github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 10:19:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9bad889fabab1a4522f7c5d56536f697e9c75670
labca/patches/docker-compose.patch
Arjan H f14a2636c5 Bump boulder version to release-2025-02-04; add redis container 
Let's Encrypt has changed the rate limiter to require redis, so we can
no longer remove it from the docker compose filei completely. But at
least we can run it once instead of four instances.
2025-02-10 19:38:38 +01:00

241 lines
6.9 KiB
Diff
Raw Blame History

diff --git a/docker-compose.yml b/docker-compose.yml
index 2dfa6c278..d90c629af 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,3 +1,4 @@
+name: labca
services:
boulder:
# The `letsencrypt/boulder-tools:latest` tag is automatically built in local
@@ -14,13 +15,15 @@ services:
# to the IP address where your ACME client's solver is listening.
# FAKE_DNS: 172.17.0.1
FAKE_DNS: 10.77.77.77
- BOULDER_CONFIG_DIR: test/config
+ BOULDER_CONFIG_DIR: labca/config
GOCACHE: /boulder/.gocache/go-build
GOFLAGS: -mod=vendor
volumes:
- - .:/boulder:cached
+ - .:/opt/boulder:cached
+ - /home/labca/boulder_labca:/opt/boulder/labca
+ - /home/labca/nginx_data/static:/var/www/html
- ./.gocache:/root/.cache/go-build:cached
- - ./test/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/:cached
+ - /home/labca/boulder_labca/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/
networks:
bouldernet:
ipv4_address: 10.77.77.77
@@ -50,33 +53,23 @@ services:
- 4003:4003 # SFE
depends_on:
- bmysql
- - bproxysql
- - bredis_1
- - bredis_2
- - bredis_3
- - bredis_4
+ - bredis
- bconsul
- - bjaeger
- bpkilint
- entrypoint: test/entrypoint.sh
- working_dir: &boulder_working_dir /boulder
-
- bsetup:
- image: *boulder_tools_image
- volumes:
- - .:/boulder:cached
- - ./.gocache:/root/.cache/go-build:cached
- - ./test/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/:cached
- entrypoint: test/certs/generate.sh
- working_dir: *boulder_working_dir
- profiles:
- # Adding a profile to this container means that it won't be started by a
- # normal "docker compose up/run boulder", only when specifically invoked
- # with a "docker compose up bsetup".
- - setup
+ - control
+ entrypoint: labca/entrypoint.sh
+ working_dir: &boulder_working_dir /opt/boulder
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "500k"
+ max-file: "5"
+ restart: always
bmysql:
image: mariadb:10.5
+ volumes:
+ - dbdata:/var/lib/mysql
networks:
bouldernet:
aliases:
@@ -90,82 +83,112 @@ services:
# small.
command: mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON
logging:
- driver: none
- bproxysql:
- image: proxysql/proxysql:2.5.4
- # The --initial flag force resets the ProxySQL database on startup. By
- # default, ProxySQL ignores new configuration if the database already
- # exists. Without this flag, new configuration wouldn't be applied until you
- # ran `docker compose down`.
- entrypoint: proxysql -f --idle-threads -c /test/proxysql/proxysql.cnf --initial
- volumes:
- - ./test/:/test/:cached
- depends_on:
- - bmysql
- networks:
- bouldernet:
- aliases:
- - boulder-proxysql
+ driver: "json-file"
+ options:
+ max-size: "500k"
+ max-file: "5"
+ restart: always
- bredis_1:
+ bredis:
image: redis:6.2.7
volumes:
- - ./test/:/test/:cached
- command: redis-server /test/redis-ocsp.config
- networks:
- redisnet:
- ipv4_address: 10.33.33.2
-
- bredis_2:
- image: redis:6.2.7
- volumes:
- - ./test/:/test/:cached
- command: redis-server /test/redis-ocsp.config
- networks:
- redisnet:
- ipv4_address: 10.33.33.3
-
- bredis_3:
- image: redis:6.2.7
- volumes:
- - ./test/:/test/:cached
- command: redis-server /test/redis-ratelimits.config
+ - /home/labca/boulder_labca:/opt/boulder/labca
+ command: redis-server /opt/boulder/labca/redis-ratelimits.config
networks:
redisnet:
ipv4_address: 10.33.33.4
- bredis_4:
- image: redis:6.2.7
- volumes:
- - ./test/:/test/:cached
- command: redis-server /test/redis-ratelimits.config
- networks:
- redisnet:
- ipv4_address: 10.33.33.5
-
bconsul:
image: hashicorp/consul:1.15.4
+ depends_on:
+ - control
volumes:
- - ./test/:/test/:cached
+ - /home/labca/boulder_labca:/opt/boulder/labca
networks:
consulnet:
ipv4_address: 10.55.55.10
bouldernet:
ipv4_address: 10.77.77.10
- command: "consul agent -dev -config-format=hcl -config-file=/test/consul/config.hcl"
+ command: "consul agent -dev -config-format=hcl -config-file=/opt/boulder/labca/consul/config.hcl"
+ restart: always
- bjaeger:
- image: jaegertracing/all-in-one:1.50
+ gui:
+ image: *boulder_tools_image
networks:
- bouldernet:
- ipv4_address: 10.77.77.17
+ - bouldernet
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock
+ - /home/labca/admin:/go/src/labca
+ - ./.gocache:/root/.cache/go-build
+ - /home/labca/nginx_data/static:/var/www/html
+ - /home/labca/backup:/opt/backup
+ - .:/opt/boulder
+ - /home/labca/boulder_labca:/opt/boulder/labca
+ - /home/labca/boulder_labca/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/
+ expose:
+ - 3000
+ depends_on:
+ - bmysql
+ - control
+ working_dir: /go/src/labca
+ command: ./setup.sh
+ logging:
+ driver: "json-file"
+ options:
+ max-size: "500k"
+ max-file: "5"
+ restart: always
+
+ nginx:
+ image: nginx:1.27.3
+ restart: always
+ networks:
+ - bouldernet
+ ports:
+ - 80:80
+ - 443:443
+ volumes:
+ - /home/labca/nginx_data/conf.d:/etc/nginx/conf.d
+ - /home/labca/nginx_data/ssl:/etc/nginx/ssl
+ - /home/labca/nginx_data/static:/var/www/html
+ depends_on:
+ - control
+
+ control:
+ image: *boulder_tools_image
+ networks:
+ - bouldernet
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock
+ - /home/labca/admin/data:/opt/labca/data
+ - /home/labca/admin/data:/opt/labca/gui/data
+ - /home/labca/admin/bin:/opt/labca/bin
+ - /home/labca/labca:/opt/labca
+ - /home/labca/backup:/opt/backup
+ - /home/labca/control_logs:/opt/logs
+ - .:/opt/boulder
+ - /home/labca/boulder_labca:/opt/boulder/labca
+ - /home/labca/boulder_labca/certs/.softhsm-tokens/:/var/lib/softhsm/tokens/
+ - /home/labca/nginx_data/conf.d:/etc/nginx/conf.d
+ - /home/labca/nginx_data/ssl:/etc/nginx/ssl
+ - /home/labca/nginx_data/static:/var/www/html
+ expose:
+ - 3030
+ environment:
+ LABCA_FQDN: ${LABCA_FQDN:-notset}
+ working_dir: /opt/labca
+ command: ./control.sh
+ restart: always
bpkilint:
image: ghcr.io/digicert/pkilint:v0.10.1
networks:
bouldernet:
ipv4_address: 10.77.77.9
- command: "gunicorn -w 8 -k uvicorn.workers.UvicornWorker -b 0.0.0.0:80 pkilint.rest:app"
+ command: "gunicorn -w 1 -k uvicorn.workers.UvicornWorker -b 0.0.0.0:80 pkilint.rest:app"
+
+volumes:
+ dbdata:
networks:
# This network is primarily used for boulder services. It is also used by
Reference in New Issue View Git Blame Copy Permalink