forked from umputun/secrets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
56 lines (48 loc) · 1.52 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
version: '2'
services:
secrets:
build: .
image: umputun/secrets:latest
container_name: secrets
hostname: secrets
restart: always
logging: &default_logging
driver: json-file
options:
max-size: "10m"
max-file: "5"
volumes:
- ./var:/data
environment:
- SIGN_KEY=change-this-to-smth-random # important! change it
- ENGINE=MEMORY # change to BOLT to make it persistent
- PIN_SIZE=5
- BOLT_FILE=/data/secrets.bd
- PIN_ATTEMPTS=3
- MAX_EXPIRE=24h
- DOMAIN=www.example.com # important! change to your domain
# uncomment to expose directly without nginx proxy
# ports:
# - "80:8080"
nginx:
image: umputun/nginx-le:latest
hostname: nginx
restart: always
container_name: nginx
logging: *default_logging
depends_on:
- secrets
volumes:
- ./etc/ssl:/etc/nginx/ssl
- ./secrets-nginx.conf:/etc/nginx/service.conf
ports:
- "80:80"
- "443:443"
environment:
- TZ=America/Chicago
- LETSENCRYPT=false # set to true for SSL and define proper LE_EMAIL and LE_FQDN
- LE_EMAIL=name@example.com
- LE_FQDN=www.example.com
# uncomment to provide existing certificates
#- SSL_CERT=secrets-crt.pem
#- SSL_KEY=secrets-key.pem