I have a VM within which I have application running as docker-compose file. how do I implement HSTS on that?
version: "3"
services:
drone-server:
container_name: drone_server
image: drone/drone:2.4
env_file:
- /opt/drone/drone-server.env
volumes:
- /var/lib/drone:/data
- /var/run/docker.sock:/var/run/docker.sock
ports:
- "8080:80"
restart: always
drone-agent:
container_name: drone_agent
image: drone/drone-runner-docker
env_file:
- /opt/drone/drone-agent.env
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: always
Related
May be somebody had such specific problem... There are two web applications in different directories, both in docker containers. Linux (centos). When I run the first application (docker-compose up -d) everything works fine. If I launch the second application from another directory, then the first one docker container launched falls. Why? The names of the containers are different, the ports forwarded in the docker are also different.
First app config docker-compose.yml
services:
web:
container_name: myapp-nginx
image: nginx:latest
ports:
- "8000:80"
- "443:443"
volumes:
- ./:/myapp
- ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf
- ./php-fpm/php-ini-overrides.ini:/etc/php/7.4/fpm/conf.d/99-overrides.ini
links:
- php
php:
build: .
container_name: myapp-php-fpm
image: php:7.4-fpm
volumes:
- ./:/myapp
- ./logs:/myapp/logs
- ./php-fpm/php-ini-overrides.ini:/etc/php/7.4/fpm/conf.d/99-overrides.ini
links:
- mysql:db
mysql:
image: mariadb:latest
container_name: myapp-mysql
volumes:
- /opt/myapp/data:/var/lib/mysql
env_file:
- mysql.env
restart: unless-stopped
ports:
- "3306:3306"
phpmyadmin:
image: phpmyadmin/phpmyadmin
container_name: myapp-phpmyadmin
environment:
- MAX_EXECUTION_TIME=600
- UPLOAD_LIMIT=800M
- PMA_HOST=localhost
- PMA_PORT=3306
- PMA_ARBITRARY=1
ports:
- "80:80"
links:
- mysql:db
Second app docker-compose.yml
version: '3'
services:
web:
container_name: client-nginx
image: nginx:latest
ports:
- "20203:81"
volumes:
- ./:/myapp_client
- ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf
- ./php-fpm/php-ini-overrides.ini:/etc/php/7.4/fpm/conf.d/99-overrides.ini
links:
- php
php:
build: .
container_name: client-php-fpm
image: php:7.4-fpm
volumes:
- ./:/myapp_client
- ./logs:/myapp_client/logs
- ./php-fpm/php-ini-overrides.ini:/etc/php/7.4/fpm/conf.d/99-overrides.ini
links:
- mysql:db
mysql:
image: mariadb:latest
container_name: client-mysql
volumes:
- /opt/myapp_client/data:/var/lib/mysql
env_file:
- mysql.env
restart: unless-stopped
ports:
- "20202:3307"
phpmyadmin:
image: phpmyadmin/phpmyadmin
container_name: client-phpmyadmin
environment:
- MAX_EXECUTION_TIME=600
- UPLOAD_LIMIT=800M
- PMA_HOST=localhost
- PMA_PORT=3307
- PMA_ARBITRARY=1
ports:
- "20204:82"
links:
- mysql:db
I want to make my nifi data volume and configuration persist means even if I delete container and docker compose up again I would like to keep what I built so far in my nifi. I try to mount volumes as follows in my docker compose file in volumes section nevertheless it doesn't work and my nifi processors are not saved. How can I do it correctly? Below my docker-compose.yaml file.
version: "3.7"
services:
nifi:
image: koroslak/nifi:latest
container_name: nifi
restart: always
environment:
- NIFI_HOME=/opt/nifi/nifi-current
- NIFI_LOG_DIR=/opt/nifi/nifi-current/logs
- NIFI_PID_DIR=/opt/nifi/nifi-current/run
- NIFI_BASE_DIR=/opt/nifi
- NIFI_WEB_HTTP_PORT=8080
ports:
- 9000:8080
depends_on:
- openldap
volumes:
- ./volume/nifi-current/state:/opt/nifi/nifi-current/state
- ./volume/database/database_repository:/opt/nifi/nifi-current/repositories/database_repository
- ./volume/flow_storage/flowfile_repository:/opt/nifi/nifi-current/repositories/flowfile_repository
- ./volume/nifi-current/content_repository:/opt/nifi/nifi-current/repositories/content_repository
- ./volume/nifi-current/provenance_repository:/opt/nifi/nifi-current/repositories/provenance_repository
- ./volume/log:/opt/nifi/nifi-current/logs
#- ./volume/conf:/opt/nifi/nifi-current/conf
postgres:
image: koroslak/postgres:latest
container_name: postgres
restart: always
environment:
- POSTGRES_PASSWORD=secret123
ports:
- 6000:5432
volumes:
- postgres:/var/lib/postgresql/data
pgadmin:
container_name: pgadmin
image: dpage/pgadmin4:4.18
restart: always
environment:
- PGADMIN_DEFAULT_EMAIL=admin
- PGADMIN_DEFAULT_PASSWORD=admin
ports:
- 8090:80
metabase:
container_name: metabase
image: metabase/metabase:v0.34.2
restart: always
environment:
MB_DB_TYPE: postgres
MB_DB_DBNAME: metabase
MB_DB_PORT: 5432
MB_DB_USER: metabase_admin
MB_DB_PASS: secret123
MB_DB_HOST: postgres
ports:
- 3000:3000
depends_on:
- postgres
openldap:
image: osixia/openldap:1.3.0
container_name: openldap
restart: always
ports:
- 38999:389
# Mocked source systems
jira-api:
image: danielgtaylor/apisprout:latest
container_name: jira-api
restart: always
ports:
- 8000:8000
command: https://raw.githubusercontent.com/mvrabel/nifi-postgres-metabase/master/api_examples/jira-api.json
pipedrive-api:
image: danielgtaylor/apisprout:latest
container_name: pipedrive-api
restart: always
ports:
- 8100:8000
command: https://raw.githubusercontent.com/mvrabel/nifi-postgres-metabase/master/api_examples/pipedrive-api.yaml
restcountries-api:
image: danielgtaylor/apisprout:latest
container_name: restcountries-api
restart: always
ports:
- 8200:8000
command: https://raw.githubusercontent.com/mvrabel/nifi-postgres-metabase/master/api_examples/restcountries-api.json
volumes:
postgres:
nifi:
openldap:
metabase:
pgadmin:
Using Registry you can achieve that all changes you are doing or your nifi are committed to git. I.e. if you change some processor configuration, it will be reflected in your git repo.
As for flow files, you may need to fix volumes mappings.
I'm having a problem persisting data with docker-compose.
I want my service chatmysql to persist data I put inside a database, but everytime i run docker-compose down it all vanishes.
I checked directory /var/lib/docker/volumes to see if it stores data there when containers are running and the volume was completely empty.
I didn't have that issue when I was running containers with docker run command so I guess its fault of my docker-compose.yaml file. Can someone help me?
I'm running this on Ubuntu 20.04.
version: '3'
services:
chatmysql:
image: mysql/mysql-server
container_name: chatmysql
hostname: db
user: root
networks:
- chatnet
ports:
- 3307:3306
volumes:
- chatmysqlvolume:/lib/var/mysql
chatbackend:
depends_on:
- chatmysql
build:
context: backend/src
container_name: chatbackend
hostname: backend
networks:
- chatnet
ports:
- 8080:8080
environment:
- MYSQLUSERNAME=${MYSQLUSERNAME:-user}
- MYSQLPASSWORD=${MYSQLPASSWORD:?database password not set}
- MYSQLHOST=${MYSQLHOST:-db}
- MYSQLPORT=${MYSQLPORT:-3306}
- MYSQLDBNAME=${MYSQLDBNAME:-test}
restart: always
deploy:
restart_policy:
condition: on-failure
chatfrontend:
build: frontend
container_name: chatfrontend
hostname: front
networks:
- chatnet
ports:
- 3000:3000
volumes:
chatmysqlvolume:
networks:
chatnet:
driver: bridge
You need to change the mounted volume, try this :
version: '3.7'
services:
chatmysql:
image: mysql/mysql-server
container_name: chatmysql
hostname: db
user: root
networks:
- chatnet
ports:
- 3307:3306
volumes:
- chatmysqlvolume:/var/lib/mysql
chatbackend:
depends_on:
- chatmysql
build:
context: backend/src
container_name: chatbackend
hostname: backend
networks:
- chatnet
ports:
- 8080:8080
environment:
- MYSQLUSERNAME=${MYSQLUSERNAME:-user}
- MYSQLPASSWORD=${MYSQLPASSWORD:?database password not set}
- MYSQLHOST=${MYSQLHOST:-db}
- MYSQLPORT=${MYSQLPORT:-3306}
- MYSQLDBNAME=${MYSQLDBNAME:-test}
restart: always
deploy:
restart_policy:
condition: on-failure
chatfrontend:
build: frontend
container_name: chatfrontend
hostname: front
networks:
- chatnet
ports:
- 3000:3000
volumes:
chatmysqlvolume:
networks:
chatnet:
driver: bridge
My docker-compose.yml looks like the below. When i run docker-compose up I get the below error.
ERROR: In file './docker-compose.yml', the service name True must be a quoted string, i.e. 'True'.
version: '3'
services:
db:
restart: always
image: postgres:9.6-alpine
container_name: pleroma_postgres
networks:
- pleroma
volumes:
- ./postgres:/var/lib/postgresql/data
web:
build: .
image: pleroma
container_name: pleroma_web
restart: always
environment:
- VIRTUAL_HOST=<myplaceholderhost>
- VIRTUAL_PORT=4000
- LETSENCRYPT_HOST=<myplaceholderhost>
- LETENCRYPT_EMAIL=<myplaceholderemail>
expose:
- "4000"
volumes:
- ./uploads:/pleroma/uploads
depends_on:
- db
nginx:
image: jwilder/nginx-proxy
container_name: nginx
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- /apps/docker-articles/nginx/vhost.d:/etc/nginx/vhost.d
- /apps/docker-articles/nginx/certs:/etc/nginx/certs:ro
- /apps/docker-articles/nginx/html:/usr/share/nginx/html
restart: always
ports:
- "80:80"
- "443:443"
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
networks:
- pleroma
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion:v1.5
container_name: letsencrypt
volumes_from:
- nginx
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /apps/docker-articles/nginx/vhost.d:/etc/nginx/vhost.d
- /apps/docker/articles/nginx/certs:/etc/nginx/certs:rw
- /apps/docker-articles/nginx/html:/usr/share/nginx/html
networks:
pleroma:
My docker version is
Docker version 18.06.1-ce, build e68fc7a
My docker compose version is
docker-compose version 1.23.1, build b02f1306
Running CoreOS version 1911.3.0
I ended up resolving this issue by modifying the nginx and letsencrypt portions of my docker-compose.yml file to be as follows.
nginx:
image: jwilder/nginx-proxy
container_name: nginx
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- /apps/docker-articles/nginx/vhost.d:/etc/nginx/vhost.d
- /apps/docker-articles/nginx/certs:/etc/nginx/certs:ro
- /apps/docker-articles/nginx/html:/usr/share/nginx/html
restart: always
ports:
- "80:80"
- "443:443"
labels:
- "NGINX_PROXY_CONTAINER=true"
networks:
- pleroma
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion:v1.5
container_name: letsencrypt
environment:
- NGINX_PROXY_CONTAINER=true
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /apps/docker-articles/nginx/vhost.d:/etc/nginx/vhost.d
- /apps/docker/articles/nginx/certs:/etc/nginx/certs:rw
- /apps/docker-articles/nginx/html:/usr/share/nginx/html
It seems "volumes_from" is deprecated in docker-compose v3. As well as I had forgotted quotes around my label and needed to set my environment within letsencrypt.
in CentOS env your .yml file directory must be /usr/local/bin
This is how my docker-compose.yml file looks like. As you can see, there is a nginx server, a mongoDB, the main application and for testing a nightwatch and selenium container.
nginx:
container_name: 'nginx'
image: 'nginx:1.11'
restart: 'always'
ports:
- '80:80'
- '443:443'
volumes:
- '/opt/nginx/conf.d:/etc/nginx/conf.d:ro'
- '/opt/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro'
- '/etc/letsencrypt:/etc/letsencrypt'
- '/opt/nginx/www:/var/www:ro'
links:
- 'app'
nightwatch:
container_name: nightwatch
image: 'registry.example.com/project/core:nightwatch'
links:
- selenium
stdin_open: true
tty: true
selenium:
container_name: selenium
image: selenium/standalone-chrome
ports:
- 4444:4444
links:
- app
db:
container_name: db
image: 'mongo:3.4'
restart: 'always'
volumes:
- '/opt/mongo/project/prod:/data/db'
app:
container_name: app
image: 'registry.example.de/project/core:latest'
restart: always
links:
- 'db'
environment:
- ROOT_URL=https://example.com
- MONGO_URL=mongodb://db/db
You can also see, that I'm still using version 1 and I want to upgrade to current version (3). And there are a few problems for converting the file.
For example I do not understand the network option which should be used instead of the deprecated link to get access to containers.
In the nightwatch container I'm running a script like
module.exports = {
'start application': function(browser) {
browser
.url('http://app') // <--
.waitForElementVisible('body', 10000)
.getTitle(function(result) {
this.assert.equal(typeof result, 'string')
})
},
}
So I need to get access to the app container via nightwatch, which also needs selenium. The main app needs of course the db.
I need some help converting to version 3:
version: '3'
services:
nginx:
...
nightwatch:
...
This should be enough:
version: "3"
services:
nginx:
container_name: 'nginx'
image: 'nginx:1.11'
restart: 'always'
ports:
- '80:80'
- '443:443'
volumes:
- '/opt/nginx/conf.d:/etc/nginx/conf.d:ro'
- '/opt/nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro'
- '/etc/letsencrypt:/etc/letsencrypt'
- '/opt/nginx/www:/var/www:ro'
links:
- app
nightwatch:
container_name: nightwatch
image: 'registry.example.com/project/core:nightwatch'
links:
- selenium
stdin_open: true
tty: true
selenium:
container_name: selenium
image: selenium/standalone-chrome
ports:
- 4444:4444
links:
- app
db:
container_name: db
image: 'mongo:3.4'
restart: 'always'
volumes:
- '/opt/mongo/project/prod:/data/db'
app:
container_name: app
image: 'registry.example.de/project/core:latest'
restart: always
links:
- db
environment:
- ROOT_URL=https://example.com
- MONGO_URL=mongodb://db/db
You don't need to configure extra networks than the default provided by compose.
Linking containers is still configured as so. Try this:
version: "3"
services:
abc:
image: ubuntu
command: tail -f /dev/null
cde:
image: busybox
command: ping abc
links:
- abc