glitchier-soc/docker-compose.yml
Akihiko Odaki ded217f84a Isolate internal services from external networks in Docker configuration (#6369)
The database and Redis do not need external connections, so isolate them
and prevent unauthorized access.
2018-02-03 18:44:22 +01:00

75 lines
1.5 KiB
YAML

version: '3'
services:
db:
restart: always
image: postgres:9.6-alpine
networks:
- internal_network
### Uncomment to enable DB persistance
# volumes:
# - ./postgres:/var/lib/postgresql/data
redis:
restart: always
image: redis:4.0-alpine
networks:
- internal_network
### Uncomment to enable REDIS persistance
# volumes:
# - ./redis:/data
web:
build: .
image: gargron/mastodon
restart: always
env_file: .env.production
command: bundle exec rails s -p 3000 -b '0.0.0.0'
networks:
- external_network
- internal_network
ports:
- "3000:3000"
depends_on:
- db
- redis
volumes:
- ./public/assets:/mastodon/public/assets
- ./public/packs:/mastodon/public/packs
- ./public/system:/mastodon/public/system
streaming:
build: .
image: gargron/mastodon
restart: always
env_file: .env.production
command: npm run start
networks:
- external_network
- internal_network
ports:
- "4000:4000"
depends_on:
- db
- redis
sidekiq:
build: .
image: gargron/mastodon
restart: always
env_file: .env.production
command: bundle exec sidekiq -q default -q mailers -q pull -q push
depends_on:
- db
- redis
networks:
- external_network
- internal_network
volumes:
- ./public/packs:/mastodon/public/packs
- ./public/system:/mastodon/public/system
networks:
external_network:
internal_network:
internal: true