forked from bihealth/sodar-docker-compose
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.dev.yml
177 lines (169 loc) · 5.49 KB
/
docker-compose.dev.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
# Development configuration for SODAR (external components ONLY)
version: "3.8"
# Default configuration for iRODS
x-irods: &default-irods
image: ghcr.io/bihealth/irods-docker:${IRODS_VERSION}
environment: &default-irods-environment
IRODS_ICAT_DBSERVER: ${POSTGRES_HOST}
IRODS_ICAT_DBUSER: ${POSTGRES_USERNAME}
IRODS_ICAT_DBPASS: ${POSTGRES_PASSWORD}
IRODS_ADMIN_USER: ${IRODS_USER}
IRODS_ADMIN_PASS: ${IRODS_PASS}
IRODS_ZONE_NAME: sodarZone
IRODS_AUTHENTICATION_SCHEME: ${IRODS_AUTHENTICATION_SCHEME}
IRODS_CLIENT_SERVER_NEGOTIATION: ${IRODS_CLIENT_SERVER_NEGOTIATION}
IRODS_CLIENT_SERVER_POLICY: ${IRODS_CLIENT_SERVER_POLICY}
IRODS_ZONE_KEY: ${IRODS_ZONE_KEY}
IRODS_NEGOTIATION_KEY: ${IRODS_NEGOTIATION_KEY}
IRODS_PASSWORD_SALT: ${IRODS_PASSWORD_SALT}
IRODS_CONTROL_PLANE_KEY: ${IRODS_CONTROL_PLANE_KEY}
IRODS_SSL_CERTIFICATE_CHAIN_FILE: ${IRODS_SSL_CERTIFICATE_CHAIN_FILE}
IRODS_SSL_CERTIFICATE_KEY_FILE: ${IRODS_SSL_CERTIFICATE_KEY_FILE}
IRODS_SSL_DH_PARAMS_FILE: ${IRODS_SSL_DH_PARAMS_FILE}
IRODS_SSL_VERIFY_SERVER: ${IRODS_SSL_VERIFY_SERVER}
IRODS_DEFAULT_HASH_SCHEME: MD5
IRODS_SSSD_AUTH: 0
IRODS_SODAR_AUTH: ${IRODS_SODAR_AUTH}
IRODS_SODAR_API_HOST: ${IRODS_SODAR_API_HOST}
depends_on:
- postgres
restart: unless-stopped
shm_size: '2gb'
services:
traefik:
image: traefik:v2.3.1
ports:
- "80:80"
- "443:443"
networks:
- sodar
restart: unless-stopped
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
volumes:
- type: bind
source: ./volumes/traefik/letsencrypt
target: /letsencrypt
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
read_only: true
postgres:
image: postgres:11
shm_size: 512mb
environment:
POSTGRES_USER: ${POSTGRES_USERNAME}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: sodar
ports:
- "5432:5432"
networks:
- sodar
restart: unless-stopped
volumes:
- type: bind
source: ./volumes/postgres/data
target: /var/lib/postgresql/data
redis:
image: redis:6
ports:
- "6379:6379"
networks:
- sodar
restart: unless-stopped
volumes:
- type: bind
source: ./volumes/redis/data
target: /data
irods:
<<: *default-irods
environment:
<<: *default-irods-environment
IRODS_HOST_NAME: irods
ports:
- "1247:1247"
hostname: irods
networks:
- sodar
extra_hosts:
- host.docker.internal:host-gateway
volumes:
- type: bind # iRODS configuration
source: ./config/irods/etc
target: /etc/irods
- type: bind # Traefik configuration for shared certs
source: ./config/traefik/tls
target: /etc/traefik/tls
- type: bind # Log files
source: ./volumes/irods/log
target: /var/lib/irods/log
- type: bind # File storage
source: ./volumes/irods/vault
target: /data/Vault
irods-test:
<<: *default-irods
environment:
<<: *default-irods-environment
IRODS_HOST_NAME: irods-test
IRODS_ICAT_DBNAME: ICAT_TEST
ports:
- "4488:1247"
hostname: irods-test
networks:
- sodar
volumes:
- type: bind # iRODS configuration
source: ./config/irods/etc-test
target: /etc/irods
- type: bind # Traefik configuration for shared certs
source: ./config/traefik/tls
target: /etc/traefik/tls
- type: bind # File storage
source: ./volumes/irods/vault-test
target: /data/Vault
davrods:
image: ghcr.io/bihealth/davrods-docker:${DAVRODS_VERSION}
hostname: davrods
environment:
IRODS_HOST_NAME: irods
IRODS_ZONE_PORT: 1247
IRODS_ZONE_NAME: sodarZone
IRODS_SSL_VERIFY_SERVER: ${IRODS_SSL_VERIFY_SERVER}
IRODS_AUTHENTICATION_SCHEME: ${IRODS_AUTHENTICATION_SCHEME}
IRODS_CLIENT_SERVER_NEGOTIATION: ${IRODS_CLIENT_SERVER_NEGOTIATION}
IRODS_CLIENT_SERVER_POLICY: ${IRODS_CLIENT_SERVER_POLICY}
IRODS_SSL_CA_CERT_PATH: ${IRODS_CERT_PATH}
DAVRODS_ENABLE_TICKETS: ${DAVRODS_ENABLE_TICKETS}
DAVRODS_AUTH_NAME: ${DAVRODS_AUTH_NAME}
depends_on:
- irods
networks:
- sodar
restart: unless-stopped
shm_size: '2gb'
volumes:
- type: bind
source: ./config/davrods/theme
target: /etc/httpd/irods/theme
- type: bind # Traefik configuration for shared certs
source: ./config/traefik/tls
target: /etc/traefik/tls
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.xforward.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.davrods.entrypoints=websecure"
- "traefik.http.routers.davrods.middlewares=xforward"
- "traefik.http.routers.davrods.rule=(HostRegexp(`{catchall:.+}`) && PathPrefix(`/sodarZone`))"
- "traefik.http.services.davrods.loadbalancer.server.port=80"
- "traefik.http.routers.davrods.tls=true"
- "traefik.http.routers.davrods.priority=100"
networks:
sodar:
driver_opts:
com.docker.network.bridge.name: ${NETWORK_BRIDGE_NAME:-br-sodar-dev}