You've already forked netbox
153 lines
4.8 KiB
YAML
153 lines
4.8 KiB
YAML
---
|
|
services:
|
|
netbox: &netbox
|
|
image: netboxcommunity/netbox:${NETBOX_VERSION}-${NETBOX_DOCKER_VERSION}
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- postgres
|
|
- redis
|
|
- redis-cache
|
|
environment:
|
|
- API_TOKEN_PEPPER_1=${NETBOX_API_TOKEN_PEPPER_1}
|
|
- CORS_ORIGIN_ALLOW_ALL=True
|
|
- DB_HOST=postgres
|
|
- DB_NAME=${PSQL_NAME}
|
|
- DB_USER=${PSQL_USER}
|
|
- DB_PASSWORD=${PSQL_PASS}
|
|
- EMAIL_SERVER=${NETBOX_EMAIL_SERVER}
|
|
- EMAIL_PORT=${NETBOX_EMAIL_PORT}
|
|
- EMAIL_SSL_CERTFILE=${NETBOX_EMAIL_SSLCER}
|
|
- EMAIL_SSL_KEYFILE=${NETBOX_EMAIL_SSLKEY}
|
|
- EMAIL_TIMEOUT=${NETBOX_EMAIL_TIMEOUT}
|
|
- EMAIL_USE_SSL=${NETBOX_EMAIL_SSL}
|
|
- EMAIL_USE_TLS=${NETBOX_EMAIL_TLS}
|
|
- EMAIL_FROM=${NETBOX_EMAIL_FROM}
|
|
- EMAIL_USERNAME=${NETBOX_EMAIL_USER}
|
|
- EMAIL_PASSWORD=${NETBOX_EMAIL_PASS}
|
|
- GRANIAN_BACKPRESSURE=${NETBOX_GRANIAN_BACKPRESSURE}
|
|
- GRANIAN_WORKERS=${NETBOX_GRANIAN_WORKERS}
|
|
- GRAPHQL_ENABLED=${NETBOX_GRAPHQL}
|
|
- MEDIA_ROOT=/opt/netbox/netbox/media
|
|
- METRICS_ENABLED=${NETBOX_METRICS}
|
|
- REDIS_HOST=redis
|
|
- REDIS_DATABASE=0
|
|
- REDIS_PASSWORD=${REDIS_PASS}
|
|
- REDIS_SSL=false
|
|
- REDIS_INSECURE_SKIP_TLS_VERIFY=false
|
|
- REDIS_CACHE_HOST=redis-cache
|
|
- REDIS_CACHE_DATABASE=1
|
|
- REDIS_CACHE_PASSWORD=${REDIS_CACHE_PASS}
|
|
- REDIS_CACHE_SSL=false
|
|
- REDIS_CACHE_INSECURE_SKIP_TLS_VERIFY=false
|
|
- RELEASE_CHECK_URL=https://api.github.com/repos/netbox-community/netbox/releases
|
|
- SECRET_KEY=${NETBOX_SECRET_KEY}
|
|
- SKIP_SUPERUSER=${NETBOX_SKIP_SUPERUSER}
|
|
- WEBHOOKS_ENABLED=${NETBOX_WEBHOOKS}
|
|
healthcheck:
|
|
test: curl -f http://localhost:8080/login/ || exit 1
|
|
start_period: 90s
|
|
timeout: 3s
|
|
interval: 15s
|
|
labels:
|
|
- traefik.enable=${TRAEFIK_ENABLED}
|
|
- traefik.docker.network=${TRAEFIK_NETWORK}
|
|
### Section HTTP
|
|
- traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http
|
|
# redirect to HTTPS only
|
|
- traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https
|
|
- traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
|
|
### Section HTTPS
|
|
- traefik.http.routers.https-${TRAEFIK_ROUTER}.entrypoints=https
|
|
# configure the exposed service
|
|
- traefik.http.routers.https-${TRAEFIK_ROUTER}.middlewares=hsts
|
|
- traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
|
|
# of course, enable TLS and it's certificate provider
|
|
- traefik.http.routers.https-${TRAEFIK_ROUTER}.tls=${TRAEFIK_TLSENABLED}
|
|
- traefik.http.routers.https-${TRAEFIK_ROUTER}.tls.certresolver=${TRAEFIK_CERTRESOLVER}
|
|
# specify a service so a custom port can be used
|
|
- traefik.http.services.${TRAEFIK_SERVICE}.loadbalancer.server.port=${TRAEFIK_SERVICE_PORT}
|
|
networks:
|
|
- internal
|
|
- traefik
|
|
user: netbox:root
|
|
volumes:
|
|
- ${NETBOX_DATA}/configuration:/etc/netbox/config:z,ro
|
|
- ${NETBOX_DATA}/media:/opt/netbox/netbox/media:z
|
|
- ${NETBOX_DATA}/reports:/etc/netbox/reports:z,ro
|
|
- ${NETBOX_DATA}/scripts:/etc/netbox/scripts:z,ro
|
|
|
|
netbox-worker:
|
|
<<: *netbox
|
|
command:
|
|
- /opt/netbox/venv/bin/python
|
|
- /opt/netbox/netbox/manage.py
|
|
- rqworker
|
|
depends_on:
|
|
netbox:
|
|
condition: service_healthy
|
|
healthcheck:
|
|
test: ps -aux | grep -v grep | grep -q rqworker || exit 1
|
|
start_period: 20s
|
|
timeout: 3s
|
|
interval: 15s
|
|
labels:
|
|
- traefik.enable=false
|
|
networks:
|
|
- internal
|
|
|
|
postgres:
|
|
image: postgres:${PSQL_VERSION}
|
|
restart: unless-stopped
|
|
environment:
|
|
- POSTGRES_DB=${PSQL_NAME}
|
|
- POSTGRES_USER=${PSQL_USER}
|
|
- POSTGRES_PASSWORD=${PSQL_PASS}
|
|
healthcheck:
|
|
test: pg_isready -q -t 2 -d $$POSTGRES_DB -U $$POSTGRES_USER
|
|
start_period: 20s
|
|
timeout: 30s
|
|
interval: 10s
|
|
retries: 5
|
|
networks:
|
|
- internal
|
|
volumes:
|
|
- ${PSQL_DATA}:/var/lib/postgresql
|
|
|
|
redis:
|
|
image: redis:${REDIS_VERSION}
|
|
restart: unless-stopped
|
|
command:
|
|
- sh
|
|
- -c
|
|
- redis-server --appendonly yes --requirepass $$REDIS_PASSWORD
|
|
environment:
|
|
- REDIS_PASSWORD=${REDIS_PASS}
|
|
healthcheck: &redis-healthcheck
|
|
test: '[ $$(redis-cli --pass "$${REDIS_PASSWORD}" ping) = ''PONG'' ]'
|
|
start_period: 5s
|
|
timeout: 3s
|
|
interval: 1s
|
|
retries: 5
|
|
networks:
|
|
- internal
|
|
volumes:
|
|
- ${REDIS_DATA}:/data
|
|
|
|
redis-cache:
|
|
image: redis:${REDIS_VERSION}
|
|
command:
|
|
- sh
|
|
- -c
|
|
- redis-server --requirepass $$REDIS_PASSWORD
|
|
environment:
|
|
- REDIS_PASSWORD=${REDIS_CACHE_PASS}
|
|
healthcheck: *redis-healthcheck
|
|
networks:
|
|
- internal
|
|
|
|
networks:
|
|
internal:
|
|
traefik:
|
|
external: true
|
|
name: ${TRAEFIK_NETWORK}
|