101 lines
2.0 KiB
YAML
101 lines
2.0 KiB
YAML
version: '3.7'
|
|
|
|
networks:
|
|
frontend:
|
|
driver: overlay
|
|
attachable: true
|
|
driver_opts:
|
|
encrypted: "true"
|
|
cache:
|
|
driver: overlay
|
|
driver_opts:
|
|
encrypted: "true"
|
|
|
|
secrets:
|
|
ssl_master:
|
|
file: certificates/rxmaster.pem
|
|
|
|
volumes:
|
|
haproxysock:
|
|
|
|
x-logging: &json-log
|
|
driver: 'json-file'
|
|
options:
|
|
max-size: 20m
|
|
max-file: '5'
|
|
|
|
services:
|
|
haproxy:
|
|
image: localhost:5000/haproxy-rx
|
|
deploy:
|
|
mode: global
|
|
resources:
|
|
limits:
|
|
cpus: '0.10'
|
|
memory: '50M'
|
|
restart_policy:
|
|
condition: any
|
|
update_config:
|
|
parallelism: 2
|
|
delay: 5s
|
|
order: stop-first
|
|
failure_action: rollback
|
|
logging: *json-log
|
|
environment:
|
|
HOSTNAME: "{{.Node.Hostname}}"
|
|
volumes:
|
|
- 'haproxysock:/haproxy:rw' ## Telegraf monitoring
|
|
networks:
|
|
- frontend
|
|
- cache
|
|
|
|
varnish:
|
|
image: localhost:5000/varnish
|
|
deploy:
|
|
mode: global
|
|
resources:
|
|
limits:
|
|
cpus: '0.10'
|
|
memory: '500M'
|
|
restart_policy:
|
|
condition: any
|
|
update_config:
|
|
parallelism: 2
|
|
delay: 5s
|
|
order: stop-first
|
|
failure_action: rollback
|
|
logging: *json-log
|
|
tmpfs: /usr/local/var/varnish
|
|
networks:
|
|
- cache
|
|
|
|
hitch:
|
|
image: zazukoians/hitch
|
|
deploy:
|
|
mode: global
|
|
resources:
|
|
limits:
|
|
cpus: '0.50'
|
|
memory: '50M'
|
|
restart_policy:
|
|
condition: any
|
|
update_config:
|
|
parallelism: 2
|
|
delay: 5s
|
|
order: stop-first
|
|
failure_action: rollback
|
|
logging: *json-log
|
|
secrets:
|
|
- ssl_master
|
|
environment:
|
|
HITCH_PEM: '/run/secrets/ssl_master'
|
|
HITCH_PARAMS: '--write-proxy-v2 --backend=[varnish]:80 --frontend=[*]:443'
|
|
HITCH_CIPHER: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'
|
|
ports:
|
|
- target: 443
|
|
published: 443
|
|
protocol: tcp
|
|
mode: host
|
|
networks:
|
|
- cache
|