diff --git a/hub/documentation/operations/files/selfcert/docker-compose.yaml b/hub/documentation/operations/files/selfcert/docker-compose.yaml new file mode 100644 index 0000000000..3060dd5e6c --- /dev/null +++ b/hub/documentation/operations/files/selfcert/docker-compose.yaml @@ -0,0 +1,93 @@ +# IMAGE TAGS, USER_ID and HOST names is found in .env file +services: + watchtower: + image: containrrr/watchtower + container_name: watchtower + restart: always + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /home/sesam/.docker/config.json:/config.json + command: sesam-node fluentbit traefik + environment: + - WATCHTOWER_CLEANUP=true # Removes old images after updating + - WATCHTOWER_POLL_INTERVAL=3600 # Check for updates every 60 minutes + - WATCHTOWER_ROLLING_RESTART=true # Enable rolling restarts to minimize downtime + + traefik: + image: traefik:${TRAEFIK_DOCKER_IMAGE_TAG} + container_name: traefik + restart: always + command: + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--entrypoints.web.http.redirections.entryPoint.to=websecure" + - "--entrypoints.web.http.redirections.entryPoint.scheme=https" + ports: + - "80:80" + - "443:443" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "/srv/data/traefik/traefik.yml:/etc/traefik/traefik.yml:ro" + - "/srv/data/traefik/certs:/certs:ro" + networks: + - sesam + - microservices + + sesam-node: + image: sesam/sesam-node:${SESAM_NODE_IMAGE_TAG} + container_name: sesam-node + restart: always + networks: + - sesam + - microservices + volumes: + - /srv/data/sesam/node-00/data:/sesam/data:rprivate + - sesam-node-tmp:/tmp:z + - /sesam/node-00:/sesam:rprivate + - /var/run/docker.sock:/var/run/docker.sock:rprivate + environment: + - SESAM_UID=${USER_ID} + - SESAM_GID=${USER_ID} + entrypoint: ["/entrypoint.sh"] + command: + - sh + - -c + - "chown -R -H ${USER_ID}:${USER_ID} /sesam/logs /sesam/data && exec gosu ${USER_ID} lake -l /sesam/logs -d /sesam/data --microservices=engine --enforce-license --sesam-portal-url https://portal.sesam.io/unified/ --redirect-portal-gui 1 -b /sesam/data/backup --backup-use-checkpoints" + labels: + - "traefik.enable=true" + - "traefik.http.routers.sesam-node.rule=Host(`${NODE_DOMAIN}`)" + - "traefik.http.routers.sesam-node.entrypoints=websecure" + - "traefik.http.routers.sesam-node.tls=true" + - "traefik.http.routers.sesam-node.tls.certresolver=myleresolver" + - "traefik.http.services.sesam-node.loadbalancer.server.port=9042" + + fluentbit: + image: sesam/fluent-bit:${FLUENTBIT_IMAGE_TAG} + container_name: fluentbit + restart: always + volumes: + - /sesam/node-00/logs:/logs/node/logs:rw + - /var/log:/system-logs/logs:rw + - /sesam/fluentbit/data:/data:rw + environment: + - APPLIANCE_ID=${APPLIANCE_ID} + - SUBSCRIPTION_ID=${SUBSCRIPTION_ID} + entrypoint: + - /fluent-bit/bin/fluent-bit + command: + - /fluent-bit/bin/fluent-bit + - -c + - /fluent-bit/etc/fluent-bit.conf + +volumes: + # Docker Volume definition for sesam-node-tmp + sesam-node-tmp: + driver: local + +networks: + sesam: + external: true + microservices: + external: true diff --git a/hub/documentation/operations/files/selfcert/traefik.yaml b/hub/documentation/operations/files/selfcert/traefik.yaml new file mode 100644 index 0000000000..ef7cb46444 --- /dev/null +++ b/hub/documentation/operations/files/selfcert/traefik.yaml @@ -0,0 +1,12 @@ +entryPoints: + web: + address: ":80" + websecure: + address: ":443" +providers: + docker: + exposedByDefault: false +tls: + certificates: + - certFile: "/certs/example.com.crt" + keyFile: "/certs/example.com.key" diff --git a/hub/documentation/operations/files/docker-compose.yaml b/hub/documentation/operations/files/standard/docker-compose.yaml similarity index 96% rename from hub/documentation/operations/files/docker-compose.yaml rename to hub/documentation/operations/files/standard/docker-compose.yaml index dde6efda0f..698ebfbc2f 100644 --- a/hub/documentation/operations/files/docker-compose.yaml +++ b/hub/documentation/operations/files/standard/docker-compose.yaml @@ -53,9 +53,6 @@ services: environment: - SESAM_UID=${USER_ID} - SESAM_GID=${USER_ID} - - ORACLE_HOME=/opt/instantclient_21_1 - - LD_LIBRARY_PATH=/opt/instantclient_21_1 - - SESAM_IMAGE_VERSION=2 entrypoint: ["/entrypoint.sh"] command: - sh diff --git a/hub/documentation/operations/self-hosted.rst b/hub/documentation/operations/self-hosted.rst index 3783024747..1cae5b1412 100644 --- a/hub/documentation/operations/self-hosted.rst +++ b/hub/documentation/operations/self-hosted.rst @@ -200,10 +200,10 @@ Docker compose configuration -------------- -2. Docker Setup ---------------- +2 A. Docker Setup with letsencrypt +----------------------------------- -1. Place the :download:`docker-compose.yaml` and :download:`env` files in the ``/srv/data`` directory: +1. Place the :download:`docker-compose.yaml` and :download:`env` files in the ``/srv/data`` directory: .. code:: bash @@ -226,6 +226,40 @@ Docker compose configuration docker network create sesam docker network create microservices + + +2 B. Docker Setup with self provided certificates +-------------------------------------------------- + + +1. Place the :download:`docker-compose.yaml` and :download:`env` files in the ``/srv/data`` directory, download `traefik.yaml` and place in ``/srv/data/traefik/``. Place your certificates to ``/srv/data/traefik/certs``: + + .. code:: bash + + /srv/data/docker-compose.yml + /srv/data/.env + /srv/data/traefik/traefik.yaml + /srv/data/traefik/certs/example.cert + /srv/data/traefik/certs/example.key + +2. Create a new unique identifier to use as APPLIANCE_ID + + .. code:: bash + + uuidgen + + +3. Edit the ``.env`` file with the correct values + +4. Edit the ``traefik/traefik.yaml`` file with the correct values + +5. Create the needed networks + + .. code:: bash + + docker network create sesam + docker network create microservices + -------------- 3. Start Services