dino/tunnel.compose.yaml at master · structx/dino · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
version: '3.9'

services:

  database:
    image: postgres:17.6-alpine3.22
    container_name: dinodb
    restart: 'unless-stopped'
    environment:
      - POSTGRES_PASSWORD=dino
      - POSTGRES_USER=dino
      - POSTGRES_DB=dino
      - PGDATA=/var/lib/postgresql/data
    networks:
      - dino-private-network
    ports:
      - 30432:5432
    volumes:
      - ${PWD}/.local-volumes/pgdata:/var/lib/postgresql/data:z

  ingress:
    image: traefik:v3.6.2
    container_name: traefik-ingress
    restart: 'unless-stopped'
    depends_on:
      - dino
    security_opt:
      - no-new-privileges:true
      - label=type:container_runtime_t
    command:
      # entrypoints
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --entrypoints.quic.address=:4242/udp
      # providers
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --providers.file.filename=/etc/traefik/dynamic.yaml
      # api and dashboard
      - --api.dashboard=true
      - --api.insecure=true
      # observability
      - --log.level=DEBUG
      - --accesslog=true
    labels:
      - traefik.enable=true
      - traefik.http.routers.dashboard.rule=Host(`traefik.dino.local`)
      - traefik.http.routers.dashboard.entrypoints=web
      - traefik.http.routers.dashboard.service=api@internal
    networks:
      - proxy
    ports:
      - 8080:8080
      - 8000:80
      - 8443:443/tcp
      - 4242:4242/udp
    volumes:
      - ${PWD}/certs/backend.cert:/etc/traefik/certs/server.crt:z
      - ${PWD}/certs/backend.key:/etc/traefik/certs/server.key:z
      - ${PWD}/dynamic.yaml:/etc/traefik/dynamic.yaml:z
      - /var/run/docker.sock:/var/run/docker.sock:z

  dino:
    image: dino/server:latest
    container_name: dino
    restart: 'unless-stopped'
    user: 65532:65532
    cap_drop:
      - ALL
    cap_add:
      - NET_BIND_SERVICE
    depends_on:
      - database
    labels:
      - traefik.enable=true
      # api
      - traefik.http.routers.dino.rule=Host(`api.dino.local`)
      - traefik.http.routers.dino.entrypoints=web
      - traefik.http.routers.dino.service=dino
      - traefik.http.services.dino.loadbalancer.server.scheme=h2c
      - traefik.http.services.dino.loadbalancer.server.port=50051
      # tunnel
      - traefik.udp.routers.tunnel.entrypoints=quic
      - traefik.udp.routers.tunnel.service=tunnel
      - traefik.udp.services.tunnel.loadbalancer.server.port=4242
    env_file:
      - ${PWD}/.env.development
    networks:
      - proxy
      - dino-private-network
    volumes:
      - ${PWD}/.certs/backend.cert:/etc/ssl/live/server.crt:z
      - ${PWD}/.certs/backend.key:/etc/ssl/live/server.key:z
    ports:
      - 50051
      - 4242/udp

networks:
  proxy:  # ingress network
    name: dino-proxy
    driver: bridge
  dino-private-network: # private remote network
    name: dino-private
    internal: true