aisbergg
diff --git a/‎examples/stack-global.yml‎
Lines changed: 25 additions & 0 deletions b/‎examples/stack-global.yml‎
Lines changed: 25 additions & 0 deletions
diff --git a/‎examples/stack-org1.yml‎
Lines changed: 33 additions & 0 deletions b/‎examples/stack-org1.yml‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎examples/stack-org2.yml‎
Lines changed: 33 additions & 0 deletions b/‎examples/stack-org2.yml‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎examples/stacks/global/00-mariadb.yml‎
Lines changed: 61 additions & 0 deletions b/‎examples/stacks/global/00-mariadb.yml‎
Lines changed: 61 additions & 0 deletions
diff --git a/‎examples/stacks/global/00-reverse-proxy.yml‎
Lines changed: 113 additions & 0 deletions b/‎examples/stacks/global/00-reverse-proxy.yml‎
Lines changed: 113 additions & 0 deletions
diff --git a/‎examples/stacks/org1/00-redis.yml‎
Lines changed: 38 additions & 0 deletions b/‎examples/stacks/org1/00-redis.yml‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎examples/stacks/org1/10-nextcloud.yml‎
Lines changed: 75 additions & 0 deletions b/‎examples/stacks/org1/10-nextcloud.yml‎
Lines changed: 75 additions & 0 deletions
@@ -0,0 +1,25 @@
+---
+
+include_vars:
+  - vars-global.yml
+vars:
+  stack_name: global
+  stacks:
+    - global
+    - org1
+    - org2
+
+templates:
+  - src: templates/reverse-proxy.yml.j2
+    dest: stacks/{{ stack_name }}/00-reverse-proxy.yml
+    vars:
+      deployment_name: reverse-proxy
+      SSL_BIND_CIPHERS: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:EECDH+AESGCM:EDH+AESGCM
+      SSL_BIND_OPTIONS: ssl-min-ver TLSv1.0 no-tls-tickets
+      EXTRA_GLOBAL: "crt-base /certs"
+
+  - src: templates/mariadb.yml.j2
+    dest: stacks/{{ stack_name }}/00-mariadb.yml
+    vars:
+      deployment_name: mariadb
+      MYSQL_ROOT_PASSWORD: crPWnQpQppiI1B8H0OKU
@@ -0,0 +1,33 @@
+---
+
+include_vars:
+  - vars-global.yml
+vars:
+  stack_name: org1
+
+templates:
+  - src: templates/redis.yml.j2
+    dest: stacks/{{ stack_name }}/00-{{ deployment_name }}.yml
+    vars:
+      deployment_name: redis
+      REDIS_DATABASES: 3
+      REDIS_MAXCLIENTS: 500
+      REDIS_MAXMEMORY: "300mb"
+      REDIS_REQUIREPASS: lnFl4MzarOL5bTEbreld
+
+  - src: templates/nextcloud.yml.j2
+    dest: stacks/{{ stack_name }}/10-{{ deployment_name }}.yml
+    vars:
+      deployment_name: nextcloud
+      domainnames: "cloud.org1.de"
+      NGINX_REDIRECT_TO_FIRST_DOMAIN: true
+      NEXTCLOUD_DATABASE_HOST: mariadb.global.docker
+      NEXTCLOUD_DATABASE_NAME: org1_01
+      NEXTCLOUD_DATABASE_USER: org1_01
+      NEXTCLOUD_MEMCACHE_LOCKING_ENABLED: true
+      NEXTCLOUD_MEMCACHE_DISTRIBUTED: Redis
+      NEXTCLOUD_REDIS_HOST: "redis.{{ stack_name }}.docker"
+      NEXTCLOUD_REDIS_PORT: 6379
+      NEXTCLOUD_REDIS_DBINDEX: 0
+      NEXTCLOUD_REDIS_PASSWORD: lnFl4MzarOL5bTEbreld
+      NEXTCLOUD_DATABASE_PASSWORD: 7qvbCz7JcVS3OcSa9jE0
@@ -0,0 +1,33 @@
+---
+
+include_vars:
+  - vars-global.yml
+vars:
+  stack_name: org2
+
+templates:
+  - src: templates/redis.yml.j2
+    dest: stacks/{{ stack_name }}/00-{{ deployment_name }}.yml
+    vars:
+      deployment_name: redis
+      REDIS_DATABASES: 3
+      REDIS_MAXCLIENTS: 500
+      REDIS_MAXMEMORY: "300mb"
+      REDIS_REQUIREPASS: YwrbSwFEzEu2iG0rwEpi
+
+  - src: templates/nextcloud.yml.j2
+    dest: stacks/{{ stack_name }}/10-{{ deployment_name }}.yml
+    vars:
+      deployment_name: nextcloud
+      domainnames: "cloud.org2.de"
+      NGINX_REDIRECT_TO_FIRST_DOMAIN: true
+      NEXTCLOUD_DATABASE_HOST: mariadb.global.docker
+      NEXTCLOUD_DATABASE_NAME: org2_01
+      NEXTCLOUD_DATABASE_USER: org2_01
+      NEXTCLOUD_MEMCACHE_LOCKING_ENABLED: true
+      NEXTCLOUD_MEMCACHE_DISTRIBUTED: Redis
+      NEXTCLOUD_REDIS_HOST: "redis.{{ stack_name }}.docker"
+      NEXTCLOUD_REDIS_PORT: 6379
+      NEXTCLOUD_REDIS_DBINDEX: 0
+      NEXTCLOUD_REDIS_PASSWORD: YwrbSwFEzEu2iG0rwEpi
+      NEXTCLOUD_DATABASE_PASSWORD: IKJDNBuoyU53rZEAIb4Z
@@ -0,0 +1,61 @@
+version: '3.7'
+
+services:
+  mariadb:
+    image: bitnami/mariadb:10.2.17
+    environment:
+      - MARIADB_PORT_NUMBER=3306
+      - MARIADB_ROOT_PASSWORD=crPWnQpQppiI1B8H0OKU
+      - MARIADB_ROOT_USER=root
+    networks:
+      global_mariadb:
+        aliases:
+          - mariadb
+          - mariadb.global.docker
+          - mysql
+          - mysql.global.docker
+      org1_mariadb:
+        aliases:
+          - mariadb
+          - mariadb.org1.docker
+          - mysql
+          - mysql.org1.docker
+      org2_mariadb:
+        aliases:
+          - mariadb
+          - mariadb.org2.docker
+          - mysql
+          - mysql.org2.docker
+    user: '999'
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /srv/global/mariadb:/bitnami/mariadb
+      - /srv/global/mariadb/my_custom.cnf:/bitnami/mariadb/my_custom.cnf
+    deploy:
+      mode: global
+      placement:
+        constraints: [node.platform.os == linux]
+      restart_policy:
+        condition: on-failure
+        delay: 5s
+      resources:
+        limits:
+          cpus: '2.0'
+          memory: 2000MB
+      update_config:
+        parallelism: 1
+        delay: 10m
+
+networks:
+  global_mariadb:
+    name: global_mariadb
+    driver: overlay
+    attachable: true
+  org1_mariadb:
+    name: org1_mariadb
+    driver: overlay
+    attachable: true
+  org2_mariadb:
+    name: org2_mariadb
+    driver: overlay
+    attachable: true
@@ -0,0 +1,113 @@
+version: '3.7'
+
+services:
+  reverse-proxy:
+    image: dockerflow/docker-flow-proxy:18.09.14-9-linux-amd64
+    environment:
+      # daemon config
+      - LISTENER_ADDRESS=swarm-listener
+      - SERVICE_NAME=reverse-proxy
+      - RECONFIGURE_ATTEMPTS=20
+      - RELOAD_ATTEMPTS=5
+      - RELOAD_INTERVAL=5000
+      - REPEAT_RELOAD=false
+
+      - HTTPS_ONLY=true
+      - SSL_BIND_CIPHERS=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:EECDH+AESGCM:EDH+AESGCM
+      - SSL_BIND_OPTIONS=ssl-min-ver TLSv1.0 no-tls-tickets
+      - CONNECTION_MODE=http-server-close
+      - COMPRESSION_ALGO=gzip
+      - EXTRA_GLOBAL=crt-base /certs
+
+      - DEFAULT_PORTS=80,443:ssl
+      - DEFAULT_REQ_MODE=http
+      - ENABLE_H2=true
+      - SERVICE_DOMAIN_ALGO=hdr_dom(host)
+      - TIMEOUT_CLIENT=600
+      - TIMEOUT_CONNECT=5
+      - TIMEOUT_QUEUE=60
+      - TIMEOUT_SERVER=3600
+      - TIMEOUT_TUNNEL=3600
+      - TIMEOUT_HTTP_REQUEST=5
+      - TIMEOUT_HTTP_KEEP_ALIVE=30
+
+      - SKIP_ADDRESS_VALIDATION=true
+      - RESOLVERS=nameserver dns-0 9.9.9.9:53,nameserver dns-1 8.8.8.8:53
+      - CHECK_RESOLVERS=false
+      - DO_NOT_RESOLVE_ADDR=false
+    networks:
+      swarm-listener:
+        aliases:
+          - reverse-proxy
+          - reverse-proxy.docker
+          - reverse-proxy.global.docker
+      global_reverse-proxy:
+      org1_reverse-proxy:
+      org2_reverse-proxy:
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /srv/global/reverse-proxy/certs:/certs
+    deploy:
+      labels:
+        - com.df.notify=true
+        - com.df.alertName=memlimit
+        - com.df.alertIf=@service_mem_limit:0.8
+        - com.df.alertFor=30s
+      mode: global
+      update_config:
+        parallelism: 1
+        delay: 10s
+      resources:
+        reservations:
+          memory: 20M
+        limits:
+          memory: 50M
+
+  swarm-listener:
+    image: dockerflow/docker-flow-swarm-listener:18.09.06-6-linux-amd64
+    networks:
+      - swarm-listener
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+    environment:
+      - DF_NOTIFY_CREATE_SERVICE_URL=http://reverse-proxy.docker:8080/v1/docker-flow-proxy/reconfigure
+      - DF_NOTIFY_REMOVE_SERVICE_URL=http://reverse-proxy.docker:8080/v1/docker-flow-proxy/remove
+    deploy:
+      mode: global
+      labels:
+        - com.df.notify=true
+        - com.df.distribute=true
+        - com.df.alertName=memlimit
+        - com.df.alertIf=@service_mem_limit:0.8
+        - com.df.alertFor=30s
+      placement:
+        constraints: [node.role == manager]
+      restart_policy:
+        condition: on-failure
+        delay: 3s
+      resources:
+        reservations:
+          memory: 10M
+        limits:
+          memory: 20M
+
+networks:
+  swarm-listener:
+    driver: overlay
+    attachable: false
+  global_reverse-proxy:
+    name: global_reverse-proxy
+    driver: overlay
+    attachable: true
+  org1_reverse-proxy:
+    name: org1_reverse-proxy
+    driver: overlay
+    attachable: true
+  org2_reverse-proxy:
+    name: org2_reverse-proxy
+    driver: overlay
+    attachable: true
@@ -0,0 +1,38 @@
+version: '3.7'
+
+services:
+  redis:
+    image: aisberg/redis:4.0.11
+    environment:
+      - REDIS_DATABASES=3
+      - REDIS_REQUIREPASS=lnFl4MzarOL5bTEbreld
+      - REDIS_MAXCLIENTS=500
+      - REDIS_MAXMEMORY=300mb
+    networks:
+      redis:
+        aliases:
+          - redis
+          - redis.org1.docker
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /srv/org1/redis/redis:/container/redis
+    deploy:
+      mode: global
+      restart_policy:
+        condition: on-failure
+        delay: 5s
+        max_attempts: 5
+      resources:
+        limits:
+          cpus: '2.0'
+          memory: 300mb
+      update_config:
+        parallelism: 1
+        delay: 10s
+
+networks:
+  redis:
+    name: org1_redis
+    driver: overlay
+    attachable: true
+
@@ -0,0 +1,75 @@
+version: '3.7'
+
+services:
+  nextcloud:
+    image: aisberg/nextcloud:14.0.0
+    environment:
+      - DOMAINNAMES=cloud.org1.de
+      - MAX_UPLOAD_FILESIZE=16384M
+      - NGINX_BEHIND_PROXY=True
+      - NGINX_TLS_TERMINATED=True
+      - NGINX_REWRITE_HTTPS=True
+      - NGINX_REDIRECT_TO_FIRST_DOMAIN=True
+      - NGINX_FASTCGI_READ_TIMEOUT=3600
+      - PHP_MAX_EXECUTION_TIME=3600
+      - PHP_MAX_INPUT_TIME=3600
+
+      - AUTO_UPDATE=True
+      - NEXTCLOUD_DEFAULT_LANGUAGE=de_DE
+      - NEXTCLOUD_DEFAULT_LOCALE=de_DE
+      - NEXTCLOUD_DATABASE_TYPE=mysql
+      - NEXTCLOUD_DATABASE_HOST=mariadb.global.docker
+      - NEXTCLOUD_DATABASE_NAME=org1_01
+      - NEXTCLOUD_DATABASE_USER=org1_01
+      - NEXTCLOUD_DATABASE_PASSWORD=7qvbCz7JcVS3OcSa9jE0
+      - NEXTCLOUD_TRASHBIN_RETENTION_OBLIGATION=auto, 20
+      - NEXTCLOUD_VERSIONS_RETENTION_OBLIGATION=auto, 40
+      - NEXTCLOUD_REDIS_HOST=redis.org1.docker
+      - NEXTCLOUD_REDIS_PORT=6379
+      - NEXTCLOUD_REDIS_PASSWORD=lnFl4MzarOL5bTEbreld
+      - NEXTCLOUD_REDIS_DBINDEX=0
+      - NEXTCLOUD_MEMCACHE_LOCKING_ENABLED=True
+    networks:
+      database:
+      redis:
+      reverse-proxy:
+        aliases:
+          - nextcloud.org1.docker
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /srv/org1/nextcloud/www:/container/www
+      - /srv/org1/nextcloud/cfg/nginx:/etc/nginx/conf.d
+    deploy:
+      labels:
+        - com.df.notify=true
+        - com.df.serviceDomain=cloud.org1.de
+        - com.df.reqMode=http
+        - com.df.httpsOnly=true
+        - com.df.port=8080
+        - com.df.httpsPort=8080
+        - com.df.connectionMode=http-server-close
+        - com.df.checkResolvers=true
+      mode: global
+      restart_policy:
+        condition: on-failure
+        delay: 5s
+        max_attempts: 5
+      resources:
+        limits:
+          cpus: '2.0'
+          memory: 1000MB
+      update_config:
+        parallelism: 1
+        delay: 10s
+
+networks:
+  reverse-proxy:
+    external: true
+    name: org1_reverse-proxy
+  database:
+    external: true
+    name: org1_mariadb
+  redis:
+    external: true
+    name: org1_redis
+