diff --git a/.gitignore b/.gitignore index 925a4f2feaa..7b8875e5a73 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,7 @@ npm-debug.log /cgm-remote-monitor.sln /obj/Debug /*.bat + +# directories created by docker-compose.yml +mongo-data/ +letsencrypt/ diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 00000000000..b757f89d370 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,76 @@ +version: '3' + +services: + mongo: + image: mongo:4.4 + volumes: + - ${NS_MONGO_DATA_DIR:-./mongo-data}:/data/db:cached + + nightscout: + image: nightscout/cgm-remote-monitor:latest + container_name: nightscout + restart: always + depends_on: + - mongo + labels: + - 'traefik.enable=true' + # Change the below Host from `localhost` to be the web address where Nightscout is running. + # Also change the email address in the `traefik` service below. + - 'traefik.http.routers.nightscout.rule=Host(`localhost`)' + - 'traefik.http.routers.nightscout.entrypoints=websecure' + - 'traefik.http.routers.nightscout.tls.certresolver=le' + environment: + ### Variables for the container + NODE_ENV: production + TZ: Etc/UTC + + ### Overridden variables for Docker Compose setup + # The `nightscout` service can use HTTP, because we use `traefik` to serve the HTTPS + # and manage TLS certificates + INSECURE_USE_HTTP: 'true' + + # For all other settings, please refer to the Environment section of the README + ### Required variables + # MONGO_CONNECTION - The connection string for your Mongo database. + # Something like mongodb://sally:sallypass@ds099999.mongolab.com:99999/nightscout + # The default connects to the `mongo` included in this docker-compose file. + # If you change it, you probably also want to comment out the entire `mongo` service block + # and `depends_on` block above. + MONGO_CONNECTION: mongodb://mongo:27017/nightscout + + # API_SECRET - A secret passphrase that must be at least 12 characters long. + API_SECRET: change_me + + ### Features + # ENABLE - Used to enable optional features, expects a space delimited list, such as: careportal rawbg iob + # See https://github.com/nightscout/cgm-remote-monitor#plugins for details + ENABLE: careportal rawbg iob + + # AUTH_DEFAULT_ROLES (readable) - possible values readable, denied, or any valid role name. + # When readable, anyone can view Nightscout without a token. Setting it to denied will require + # a token from every visit, using status-only will enable api-secret based login. + AUTH_DEFAULT_ROLES: denied + + # For all other settings, please refer to the Environment section of the README + # https://github.com/nightscout/cgm-remote-monitor#environment + + traefik: + image: traefik:latest + container_name: 'traefik' + command: + - '--providers.docker=true' + - '--providers.docker.exposedbydefault=false' + - '--entrypoints.web.address=:80' + - '--entrypoints.web.http.redirections.entrypoint.to=websecure' + - '--entrypoints.websecure.address=:443' + - "--certificatesresolvers.le.acme.httpchallenge=true" + - "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web" + - '--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json' + # Change the below to match your email address + - '--certificatesresolvers.le.acme.email=example@example.com' + ports: + - '443:443' + - '80:80' + volumes: + - './letsencrypt:/letsencrypt' + - '/var/run/docker.sock:/var/run/docker.sock:ro'