docker-compose.yml

version: "3.6"
services:

    proxy:
        image: traefik:v2.2
        networks:
            - ${TRAEFIK_PUBLIC_NETWORK?TRAEFIK_PUBLIC_NETWORK variable not set}
            - default
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock:ro
        command:
            - --providers.docker
            - --providers.docker.constraints=Label(`traefik.constraint-label-stack`, `${TRAEFIK_TAG?TRAEFIK_TAG variable not set}`)
            - --providers.docker.exposedbydefault=false
            - --providers.docker.swarmmode
            - --accesslog
            - --log
            - --api
        deploy:
            placement:
                constraints:
                    - node.role == manager
            labels:
                - traefik.enable=true
                - traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK?TRAEFIK_PUBLIC_NETWORK variable not set}
                - traefik.constraint-label=${TRAEFIK_PUBLIC_TAG?TRAEFIK_PUBLIC_TAG variable not set}
                - traefik.http.middlewares.${STACK_NAME?STACK_NAME variable not set}-ipwhitelist.ipwhitelist.sourcerange=${SOURCE_IP?SOURCE_IP variable not set}
                - traefik.http.middlewares.${STACK_NAME?STACK_NAME variable not set}-ipwhitelist.ipwhitelist.ipstrategy.depth=2
                - traefik.http.middlewares.${STACK_NAME?STACK_NAME variable not set}-https-redirect.redirectscheme.scheme=https
                - traefik.http.middlewares.${STACK_NAME?STACK_NAME variable not set}-https-redirect.redirectscheme.permanent=true
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-proxy-http.rule=Host(`${DOMAIN?DOMAIN variable not set}`) || Host(`www.${DOMAIN?DOMAIN variable not set}`)
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-proxy-http.entrypoints=http
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-proxy-https.rule=Host(`${DOMAIN?DOMAIN variable not set}`) || Host(`www.${DOMAIN?DOMAIN variable not set}`)
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-proxy-https.entrypoints=https
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-proxy-https.tls=true
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-proxy-https.tls.certresolver=le
                - traefik.http.services.${STACK_NAME?STACK_NAME variable not set}-proxy.loadbalancer.server.port=80
                - traefik.http.middlewares.${STACK_NAME?STACK_NAME variable not set}-www-redirect.redirectregex.regex=^https?://(www.)?(${DOMAIN?DOMAIN variable not set})/(.*)
                - traefik.http.middlewares.${STACK_NAME?STACK_NAME variable not set}-www-redirect.redirectregex.replacement=https://${DOMAIN?DOMAIN variable not set}/$${3}
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-proxy-https.middlewares=${STACK_NAME?STACK_NAME variable not set}-www-redirect
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-proxy-http.middlewares=${STACK_NAME?STACK_NAME variable not set}-www-redirect,${STACK_NAME?STACK_NAME variable not set}-https-redirect

    backend:
        image: dicery-backend_backend:latest
        build:
            context: .
            args:
                INSTALL_DEV: ${INSTALL_DEV-false}
        env_file:
            - .env.production
        environment:
            - MODULE_NAME=dicery_backend.main
            - SERVER_NAME=${DOMAIN?DOMAIN variable not set}
            - SERVER_HOST=https://${DOMAIN?DOMAIN variable not set}
        deploy:
            labels:
                - traefik.enable=true
                - traefik.constraint-label-stack=${TRAEFIK_TAG?TRAEFIK_TAG variable not set}
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-backend-http.rule=PathPrefix(`/`)
                - traefik.http.services.${STACK_NAME?STACK_NAME variable not set}-backend.loadbalancer.server.port=80
                - traefik.http.middlewares.${STACK_NAME?STACK_NAME variable not set}-backend.ratelimit.average=3

    db:
        image: postgres:12
        volumes:
            - app-db-data:/var/lib/postgresql/data/pgdata
        env_file:
            - .env.production
        environment:
            - PGDATA=/var/lib/postgresql/data/pgdata
        command:
            - postgres
            # the following lines tell pg server to adjust the TCP keepalive settings explicitly
            # instead of reading from the container default, which is likely idle=7200 (seconds).
            # The default value in the container is usually much larger than docker-swarm's IPVS default,
            # which is 900. (And this is the culprit of the connection will be closed after ~15mins)
            - -c
            - 'tcp_keepalives_idle=600'
            - -c
            - 'tcp_keepalives_interval=30'
            - -c
            - 'tcp_keepalives_count=10'
        deploy:
            placement:
                constraints:
                    - node.labels.${STACK_NAME?STACK_NAME variable not set}.app-db-data == true

    pgadmin:
        image: dpage/pgadmin4
        networks:
            - ${TRAEFIK_PUBLIC_NETWORK?TRAEFIK_PUBLIC_NETWORK variable not set}
            - default
        env_file:
            - .env.production
        deploy:
            labels:
                - traefik.enable=true
                - traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK?TRAEFIK_PUBLIC_NETWORK variable not set}
                - traefik.constraint-label=${TRAEFIK_PUBLIC_TAG?TRAEFIK_PUBLIC_TAG variable not set}
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-pgadmin-http.rule=Host(`pgadmin.${DOMAIN?DOMAIN variable not set}`)
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-pgadmin-http.entrypoints=http
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-pgadmin-https.middlewares=${STACK_NAME?STACK_NAME variable not set}-ipwhitelist
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-pgadmin-http.middlewares=${STACK_NAME?STACK_NAME variable not set}-ipwhitelist,${STACK_NAME?STACK_NAME variable not set}-https-redirect
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-pgadmin-https.rule=Host(`pgadmin.${DOMAIN?DOMAIN variable not set}`)
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-pgadmin-https.entrypoints=https
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-pgadmin-https.tls=true
                - traefik.http.routers.${STACK_NAME?STACK_NAME variable not set}-pgadmin-https.tls.certresolver=le
                - traefik.http.services.${STACK_NAME?STACK_NAME variable not set}-pgadmin.loadbalancer.server.port=5050
                - traefik.http.middlewares.${STACK_NAME?STACK_NAME variable not set}-pgadmin.ratelimit.average=100


volumes:
    app-db-data:

networks:
    traefik-public:
        external: ${TRAEFIK_PUBLIC_NETWORK_IS_EXTERNAL-true}