2017-11-17 19:22:03 +03:00
version : '2'
services :
## KV part ##
# CONSUL
consul :
image : progrium/consul
command : -server -bootstrap -log-level debug -ui-dir /ui
ports :
- "8400:8400"
- "8500:8500"
- "8600:53/udp"
expose :
- "8300"
- "8301"
- "8301/udp"
- "8302"
- "8302/udp"
networks :
net :
ipv4_address : 10.0 .1 .2
# ETCD V3
etcd3 :
image : quay.io/coreos/etcd:v3.2.9
command : /usr/local/bin/etcd --data-dir=/etcd-data --name node1 --initial-advertise-peer-urls http://10.0.1.12:2380 --listen-peer-urls http://10.0.1.12:2380 --advertise-client-urls http://10.0.1.12:2379,http://10.0.1.12:4001 --listen-client-urls http://10.0.1.12:2379,http://10.0.1.12:4001 --initial-cluster node1=http://10.0.1.12:2380 --debug
ports :
- "4001:4001"
- "2380:2380"
- "2379:2379"
networks :
net :
ipv4_address : 10.0 .1 .12
etcdctl-ping :
image : tenstartups/etcdctl
2017-12-20 16:40:07 +03:00
command : --endpoints=[10.0.1.12:2379] get "traefik/acme/storage"
2017-11-17 19:22:03 +03:00
environment :
ETCDCTL_DIAL_ : "TIMEOUT 10s"
ETCDCTL_API : "3"
networks :
- net
## BOULDER part ##
boulder :
image : containous/boulder:release
environment :
FAKE_DNS : 172.17 .0 .1
PKCS11_PROXY_SOCKET : tcp://boulder-hsm:5657
extra_hosts :
- le.wtf:127.0.0.1
- boulder:127.0.0.1
ports :
- 4000 : 4000 # ACME
- 4002 : 4002 # OCSP
- 4003 : 4003 # OCSP
- 4500 : 4500 # ct-test-srv
- 8000 : 8000 # debug ports
- 8001 : 8001
- 8002 : 8002
- 8003 : 8003
- 8004 : 8004
- 8055 : 8055 # dns-test-srv updates
- 9380 : 9380 # mail-test-srv
- 9381 : 9381 # mail-test-srv
restart : unless-stopped
depends_on :
- bhsm
- bmysql
- brabbitmq
2018-02-09 12:38:03 +03:00
volumes :
- "./rate-limit-policies.yml:/go/src/github.com/letsencrypt/boulder/test/rate-limit-policies.yml:ro"
2017-11-17 19:22:03 +03:00
networks :
net :
ipv4_address : 10.0 .1 .3
bhsm :
image : letsencrypt/boulder-tools:2016-11-02
hostname : boulder-hsm
environment :
PKCS11_DAEMON_SOCKET : tcp://0.0.0.0:5657
command : /usr/local/bin/pkcs11-daemon /usr/lib/softhsm/libsofthsm.so
expose :
- 5657
networks :
net :
ipv4_address : 10.0 .1 .4
aliases :
- boulder-hsm
bmysql :
image : mariadb:10.1
hostname : boulder-mysql
environment :
MYSQL_ALLOW_EMPTY_PASSWORD : "yes"
networks :
net :
ipv4_address : 10.0 .1 .5
aliases :
- boulder-mysql
brabbitmq :
image : rabbitmq:3-alpine
hostname : boulder-rabbitmq
environment :
RABBITMQ_NODE_IP_ADDRESS : "0.0.0.0"
networks :
net :
ipv4_address : 10.0 .1 .6
aliases :
- boulder-rabbitmq
## TRAEFIK part ##
traefik-storeconfig :
build :
context : ../..
image : containous/traefik
volumes :
- "./traefik.toml:/traefik.toml:ro"
command : storeconfig --debug
networks :
- net
traefik01 :
build :
context : ../..
image : containous/traefik
command : ${TRAEFIK_CMD}
extra_hosts :
- traefik.boulder.com:172.17.0.1
volumes :
- "/var/run/docker.sock:/var/run/docker.sock:ro"
expose :
- "443"
- "5001"
2018-01-15 18:04:05 +03:00
- "5002"
2017-11-17 19:22:03 +03:00
ports :
- "80:80"
- "8080:8080"
- "443:443"
- "5001:443" # Needed for SNI challenge
2018-01-15 18:04:05 +03:00
- "5002:80" # Needed for HTTP challenge
2017-11-17 19:22:03 +03:00
networks :
net :
ipv4_address : 10.0 .1 .8
traefik02 :
build :
context : ../..
image : containous/traefik
command : ${TRAEFIK_CMD}
extra_hosts :
- traefik.boulder.com:172.17.0.1
volumes :
- "/var/run/docker.sock:/var/run/docker.sock:ro"
expose :
- "443"
- "5001"
2018-01-15 18:04:05 +03:00
- "5002"
2017-11-17 19:22:03 +03:00
ports :
- "88:80"
- "8888:8080"
- "8443:443"
depends_on :
- traefik01
networks :
net :
ipv4_address : 10.0 .1 .9
whoami01 :
image : emilevauge/whoami
expose :
- "80"
labels :
- "traefik.port=80"
- "traefik.backend=wam01"
- "traefik.frontend.rule=Host:who01.localhost.com"
- "traefik.enable=true"
networks :
net :
ipv4_address : 10.0 .1 .10
whoami02 :
image : emilevauge/whoami
expose :
- "80"
labels :
- "traefik.port=80"
- "traefik.backend=wam02"
- "traefik.frontend.rule=Host:who02.localhost.com"
- "traefik.enable=true"
networks :
- net
networks :
net :
driver : bridge
ipam :
config :
- subnet : 10.0 .1 .0 /26