docker-compose.prod.yml

version: "3"

# To deploy in prod we use a nginx proxy for docker containers with a companion to enable HTTPS with LetsEncrypt
# https://github.com/nginx-proxy/nginx-proxy
# https://github.com/nginx-proxy/acme-companion

services:

  api:
    volumes:
      - /data/database/backup:/backup
    environment:
      - VIRTUAL_HOST=api.dsri.maastrichtuniversity.nl
      - LETSENCRYPT_HOST=api.dsri.maastrichtuniversity.nl
      - VIRTUAL_PORT=80


  # Run the API on a single thread just for the CRON job in prod (enabled with env variable)
  # Because gunicorn would run the process on every workers
  cron:
    build: ./server
    restart: unless-stopped
    depends_on:
      - mysql
      - phpmyadmin
    volumes:
      - /data/database/backup:/backup
    environment:
      - SQL_URL=mysql://${DB_USER}:${DB_PASSWORD-password}@${DB_HOST-mysql}:3306/${DB_NAME}
      - SLACK_BOT_TOKEN=${SLACK_BOT_TOKEN-xoxb}
      - SLACK_CHANNEL=${SLACK_CHANNEL-UQL6BCQJH}
      # - CLUSTER_USER=${CLUSTER_USER-Vincent.Emonet}
      # - CLUSTER_PASSWORD=${CLUSTER_PASSWORD-password}
      - CLUSTER_API_KEY=${CLUSTER_API_KEY-token}
      - API_PASSWORD=${API_PASSWORD-password}
      - ENABLE_CRON=true
    command: uvicorn api.main:app --host 0.0.0.0 --port 80


  gpu-calendar:
    environment:
      - VIRTUAL_HOST=calendar.dsri.maastrichtuniversity.nl
      - LETSENCRYPT_HOST=calendar.dsri.maastrichtuniversity.nl
      - VIRTUAL_PORT=80

  gpu-booking:
    environment:
      - VIRTUAL_HOST=booking.dsri.maastrichtuniversity.nl
      - LETSENCRYPT_HOST=booking.dsri.maastrichtuniversity.nl
      - VIRTUAL_PORT=80
      - DB_PASSWORD=${DB_PASSWORD}
      - DB_USER=${DB_USER}
      - DB_NAME=${DB_NAME}
      - DB_HOST=${DB_HOST-mysql}
      - SMTP_HOST=${SMTP_HOST-localhost}
      - SMTP_PORT=${SMTP_PORT-25}
      - SMTP_FROM=${SMTP_FROM}
      - SAML_SP_ENTITY_ID=${SAML_SP_ENTITY_ID}
      - SAML_SALT=${SAML_SALT}
      - SAML_ADMIN_PW=${SAML_ADMIN_PW}
      - SAML_TRUSTED_DOMAINS=${SAML_TRUSTED_DOMAINS}
      - SAML_BASEURLPATH=${SAML_BASEURLPATH}

  mysql:
    volumes:
      - /data/database/data:/var/lib/mysql
      - /data/database/backup:/backup

  phpmyadmin:
    environment:
      - PMA_ABSOLUTE_URI=https://admin.dsri.maastrichtuniversity.nl
      - VIRTUAL_HOST=admin.dsri.maastrichtuniversity.nl
      - LETSENCRYPT_HOST=admin.dsri.maastrichtuniversity.nl
      - VIRTUAL_PORT=80


  # https://github.com/nginx-proxy/nginx-proxy
  nginx-proxy:
    image: nginxproxy/nginx-proxy:latest
    container_name: nginx-proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /data/certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
    restart: unless-stopped

  # Use letsencrypt to serve HTTPS https://github.com/nginx-proxy/acme-companion
  # Docs: https://github.com/nginx-proxy/acme-companion/wiki/Container-configuration
  nginx-encrypt-https:
    image: nginxproxy/acme-companion:latest
    container_name: acme-companion
    depends_on:
      - nginx-proxy
    volumes:
      - /data/certs:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - acme:/etc/acme.sh
    volumes_from:
      - nginx-proxy:rw
    environment:
      - NGINX_PROXY_CONTAINER=nginx-proxy
      - REUSE_KEY=false
      - DEBUG=true
      - DEFAULT_EMAIL=DSRI-SUPPORT-L@maastrichtuniversity.nl
    restart: unless-stopped


  ## Website could be also served with nginx from the same server as the API
  # website:
  #   build: website
  #   environment:
  #     - VIRTUAL_HOST=dsri.maastrichtuniversity.nl
  #     - LETSENCRYPT_HOST=dsri.maastrichtuniversity.nl
  #     - VIRTUAL_PORT=80

volumes:
  vhost:
  html:
  acme: