Marc Mintel
3f45293c2e
Some checks failed
Build & Deploy / 🔍 Prepare (push) Successful in 4s
Build & Deploy / 🧪 QA (push) Successful in 1m53s
Build & Deploy / 🏗️ Build (push) Successful in 2m41s
Build & Deploy / 🚀 Deploy (push) Successful in 12s
Build & Deploy / 🧪 Post-Deploy Verification (push) Failing after 2m48s
Build & Deploy / 🔔 Notify (push) Successful in 1s
105 lines
4.6 KiB
YAML
105 lines
4.6 KiB
YAML
services:
|
||
mb-grid-app:
|
||
image: registry.infra.mintel.me/mintel/mb-grid-solutions:${IMAGE_TAG:-latest}
|
||
restart: always
|
||
networks:
|
||
- default
|
||
- infra
|
||
env_file:
|
||
- ${ENV_FILE:-.env}
|
||
labels:
|
||
- "traefik.enable=true"
|
||
- "traefik.http.routers.mb-grid.rule=Host(`${TRAEFIK_HOST:-mb-grid-solutions.localhost}`)"
|
||
- "traefik.http.routers.mb-grid.entrypoints=websecure"
|
||
- "traefik.http.routers.mb-grid.tls.certresolver=le"
|
||
- "traefik.http.routers.mb-grid.tls=true"
|
||
- "traefik.http.routers.mb-grid.priority=1000"
|
||
- "traefik.http.routers.mb-grid.service=mb-grid-app-svc"
|
||
- "traefik.http.services.mb-grid-app-svc.loadbalancer.server.port=3000"
|
||
- "traefik.http.routers.mb-grid.middlewares=${TRAEFIK_MIDDLEWARES:-mb-grid-auth,mb-grid-forward,compress}"
|
||
- "traefik.docker.network=infra"
|
||
|
||
# Public Router – paths that bypass Gatekeeper auth
|
||
- "traefik.http.routers.mb-grid-public.rule=Host(`${TRAEFIK_HOST:-mb-grid-solutions.localhost}`) && PathRegexp(`^/([a-z]{2}/)?(health|login|gatekeeper|uploads|media|robots\\.txt|manifest\\.webmanifest|sitemap(-[0-9]+)?\\.xml|(.*/)?api/og(/.*)?|(.*/)?opengraph-image.*)`)"
|
||
- "traefik.http.routers.mb-grid-public.entrypoints=websecure"
|
||
- "traefik.http.routers.mb-grid-public.tls.certresolver=le"
|
||
- "traefik.http.routers.mb-grid-public.tls=true"
|
||
- "traefik.http.routers.mb-grid-public.service=mb-grid-app-svc"
|
||
- "traefik.http.routers.mb-grid-public.priority=2000"
|
||
|
||
# Forwarded Headers (Protocol Normalization)
|
||
- "traefik.http.middlewares.${PROJECT_NAME:-mb-grid}-forward.headers.customrequestheaders.X-Forwarded-Proto=https"
|
||
- "traefik.http.middlewares.${PROJECT_NAME:-mb-grid}-forward.headers.customrequestheaders.X-Forwarded-Ssl=on"
|
||
healthcheck:
|
||
test: [ "CMD", "node", "-e", "fetch('http://127.0.0.1:3000/api/health').then(r => r.ok ? process.exit(0) : process.exit(1)).catch(() => process.exit(1))" ]
|
||
interval: 10s
|
||
timeout: 5s
|
||
retries: 5
|
||
start_period: 30s
|
||
|
||
mb-grid-gatekeeper:
|
||
image: registry.infra.mintel.me/mintel/gatekeeper:testing
|
||
container_name: ${PROJECT_NAME:-mb-grid-solutions}-gatekeeper
|
||
profiles: [ "gatekeeper" ]
|
||
restart: unless-stopped
|
||
networks:
|
||
infra:
|
||
aliases:
|
||
- mb-grid-gatekeeper
|
||
env_file:
|
||
- ${ENV_FILE:-.env}
|
||
environment:
|
||
PORT: ${PORT:-3000}
|
||
PROJECT_NAME: ${PROJECT_NAME:-MB Grid Solutions}
|
||
PROJECT_COLOR: ${PROJECT_COLOR:-#82ed20}
|
||
COOKIE_DOMAIN: ${COOKIE_DOMAIN}
|
||
AUTH_COOKIE_NAME: ${AUTH_COOKIE_NAME}
|
||
GATEKEEPER_PASSWORD: ${GATEKEEPER_PASSWORD}
|
||
NEXT_PUBLIC_BASE_URL: ${GATEKEEPER_ORIGIN}
|
||
healthcheck:
|
||
test: [ "CMD", "node", "-e", "fetch('http://127.0.0.1:3000/gatekeeper/login').then(r => r.ok ? process.exit(0) : process.exit(1)).catch(() => process.exit(1))" ]
|
||
interval: 10s
|
||
timeout: 5s
|
||
retries: 5
|
||
labels:
|
||
- "traefik.enable=true"
|
||
- "traefik.http.services.mb-grid-gatekeeper-svc.loadbalancer.server.port=3000"
|
||
|
||
# Gatekeeper Verification Middleware
|
||
- "traefik.http.middlewares.${PROJECT_NAME:-mb-grid}-auth.forwardauth.address=http://mb-grid-gatekeeper:3000/gatekeeper/api/verify"
|
||
- "traefik.http.middlewares.${PROJECT_NAME:-mb-grid}-auth.forwardauth.trustForwardHeader=true"
|
||
- "traefik.http.middlewares.${PROJECT_NAME:-mb-grid}-auth.forwardauth.authRequestHeaders=X-Forwarded-Host,X-Forwarded-Proto,X-Forwarded-For,Cookie"
|
||
- "traefik.http.middlewares.${PROJECT_NAME:-mb-grid}-auth.forwardauth.authResponseHeaders=X-Auth-User"
|
||
|
||
# Gatekeeper Public Router (Login/Auth UI)
|
||
- "traefik.http.routers.mb-grid-gatekeeper.rule=(Host(`${TRAEFIK_HOST:-mb-grid-solutions.localhost}`) && PathPrefix(`/gatekeeper`))"
|
||
- "traefik.http.routers.mb-grid-gatekeeper.entrypoints=websecure"
|
||
- "traefik.http.routers.mb-grid-gatekeeper.tls.certresolver=le"
|
||
- "traefik.http.routers.mb-grid-gatekeeper.tls=true"
|
||
- "traefik.http.routers.mb-grid-gatekeeper.priority=2000"
|
||
- "traefik.http.routers.mb-grid-gatekeeper.service=mb-grid-gatekeeper-svc"
|
||
- "traefik.docker.network=infra"
|
||
|
||
mb-grid-db:
|
||
image: postgres:15-alpine
|
||
restart: always
|
||
networks:
|
||
- default
|
||
env_file:
|
||
- ${ENV_FILE:-.env}
|
||
environment:
|
||
POSTGRES_DB: ${DIRECTUS_DB_NAME:-directus}
|
||
POSTGRES_USER: ${DIRECTUS_DB_USER:-directus}
|
||
POSTGRES_PASSWORD: ${DIRECTUS_DB_PASSWORD:-directus}
|
||
volumes:
|
||
- mb-grid-db-data:/var/lib/postgresql/data
|
||
|
||
networks:
|
||
default:
|
||
name: mb-grid-solutions-internal
|
||
infra:
|
||
external: true
|
||
|
||
volumes:
|
||
mb-grid-db-data:
|