/smtp
# restart: always
# networks:
# - frontend
Reference in New Issue View Git Blame Copy Permalink