-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose-pg.yml
54 lines (54 loc) · 1.7 KB
/
docker-compose-pg.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
services:
postgres:
restart: 'always'
#image: postgres:11-bullseye
image: bitnami/postgresql:16-debian-12
container_name: pg
networks:
- dbs
environment:
POSTGRES_PASSWORD:
POSTGRESQL_LOG_CONNECTIONS: 1
POSTGRESQL_LOG_HOSTNAME: 1
ports:
- 5432:5432
depends_on:
- certbot-pg
volumes:
- ./data/pg:/var/lib/postgresql/data
- ./pg/pg_hba.conf:/bitnami/postgresql/conf/pg_hba.conf:ro
- ./pg/pg.d/init_db.sql:/docker-entrypoint-initdb.d/init_db.sql:ro
- ./data/pg_certificates:/etc/postgresql/certificates:ro
# official certbot to retrieve our ssl certificate (stops after retrieval)
certbot-pg:
restart: 'no'
image: certbot/dns-cloudflare
environment:
PG_DOMAIN:
volumes:
- ./data/certbot_pg:/etc/letsencrypt
- ./data/pg_certificates:/pg_certificates
- ./pg/certbot/deploy_pg.sh:/usr/local/bin/deploy_pg.sh
- ./.cloudflare.ini:/root/cloudflare.ini
command: >-
certonly --dns-cloudflare
--non-interactive
--keep-until-expiring
--dns-cloudflare-credentials /root/cloudflare.ini
--dns-cloudflare-propagation-seconds 15
--email [email protected]
--agree-tos --no-eff-email
-d ${PG_DOMAIN}
--deploy-hook /usr/local/bin/deploy_pg.sh
# handles re-triggering the certbot container using cron
certbot-pg-cron:
build: ./build/docker-certbot-cron/
image: kontextwork/certbot-cron
networks:
- dbs
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
CERTBOT_SERVICE_NAME: ${CERTBOT_SERVICE_NAME:-certbot-mariadb-1}
COMPOSE_PROJECT_NAME: '${COMPOSE_PROJECT_NAME}'
restart: 'always'