-
Notifications
You must be signed in to change notification settings - Fork 2
/
docker-compose.yml
120 lines (107 loc) · 3.76 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
version: '3.7'
services:
# =============================================================
#
# TRAEFIK - reverse proxy
#
# =============================================================
reverse-proxy:
image: traefik:v2.4.8
command:
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=web-secure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web-secure.address=:443"
container_name: traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=Host(`tn8n.${DOMAIN}`)" # remove this if dashboard is not required
- "traefik.http.routers.api.entrypoints=web-secure"
- "traefik.http.routers.api.tls.certresolver=certificato"
- "traefik.http.routers.api.tls.domains[0].main=*.${DOMAIN}"
- "traefik.http.routers.api.service=api@internal"
ports:
- 443:443
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
restart: always
# =============================================================
#
# N8N - n8n server
#
# =============================================================
postgres:
image: postgres:11
restart: always
networks:
- web
environment:
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_DB=${POSTGRES_DB}
- POSTGRES_NON_ROOT_USER=${POSTGRES_NON_ROOT_USER}
- POSTGRES_NON_ROOT_PASSWORD=${POSTGRES_NON_ROOT_PASSWORD}
volumes:
- postgresql:/var/lib/postgresql
- postgresql_data:/var/lib/postgresql/data
- ./init-data.sh:/docker-entrypoint-initdb.d/init-data.sh
n8n:
image: n8nio/n8n:0.117.0
restart: always
networks:
- web
environment:
- DB_TYPE=postgresdb
- DB_POSTGRESDB_HOST=postgres
- DB_POSTGRESDB_PORT=5432
- DB_POSTGRESDB_DATABASE=${POSTGRES_DB}
- DB_POSTGRESDB_USER=${POSTGRES_NON_ROOT_USER}
- DB_POSTGRESDB_PASSWORD=${POSTGRES_NON_ROOT_PASSWORD}
labels:
- "traefik.enable=true"
- "traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN}`)"
- "traefik.http.routers.n8n.entrypoints=web-secure"
- "traefik.http.routers.n8n.tls.certresolver=certificato"
- "traefik.http.routers.n8n.tls.domains[0].main=*.${DOMAIN}"
- "traefik.http.routers.n8n.service=n8nService"
- "traefik.http.services.n8nService.loadBalancer.server.port=5678"
# Oauth for n8n
- "traefik.http.routers.n8n.middlewares=n8nsecure"
- "traefik.http.middlewares.n8nsecure.forwardauth.address=http://oauth:4181"
- "traefik.http.middlewares.n8nsecure.forwardauth.authResponseHeaders=X-Forwarded-User"
- "traefik.http.middlewares.n8nsecure.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
- "traefik.http.middlewares.n8nsecure.forwardauth.trustForwardHeader=true"
links:
- postgres
depends_on:
- postgres
# Wait 5 seconds to start n8n to make sure that PostgreSQL is ready
# when n8n tries to connect to it
command: /bin/sh -c "sleep 5; n8n start"
# =============================================================
#
# OAUTH
#
# =============================================================
oauth:
image: thomseddon/traefik-forward-auth:2.2
container_name: oauth
networks:
- web
environment:
- PROVIDERS_GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID}
- PROVIDERS_GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET}
- SECRET=${OAUTH_SECRET}
- WHITELIST=${WHITELIST}
- LIFETIME=3600
networks:
web:
driver: bridge
volumes:
postgresql:
postgresql_data: