From be093e7f779fc32a33c01a88c07a80759020fdca Mon Sep 17 00:00:00 2001 From: Jens Willmer Date: Sat, 29 May 2021 21:20:48 +0200 Subject: [PATCH 1/5] Traefik deployment example --- docker-compose/traefik/.env | 8 ++ docker-compose/traefik/README.md | 19 ++++ docker-compose/traefik/docker-compose.yml | 104 ++++++++++++++++++++++ 3 files changed, 131 insertions(+) create mode 100644 docker-compose/traefik/.env create mode 100644 docker-compose/traefik/README.md create mode 100644 docker-compose/traefik/docker-compose.yml diff --git a/docker-compose/traefik/.env b/docker-compose/traefik/.env new file mode 100644 index 0000000000..3d4e46dcf9 --- /dev/null +++ b/docker-compose/traefik/.env @@ -0,0 +1,8 @@ +# Reverse proxy domain and cloudflare token +DOMAINNAME=example.com +CF_DNS_API_TOKEN=SOME_CLOUDFLARE_TOKEN + +# Database +DATABASE_NAME=xcdb +DATABASE_USER=nocodb +DATABASE_PW=SECURE_PW \ No newline at end of file diff --git a/docker-compose/traefik/README.md b/docker-compose/traefik/README.md new file mode 100644 index 0000000000..eab2c64d2f --- /dev/null +++ b/docker-compose/traefik/README.md @@ -0,0 +1,19 @@ +# Example with traefik revers proxy + +Look into the `.env` file and update the vaiables before executing `docker-compose up -d`. + +## Traefik configuration + +- HTTP redirect to HTTPS +- Healthcheck +- SSL certificate via Cloudflare DNS challenge + +## Watchtower + +Looks for new nocodb image every day at 5:00 and recreates the container. + +## NocoDB + +- Accessible via `nocodb.DOMAINNAME` +- Uses postgres db for storage +- Telemetry is disabled \ No newline at end of file diff --git a/docker-compose/traefik/docker-compose.yml b/docker-compose/traefik/docker-compose.yml new file mode 100644 index 0000000000..88ea801c72 --- /dev/null +++ b/docker-compose/traefik/docker-compose.yml @@ -0,0 +1,104 @@ +version: "3.7" + +networks: + traefik_proxy: + name: traefik_proxy + +volumes: + letsencrypt: + name: traefik-letsencrypt + nocodb-db: + name: nocodb-db + +services: + + traefik: + image: traefik:v2.2 + container_name: traefik + restart: always + command: + #- "--log.level=DEBUG" + - "--providers.docker=true" + - "--ping=true" + - "--ping.entryPoint=ping" + - "--providers.docker.exposedbydefault=false" + - "--providers.docker.network=traefik_proxy" + - "--entryPoints.ping.address=:8081" + - "--entrypoints.http.address=:80" + - "--entrypoints.https.address=:443" + - "--entrypoints.https.http.tls.certresolver=letsencrypt" + - "--entrypoints.https.http.tls.domains[0].main=${DOMAINNAME}" + - "--entrypoints.https.http.tls.domains[0].sans=*.${DOMAINNAME}" + - "--entrypoints.http.http.redirections.entryPoint.to=https" + - "--entrypoints.http.http.redirections.entryPoint.scheme=https" + - "--certificatesresolvers.letsencrypt.acme.dnsChallenge.delayBeforeCheck=15" + - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare" + - "--certificatesresolvers.letsencrypt.acme.email=info@${DOMAINNAME}" + - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" + - "--certificatesResolvers.letsencrypt.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53" + environment: + - CF_DNS_API_TOKEN=${CLOUDFLARE_TOKEN} + healthcheck: + test: ["CMD", "wget", "-c", "http://localhost:8081/ping"] + timeout: 3s + retries: 3 + networks: + - default + - traefik_proxy + ports: + - "80:80" + - "443:443" + volumes: + - "letsencrypt:/letsencrypt" + - /var/run/docker.sock:/var/run/docker.sock:ro + + watchtower: + image: containrrr/watchtower + container_name: watchtower + restart: always + networks: + - traefik_proxy + command: --schedule "0 5 * * *" --cleanup --label-enable + + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + labels: + - "com.centurylinklabs.watchtower.enable=true" + + nocodb: + container_name: nocodb + image: nocodb/nocodb:latest + restart: always + networks: + - traefik_proxy + environment: + - NC_DB="pg://nocodb-db:5432?u=${DATABASE_USER}&p=${DATABASE_PW}&d=${DATABASE_NAME}" + - NC_PUBLIC_URL="https://nocodb.${DOMAINNAME}" + - NC_DISABLE_TELE=true + labels: + - "traefik.enable=true" + - "traefik.http.services.nocodb.loadbalancer.server.port=8080" + - "traefik.http.routers.nocodb.rule=Host(`nocodb.${DOMAINNAME}`)" + - "traefik.http.routers.nocodb.entrypoints=https" + - "com.centurylinklabs.watchtower.enable=true" + depends_on: + nocodb-db: + condition: service_healthy + + nocodb-db: + image: postgres:12.1-alpine + container_name: nocodb-db + restart: always + networks: + - traefik_proxy + environment: + POSTGRES_USER: ${DATABASE_USER} + POSTGRES_PASSWORD: ${DATABASE_PW} + POSTGRES_DB: ${DATABASE_NAME} + volumes: + - nocodb-db:/var/lib/postgresql/data + healthcheck: + test: pg_isready -U ${DATABASE_USER} -d ${DATABASE_NAME} + interval: 10s + timeout: 2s + retries: 10 \ No newline at end of file From 493671d60001e3c9bb76b841000c9e27eac94c94 Mon Sep 17 00:00:00 2001 From: Jens Willmer Date: Sat, 29 May 2021 21:29:54 +0200 Subject: [PATCH 2/5] Docker-Compose version 3 no longer supports the condition form of depends_on. --- docker-compose/traefik/docker-compose.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docker-compose/traefik/docker-compose.yml b/docker-compose/traefik/docker-compose.yml index 88ea801c72..6ce7c9194f 100644 --- a/docker-compose/traefik/docker-compose.yml +++ b/docker-compose/traefik/docker-compose.yml @@ -82,8 +82,7 @@ services: - "traefik.http.routers.nocodb.entrypoints=https" - "com.centurylinklabs.watchtower.enable=true" depends_on: - nocodb-db: - condition: service_healthy + - nocodb-db nocodb-db: image: postgres:12.1-alpine From c9daebcfa20e584d401e23adb4d8f7d3bdbd481e Mon Sep 17 00:00:00 2001 From: Jens Willmer Date: Sat, 29 May 2021 21:56:14 +0200 Subject: [PATCH 3/5] Fixed database connection variable --- docker-compose/traefik/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose/traefik/docker-compose.yml b/docker-compose/traefik/docker-compose.yml index 6ce7c9194f..95601dd2d5 100644 --- a/docker-compose/traefik/docker-compose.yml +++ b/docker-compose/traefik/docker-compose.yml @@ -72,8 +72,8 @@ services: networks: - traefik_proxy environment: - - NC_DB="pg://nocodb-db:5432?u=${DATABASE_USER}&p=${DATABASE_PW}&d=${DATABASE_NAME}" - - NC_PUBLIC_URL="https://nocodb.${DOMAINNAME}" + - DATABASE_URL="postgresql://nocodb-db:5432/${DATABASE_NAME}?user=${DATABASE_USER}&password=${DATABASE_PW}" + - NC_PUBLIC_URL=https://nocodb.${DOMAINNAME} - NC_DISABLE_TELE=true labels: - "traefik.enable=true" From 21ef3e1ac6744a63331281c940c1a48e544d79ac Mon Sep 17 00:00:00 2001 From: Jens Willmer Date: Sat, 29 May 2021 21:58:24 +0200 Subject: [PATCH 4/5] Update README.md --- docker-compose/traefik/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/traefik/README.md b/docker-compose/traefik/README.md index eab2c64d2f..7b97fd406e 100644 --- a/docker-compose/traefik/README.md +++ b/docker-compose/traefik/README.md @@ -14,6 +14,6 @@ Looks for new nocodb image every day at 5:00 and recreates the container. ## NocoDB -- Accessible via `nocodb.DOMAINNAME` +- Accessible via `nocodb.DOMAINNAME/dashboard` - Uses postgres db for storage - Telemetry is disabled \ No newline at end of file From 7ffba55ce982daa6d64ae129dec81a2a5aa6d17c Mon Sep 17 00:00:00 2001 From: Jens Willmer Date: Sat, 29 May 2021 22:13:58 +0200 Subject: [PATCH 5/5] Changed DB env var to prevent unsupported msg --- docker-compose/traefik/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose/traefik/docker-compose.yml b/docker-compose/traefik/docker-compose.yml index 95601dd2d5..b764da6588 100644 --- a/docker-compose/traefik/docker-compose.yml +++ b/docker-compose/traefik/docker-compose.yml @@ -72,7 +72,7 @@ services: networks: - traefik_proxy environment: - - DATABASE_URL="postgresql://nocodb-db:5432/${DATABASE_NAME}?user=${DATABASE_USER}&password=${DATABASE_PW}" + - NC_DB=pg://nocodb-db:5432?u=${DATABASE_USER}&p=${DATABASE_PW}&d=${DATABASE_NAME} - NC_PUBLIC_URL=https://nocodb.${DOMAINNAME} - NC_DISABLE_TELE=true labels: