waja a révisé ce gist 4 years ago. Aller à la révision
Aucun changement
waja a révisé ce gist 4 years ago. Aller à la révision
4 files changed, 72 insertions
.env(fichier créé)
| @@ -0,0 +1,4 @@ | |||
| 1 | + | # tr -dc A-Za-z0-9 </dev/urandom | head -c 12 ; echo '' | |
| 2 | + | TRAEFIK_HASH=H6UNStXJUAX5 | |
| 3 | + | TRAEFIK_PROJECT=bitwarden | |
| 4 | + | TRAEFIK_SERVICE_01=bitwarden | |
bitwarden.service(fichier créé)
| @@ -0,0 +1,19 @@ | |||
| 1 | + | [Unit] | |
| 2 | + | Description=Bitwarden RS Service | |
| 3 | + | After=network.target docker.service traefik.service | |
| 4 | + | Requires=docker.service | |
| 5 | + | ||
| 6 | + | [Service] | |
| 7 | + | #Type=simple | |
| 8 | + | Type=oneshot | |
| 9 | + | RemainAfterExit=yes | |
| 10 | + | ||
| 11 | + | Environment="WORK_DIR=/srv/docker/bitwarden/" | |
| 12 | + | WorkingDirectory=/srv/docker/bitwarden/ | |
| 13 | + | ExecStartPre=-/usr/local/bin/docker-compose -f "${WORK_DIR}/docker-compose.yml" -f "${WORK_DIR}/container.conf/production.yml" down | |
| 14 | + | ExecStartPre=-/usr/local/bin/docker-compose -f "${WORK_DIR}/docker-compose.yml" -f "${WORK_DIR}/container.conf/production.yml" pull | |
| 15 | + | ExecStart=/usr/local/bin/docker-compose -f "${WORK_DIR}/docker-compose.yml" -f "${WORK_DIR}/container.conf/production.yml" up -d | |
| 16 | + | ExecStop=/usr/local/bin/docker-compose -f "${WORK_DIR}/docker-compose.yml" -f "${WORK_DIR}/container.conf/production.yml" down | |
| 17 | + | ||
| 18 | + | [Install] | |
| 19 | + | WantedBy=docker.service | |
docker-compose.yml(fichier créé)
| @@ -0,0 +1,38 @@ | |||
| 1 | + | version: '3.7' | |
| 2 | + | ||
| 3 | + | services: | |
| 4 | + | bitwarden: | |
| 5 | + | image: bitwardenrs/server | |
| 6 | + | environment: | |
| 7 | + | WEBSOCKET_ENABLED: 'true' # Required to use websockets | |
| 8 | + | SIGNUPS_ALLOWED: 'true' # set to false to disable signups | |
| 9 | + | networks: | |
| 10 | + | - default | |
| 11 | + | - system_traefik | |
| 12 | + | restart: always | |
| 13 | + | labels: | |
| 14 | + | - com.centurylinklabs.watchtower.enable=true | |
| 15 | + | - traefik.enable=true | |
| 16 | + | - traefik.docker.network=system_traefik | |
| 17 | + | - traefik.http.routers.${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-${TRAEFIK_HASH}.entrypoints=websecure | |
| 18 | + | - traefik.http.routers.${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-${TRAEFIK_HASH}.tls=true | |
| 19 | + | - traefik.http.routers.${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-${TRAEFIK_HASH}.tls.certresolver=default | |
| 20 | + | - traefik.http.routers.${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-${TRAEFIK_HASH}.middlewares=default-security-headers@file | |
| 21 | + | - traefik.http.routers.${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-${TRAEFIK_HASH}.service=${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-${TRAEFIK_HASH} | |
| 22 | + | - traefik.http.services.${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-${TRAEFIK_HASH}.loadbalancer.server.port=80 | |
| 23 | + | - traefik.http.routers.${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-ws-${TRAEFIK_HASH}.entrypoints=websecure | |
| 24 | + | - traefik.http.routers.${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-ws-${TRAEFIK_HASH}.tls=true | |
| 25 | + | - traefik.http.routers.${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-ws-${TRAEFIK_HASH}.tls.certresolver=default | |
| 26 | + | - traefik.http.middlewares.${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-ws-${TRAEFIK_HASH}-strip.stripprefix.prefixes=/notifications/hub | |
| 27 | + | - traefik.http.routers.${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-ws-${TRAEFIK_HASH}.middlewares=default-security-headers@file,${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-ws-${TRAEFIK_HASH}-strip@docker | |
| 28 | + | - traefik.http.routers.${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-ws-${TRAEFIK_HASH}.service=${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-ws-${TRAEFIK_HASH} | |
| 29 | + | - traefik.http.services.${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-ws-${TRAEFIK_HASH}.loadbalancer.server.port=3012 | |
| 30 | + | volumes: | |
| 31 | + | - ./bw-data:/data | |
| 32 | + | ||
| 33 | + | volumes: | |
| 34 | + | app-volume: | |
| 35 | + | ||
| 36 | + | networks: | |
| 37 | + | system_traefik: | |
| 38 | + | external: true | |
production.yml(fichier créé)
| @@ -0,0 +1,11 @@ | |||
| 1 | + | version: '3.7' | |
| 2 | + | ||
| 3 | + | services: | |
| 4 | + | bitwarden: | |
| 5 | + | image: bitwardenrs/server:1.19.0-alpine | |
| 6 | + | labels: | |
| 7 | + | - traefik.http.routers.${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-${TRAEFIK_HASH}.rule=Host(`bitwarden.test.org`) | |
| 8 | + | - traefik.http.routers.${TRAEFIK_PROJECT}-${TRAEFIK_SERVICE_01}-ws-${TRAEFIK_HASH}.rule=Host(`bitwarden.test.org`) && Path(`/notifications/hub`) | |
| 9 | + | volumes: | |
| 10 | + | - /etc/localtime:/etc/localtime:ro | |
| 11 | + | - /etc/timezone:/etc/timezone:ro | |