Networks: create internal docker network for proxy server

Prepare to use caddy in docker
2025-05-06 11:11:48 +03:00
parent 527067146f
commit adde4e32c1
15 changed files with 207 additions and 184 deletions
--- a/files/gitea/docker-compose.yml.j2
+++ b/files/gitea/docker-compose.yml.j2
@ -12,6 +12,8 @@ services:
      - {{ backups_dir }}:/backups
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
+    networks:
+      - "{{ web_proxy_network }}"
    environment:
      - "USER_UID=${USER_UID}"
      - "USER_GID=${USER_GID}"
@ -25,3 +27,7 @@ services:
      - "GITEA__mailer__USER={{ postbox_user }}"
      - "GITEA__mailer__PASSWD={{ postbox_pass }}"
      - "GITEA__mailer__FROM=gitea@vakhrushev.me"
+
+networks:
+  {{ web_proxy_network }}:
+    external: true
--- a/files/gramps/docker-compose.yml.j2
+++ b/files/gramps/docker-compose.yml.j2
@ -10,27 +10,9 @@ services:
    restart: unless-stopped
    ports:
      - "127.0.0.1:{{ gramps_port }}:5000"  # host:docker
-    environment:
-      GRAMPSWEB_TREE: "Gramps"  # will create a new tree if not exists
-      GRAMPSWEB_SECRET_KEY: "{{ gramps_secret_key }}"
-      GRAMPSWEB_BASE_URL: "https://gramps.vakhrushev.me"
-      GRAMPSWEB_REGISTRATION_DISABLED: "true"
-      GRAMPSWEB_CELERY_CONFIG__broker_url: "redis://gramps_redis:6379/0"
-      GRAMPSWEB_CELERY_CONFIG__result_backend: "redis://gramps_redis:6379/0"
-      GRAMPSWEB_RATELIMIT_STORAGE_URI: "redis://gramps_redis:6379/1"
-      GRAMPSWEB_EMAIL_HOST: "{{ postbox_host }}"
-      GRAMPSWEB_EMAIL_PORT: "{{ postbox_port }}"
-      GRAMPSWEB_EMAIL_HOST_USER: "{{ postbox_user }}"
-      GRAMPSWEB_EMAIL_HOST_PASSWORD: "{{ postbox_pass }}"
-      GRAMPSWEB_EMAIL_USE_TLS: "false"
-      GRAMPSWEB_DEFAULT_FROM_EMAIL: "gramps@vakhrushev.me"
-      GUNICORN_NUM_WORKERS: 2
-      # media storage at s3
-      GRAMPSWEB_MEDIA_BASE_DIR: "s3://av-gramps-media-storage"
-      AWS_ENDPOINT_URL: "{{ gramps_s3_endpoint }}"
-      AWS_ACCESS_KEY_ID: "{{ gramps_s3_access_key_id }}"
-      AWS_SECRET_ACCESS_KEY: "{{ gramps_s3_secret_access_key }}"
-      AWS_DEFAULT_REGION: "{{ gramps_s3_region }}"
+    networks:
+      - "gramps_network"
+      - "{{ web_proxy_network }}"
    volumes:
      - "{{ (data_dir, 'gramps_db') | path_join }}:/root/.gramps/grampsdb"  # persist Gramps database
      - "{{ (data_dir, 'gramps_users') | path_join }}:/app/users"  # persist user database
@ -39,6 +21,30 @@ services:
      - "{{ (data_dir, 'gramps_cache') | path_join }}:/app/cache"  # persist export and report caches
      - "{{ (data_dir, 'gramps_secret') | path_join }}:/app/secret"  # persist flask secret
      - "{{ (data_dir, 'gramps_media') | path_join }}:/app/media"  # persist media files
+    environment:
+      GRAMPSWEB_TREE: "Gramps"  # will create a new tree if not exists
+      GRAMPSWEB_SECRET_KEY: "{{ gramps_secret_key }}"
+      GRAMPSWEB_BASE_URL: "https://gramps.vakhrushev.me"
+      GRAMPSWEB_REGISTRATION_DISABLED: "true"
+      GRAMPSWEB_CELERY_CONFIG__broker_url: "redis://gramps_redis:6379/0"
+      GRAMPSWEB_CELERY_CONFIG__result_backend: "redis://gramps_redis:6379/0"
+      GRAMPSWEB_RATELIMIT_STORAGE_URI: "redis://gramps_redis:6379/1"
+      GUNICORN_NUM_WORKERS: 2
+
+      # Email options
+      GRAMPSWEB_EMAIL_HOST: "{{ postbox_host }}"
+      GRAMPSWEB_EMAIL_PORT: "{{ postbox_port }}"
+      GRAMPSWEB_EMAIL_HOST_USER: "{{ postbox_user }}"
+      GRAMPSWEB_EMAIL_HOST_PASSWORD: "{{ postbox_pass }}"
+      GRAMPSWEB_EMAIL_USE_TLS: "false"
+      GRAMPSWEB_DEFAULT_FROM_EMAIL: "gramps@vakhrushev.me"
+      
+      # media storage at s3
+      GRAMPSWEB_MEDIA_BASE_DIR: "s3://av-gramps-media-storage"
+      AWS_ENDPOINT_URL: "{{ gramps_s3_endpoint }}"
+      AWS_ACCESS_KEY_ID: "{{ gramps_s3_access_key_id }}"
+      AWS_SECRET_ACCESS_KEY: "{{ gramps_s3_secret_access_key }}"
+      AWS_DEFAULT_REGION: "{{ gramps_s3_region }}"

  gramps_celery:
    <<: *gramps_app  # YAML merge key copying the entire grampsweb service config    
@ -47,9 +53,19 @@ services:
      - gramps_redis
    restart: unless-stopped
    ports: []
+    networks:
+      - "gramps_network"
    command: celery -A gramps_webapi.celery worker --loglevel=INFO --concurrency=2

  gramps_redis:
    image: valkey/valkey:8.1.1-alpine
    container_name: gramps_redis
    restart: unless-stopped
+    networks:
+      - "gramps_network"
+
+networks:
+  gramps_network:
+    driver: bridge
+  {{ web_proxy_network }}:
+    external: true
--- a/files/homepage/docker-compose.yml.j2
+++ b/files/homepage/docker-compose.yml.j2
@ -5,3 +5,10 @@ services:
    restart: unless-stopped
    ports:
      - "127.0.0.1:{{ homepage_port }}:80"
+    networks:
+      - "{{ web_proxy_network }}"
+
+networks:
+  {{ web_proxy_network }}:
+    external: true
+
--- a/files/keycloak/docker-compose.yml.j2
+++ b/files/keycloak/docker-compose.yml.j2
@ -12,12 +12,18 @@ services:
    container_name: keycloak_app
    command: ["start-dev"]
    restart: unless-stopped
+    ports:
+      - "127.0.0.1:{{ keycloak_port }}:8080"
+    networks:
+      - "{{ web_proxy_network }}"
+    volumes:
+      - "./data:/opt/keycloak/data"
    environment:
      KEYCLOAK_ADMIN: "{{ keycloak_admin_login }}"
      KEYCLOAK_ADMIN_PASSWORD: "{{ keycloak_admin_password }}"
      KC_HOSTNAME_URL: "https://kk.vakhrushev.me"
      KC_HOSTNAME_ADMIN_URL: "https://kk.vakhrushev.me"
-    ports:
-      - "127.0.0.1:{{ keycloak_port }}:8080"
-    volumes:
-      - "./data:/opt/keycloak/data"
+
+networks:
+  {{ web_proxy_network }}:
+    external: true
--- a/files/outline/docker-compose.yml.j2
+++ b/files/outline/docker-compose.yml.j2
@ -6,11 +6,14 @@ services:
    image: outlinewiki/outline:0.83.0
    container_name: outline_app
    restart: unless-stopped
-    ports:
-      - "127.0.0.1:{{ outline_port }}:3000"
    depends_on:
      - outline_postgres
      - outline_redis
+    ports:
+      - "127.0.0.1:{{ outline_port }}:3000"
+    networks:
+      - "outline_network"
+      - "{{ web_proxy_network }}"
    environment:
      NODE_ENV: 'production'
      URL: 'https://outline.vakhrushev.me'
@ -52,6 +55,9 @@ services:
    image: valkey/valkey:8.1.1-alpine
    container_name: outline_redis
    restart: unless-stopped
+    networks:
+      - "outline_network"
+    

  outline_postgres:
    image: postgres:16.3-bookworm
@ -59,7 +65,15 @@ services:
    restart: unless-stopped
    volumes:
      - {{ postgres_data_dir }}:/var/lib/postgresql/data
+    networks:
+      - "outline_network"
    environment:
      POSTGRES_USER: '{{ outline_postgres_user }}'
      POSTGRES_PASSWORD: '{{ outline_postgres_password }}'
      POSTGRES_DB: '{{ outline_postgres_database }}'
+
+networks:
+  outline_network:
+    driver: bridge
+  {{ web_proxy_network }}:
+    external: true