version: '3.7' networks: frontend: driver: overlay attachable: true driver_opts: encrypted: "true" cache: driver: overlay driver_opts: encrypted: "true" secrets: ssl_master: file: certificates/rxmaster.pem volumes: haproxysock: x-logging: &json-log driver: 'json-file' options: max-size: 20m max-file: '5' services: haproxy: image: localhost:5000/haproxy-rx deploy: mode: global resources: limits: cpus: '0.10' memory: '50M' restart_policy: condition: any update_config: parallelism: 2 delay: 5s order: stop-first failure_action: rollback logging: *json-log environment: HOSTNAME: "{{.Node.Hostname}}" volumes: - 'haproxysock:/haproxy:rw' ## Telegraf monitoring networks: - frontend - cache varnish: image: localhost:5000/varnish deploy: mode: global resources: limits: cpus: '0.10' memory: '500M' restart_policy: condition: any update_config: parallelism: 2 delay: 5s order: stop-first failure_action: rollback logging: *json-log tmpfs: /usr/local/var/varnish networks: - cache hitch: image: zazukoians/hitch deploy: mode: global resources: limits: cpus: '0.50' memory: '50M' restart_policy: condition: any update_config: parallelism: 2 delay: 5s order: stop-first failure_action: rollback logging: *json-log secrets: - ssl_master environment: HITCH_PEM: '/run/secrets/ssl_master' HITCH_PARAMS: '--write-proxy-v2 --backend=[varnish]:80 --frontend=[*]:443' HITCH_CIPHER: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH' ports: - target: 443 published: 443 protocol: tcp mode: host networks: - cache