diff --git a/docker-compose.yml b/docker-compose.yml index 2dfa6c278..2f7f62688 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,3 +1,4 @@ +name: labca services: boulder: # The `letsencrypt/boulder-tools:latest` tag is automatically built in local @@ -14,13 +15,15 @@ services: # to the IP address where your ACME client's solver is listening. # FAKE_DNS: 172.17.0.1 FAKE_DNS: 10.77.77.77 - BOULDER_CONFIG_DIR: test/config + BOULDER_CONFIG_DIR: labca/config GOCACHE: /boulder/.gocache/go-build GOFLAGS: -mod=vendor volumes: - - .:/boulder:cached + - .:/opt/boulder:cached + - /home/labca/boulder_labca:/opt/boulder/labca + - /home/labca/nginx_data/static:/var/www/html - ./.gocache:/root/.cache/go-build:cached - - ./test/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/:cached + - /home/labca/boulder_labca/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/ networks: bouldernet: ipv4_address: 10.77.77.77 @@ -50,33 +53,23 @@ services: - 4003:4003 # SFE depends_on: - bmysql - - bproxysql - - bredis_1 - - bredis_2 - - bredis_3 - - bredis_4 + - bredis - bconsul - - bjaeger - bpkilint - entrypoint: test/entrypoint.sh - working_dir: &boulder_working_dir /boulder - - bsetup: - image: *boulder_tools_image - volumes: - - .:/boulder:cached - - ./.gocache:/root/.cache/go-build:cached - - ./test/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/:cached - entrypoint: test/certs/generate.sh - working_dir: *boulder_working_dir - profiles: - # Adding a profile to this container means that it won't be started by a - # normal "docker compose up/run boulder", only when specifically invoked - # with a "docker compose up bsetup". - - setup + - control + entrypoint: labca/entrypoint.sh + working_dir: &boulder_working_dir /opt/boulder + logging: + driver: "json-file" + options: + max-size: "500k" + max-file: "5" + restart: always bmysql: image: mariadb:10.5 + volumes: + - dbdata:/var/lib/mysql networks: bouldernet: aliases: @@ -90,82 +83,114 @@ services: # small. command: mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON logging: - driver: none - bproxysql: - image: proxysql/proxysql:2.5.4 - # The --initial flag force resets the ProxySQL database on startup. By - # default, ProxySQL ignores new configuration if the database already - # exists. Without this flag, new configuration wouldn't be applied until you - # ran `docker compose down`. - entrypoint: proxysql -f --idle-threads -c /test/proxysql/proxysql.cnf --initial - volumes: - - ./test/:/test/:cached - depends_on: - - bmysql - networks: - bouldernet: - aliases: - - boulder-proxysql + driver: "json-file" + options: + max-size: "500k" + max-file: "5" + restart: always - bredis_1: + bredis: image: redis:6.2.7 volumes: - - ./test/:/test/:cached - command: redis-server /test/redis-ocsp.config - networks: - redisnet: - ipv4_address: 10.33.33.2 - - bredis_2: - image: redis:6.2.7 - volumes: - - ./test/:/test/:cached - command: redis-server /test/redis-ocsp.config - networks: - redisnet: - ipv4_address: 10.33.33.3 - - bredis_3: - image: redis:6.2.7 - volumes: - - ./test/:/test/:cached - command: redis-server /test/redis-ratelimits.config + - /home/labca/boulder_labca:/opt/boulder/labca + command: redis-server /opt/boulder/labca/redis-ratelimits.config networks: redisnet: ipv4_address: 10.33.33.4 - - bredis_4: - image: redis:6.2.7 - volumes: - - ./test/:/test/:cached - command: redis-server /test/redis-ratelimits.config - networks: - redisnet: - ipv4_address: 10.33.33.5 + restart: always bconsul: image: hashicorp/consul:1.15.4 + depends_on: + - control volumes: - - ./test/:/test/:cached + - /home/labca/boulder_labca:/opt/boulder/labca networks: consulnet: ipv4_address: 10.55.55.10 bouldernet: ipv4_address: 10.77.77.10 - command: "consul agent -dev -config-format=hcl -config-file=/test/consul/config.hcl" + command: "consul agent -dev -config-format=hcl -config-file=/opt/boulder/labca/consul/config.hcl" + restart: always - bjaeger: - image: jaegertracing/all-in-one:1.50 + gui: + image: *boulder_tools_image networks: - bouldernet: - ipv4_address: 10.77.77.17 + - bouldernet + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /home/labca/admin:/go/src/labca + - ./.gocache:/root/.cache/go-build + - /home/labca/nginx_data/static:/var/www/html + - /home/labca/backup:/opt/backup + - .:/opt/boulder + - /home/labca/boulder_labca:/opt/boulder/labca + - /home/labca/boulder_labca/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/ + expose: + - 3000 + depends_on: + - bmysql + - control + working_dir: /go/src/labca + command: ./setup.sh + logging: + driver: "json-file" + options: + max-size: "500k" + max-file: "5" + restart: always + + nginx: + image: nginx:1.27.3 + restart: always + networks: + - bouldernet + ports: + - 80:80 + - 443:443 + volumes: + - /home/labca/nginx_data/conf.d:/etc/nginx/conf.d + - /home/labca/nginx_data/ssl:/etc/nginx/ssl + - /home/labca/nginx_data/static:/var/www/html + depends_on: + - control + + control: + image: *boulder_tools_image + networks: + - bouldernet + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /home/labca/admin/data:/opt/labca/data + - /home/labca/admin/data:/opt/labca/gui/data + - /home/labca/admin/bin:/opt/labca/bin + - /home/labca/labca:/opt/labca + - /home/labca/backup:/opt/backup + - /home/labca/control_logs:/opt/logs + - .:/opt/boulder + - /home/labca/boulder_labca:/opt/boulder/labca + - /home/labca/boulder_labca/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/ + - /home/labca/nginx_data/conf.d:/etc/nginx/conf.d + - /home/labca/nginx_data/ssl:/etc/nginx/ssl + - /home/labca/nginx_data/static:/var/www/html + expose: + - 3030 + environment: + LABCA_FQDN: ${LABCA_FQDN:-notset} + working_dir: /opt/labca + command: ./control.sh + restart: always bpkilint: image: ghcr.io/digicert/pkilint:v0.10.1 networks: bouldernet: ipv4_address: 10.77.77.9 - command: "gunicorn -w 8 -k uvicorn.workers.UvicornWorker -b 0.0.0.0:80 pkilint.rest:app" + command: "gunicorn -w 1 -k uvicorn.workers.UvicornWorker -b 0.0.0.0:80 pkilint.rest:app" + restart: always + +volumes: + dbdata: networks: # This network is primarily used for boulder services. It is also used by