From a292314d81aaa2f5d56b2fe51ca581e7457d6105 Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Fri, 10 Jan 2025 10:35:51 +0100 Subject: [PATCH] Track docker-compose overrides Avoid modifying the upstream compose file and track our overrides which handle the container build using SUSE BCI base images, the loading of environment variables from a canonical location, and the disabling of the integrated database service. A Traefik reverse proxy to handle TLS termination is added as well. Signed-off-by: Georg Pfuetzenreuter --- .gitignore | 1 - docker-compose.override.yml | 74 +++++++++++++++++++++++++++++++++++++ 2 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 docker-compose.override.yml diff --git a/.gitignore b/.gitignore index 2fb5166..6b15a2a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,6 @@ *.sql.gz .netbox .python-version -docker-compose.override.yml *.pem configuration/* !configuration/configuration.py diff --git a/docker-compose.override.yml b/docker-compose.override.yml new file mode 100644 index 0000000..e0eec55 --- /dev/null +++ b/docker-compose.override.yml @@ -0,0 +1,74 @@ +version: '3.4' + +volumes: + traefik-certs: + +services: + # Replace database service from upstream with dummy because we are using an external database + postgres: + image: registry.suse.com/bci/bci-minimal:latest + command: "true" + entrypoint: "true" + healthcheck: + test: ["NONE"] + volumes: [] + # "Real" overrides below + netbox: + env_file: /etc/opt/netbox-docker/netbox.env + build: + args: + FROM: registry.suse.com/bci/python:3.11 + NETBOX_PATH: ${NETBOX_PATH} + context: . + dockerfile: Dockerfile + target: main + image: netbox:${TAG} + pull_policy: never + ports: + - 8000:8080 + labels: + traefik.enable: "true" + traefik.http.routers.frontend.rule: "Host(`${NETBOX_HOSTNAME}`)" + traefik.http.routers.frontend.entrypoints: web + traefik.http.routers.frontend.middlewares: https_redirect + traefik.http.routers.frontendtls.rule: "Host(`${NETBOX_HOSTNAME}`)" + traefik.http.routers.frontendtls.entrypoints: websecure + traefik.http.routers.frontendtls.tls: true + traefik.http.routers.frontendtls.tls.certresolver: myresolver + traefik.http.middlewares.https_redirect.redirectscheme.scheme: https + traefik.http.middlewares.https_redirect.redirectscheme.permanent: true + traefik.http.services.frontend.loadbalancer.server.port: 8080 + traefik.http.services.frontend.loadbalancer.passhostheader: true + netbox-worker: + image: netbox:${TAG} + pull_policy: never + netbox-housekeeping: + image: netbox:${TAG} + pull_policy: never + traefik: + image: traefik:v2.8 + container_name: traefik + hostname: traefik + command: + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--certificatesresolvers.myresolver.acme.tlschallenge=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" + - "--certificatesresolvers.myresolver.acme.caserver=${ACME_SERVER}" + - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}" + - "--certificatesresolvers.myresolver.acme.storage=/certs/acme.json" + ports: + - "80:80" + - "443:443" + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - traefik-certs:/certs + - /var/lib/ca-certificates/ca-bundle.pem:/etc/ssl/certs/ca-certificates.crt:ro + restart: unless-stopped + redis: + env_file: /etc/opt/netbox-docker/redis.env + redis-cache: + env_file: /etc/opt/netbox-docker/redis-cache.env