diff --git a/deploy/docker-compose.override.yml b/deploy/docker-compose.override.yml new file mode 100644 index 000000000..628d051d9 --- /dev/null +++ b/deploy/docker-compose.override.yml @@ -0,0 +1,51 @@ +services: + # -------------------------------------------------- + # C. REVERSE PROXY AND SSL SERVICES + # -------------------------------------------------- + + # This is the reverse proxy and SSL service + traefik: + image: traefik:3 + command: + # traefik static configuration via command line + # enable accesslog + - "--accesslog.format=common" + # http endpoint + - "--entrypoints.web.address=:80" + # https endpoint + - "--entrypoints.websecure.address=:443" + - "--entrypoints.websecure.asdefault" + - "--entrypoints.websecure.http.tls.certresolver=letsencrypt" + # http to https redirect + - "--entrypoints.web.http.redirections.entryPoint.to=websecure" + - "--entrypoints.web.http.redirections.entryPoint.scheme=https" + - "--entrypoints.web.http.redirections.entrypoint.permanent=true" + # ACME SSL certificate generation + - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" + - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web" + - "--certificatesresolvers.letsencrypt.acme.email=${MW_ADMIN_EMAIL}" + - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" + # additionial traefik dynamic configuration via config file + - "--providers.file.filename=/etc/traefik/dynamic.yml" + # Uncomment this line to only test ssl generation first, makes sure you don't run into letsencrypt rate limits + # - "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" + # Uncomment the following line for debugging, also expose port 8080 below + # - "--api.dashboard=true" + # - "--api.insecure=true" + # - "--log.level=DEBUG" + restart: unless-stopped + ports: + - 80:80 + - 443:443 + # traefik dashboard + # - 8080:8080 + volumes: + - ./config/traefik-dynamic.yml:/etc/traefik/dynamic.yml:ro + - traefik-letsencrypt-data:/letsencrypt + environment: + WIKIBASE_PUBLIC_HOST: ${WIKIBASE_PUBLIC_HOST} + WDQS_PUBLIC_HOST: ${WDQS_PUBLIC_HOST} + +volumes: + # C. REVERSE PROXY AND SSL SERVICES DATA + traefik-letsencrypt-data: diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml index 2c29db78a..c16807e24 100644 --- a/deploy/docker-compose.yml +++ b/deploy/docker-compose.yml @@ -153,53 +153,6 @@ services: interval: 10s start_period: 2m - # -------------------------------------------------- - # C. REVERSE PROXY AND SSL SERVICES - # -------------------------------------------------- - - # This is the reverse proxy and SSL service - traefik: - image: traefik:3 - command: - # traefik static configuration via command line - # enable accesslog - - "--accesslog.format=common" - # http endpoint - - "--entrypoints.web.address=:80" - # https endpoint - - "--entrypoints.websecure.address=:443" - - "--entrypoints.websecure.asdefault" - - "--entrypoints.websecure.http.tls.certresolver=letsencrypt" - # http to https redirect - - "--entrypoints.web.http.redirections.entryPoint.to=websecure" - - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - - "--entrypoints.web.http.redirections.entrypoint.permanent=true" - # ACME SSL certificate generation - - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" - - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web" - - "--certificatesresolvers.letsencrypt.acme.email=${MW_ADMIN_EMAIL}" - - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" - # additionial traefik dynamic configuration via config file - - "--providers.file.filename=/etc/traefik/dynamic.yml" - # Uncomment this line to only test ssl generation first, makes sure you don't run into letsencrypt rate limits - # - "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" - # Uncomment the following line for debugging, also expose port 8080 below - # - "--api.dashboard=true" - # - "--api.insecure=true" - # - "--log.level=DEBUG" - restart: unless-stopped - ports: - - 80:80 - - 443:443 - # traefik dashboard - # - 8080:8080 - volumes: - - ./config/traefik-dynamic.yml:/etc/traefik/dynamic.yml:ro - - traefik-letsencrypt-data:/letsencrypt - environment: - WIKIBASE_PUBLIC_HOST: ${WIKIBASE_PUBLIC_HOST} - WDQS_PUBLIC_HOST: ${WDQS_PUBLIC_HOST} - volumes: # A. CORE WIKIBASE SUITE SERVICES DATA wikibase-image-data: @@ -208,5 +161,3 @@ volumes: wdqs-data: elasticsearch-data: quickstatements-data: - # C. REVERSE PROXY AND SSL SERVICES DATA - traefik-letsencrypt-data: diff --git a/test/setup/make-test-settings.ts b/test/setup/make-test-settings.ts index afb4dc9d9..0c2778c86 100644 --- a/test/setup/make-test-settings.ts +++ b/test/setup/make-test-settings.ts @@ -115,6 +115,7 @@ export const defaultSettings: Partial = { ], composeFiles: [ '../deploy/docker-compose.yml', + '../deploy/docker-compose.override.yml', 'suites/docker-compose.override.yml' ] };