John
b62b890482
Added healthchecks: - adminer: PHP file_get_contents check - authentik_server: ak healthcheck command - authentik_redis: redis-cli ping - paperless_redis: redis-cli ping - paperless_webserver: curl localhost:8000 - n8n: wget healthz endpoint - traefik: wget ping endpoint (with --ping enabled) - tracker-nginx: curl localhost:80 Added resource limits: - adminer: 512M limit, 128M reservation - authentik_server: 1G/1 CPU limit, 512M reservation - authentik_worker: 1G/1 CPU limit, 512M reservation - authentik_redis: 512M limit, 128M reservation - paperless_redis: 512M limit, 128M reservation - paperless_webserver: 2G/2 CPU limit, 1G reservation - traefik: 512M/0.5 CPU limit, 256M reservation - tracker-nginx: 256M limit, 64M reservation All services now have proper health monitoring and resource constraints to prevent resource exhaustion and improve reliability. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
71 lines
2.2 KiB
YAML
71 lines
2.2 KiB
YAML
services:
|
|
traefik:
|
|
image: traefik:v3.5
|
|
command:
|
|
- --api.dashboard=true
|
|
- --api.insecure=true
|
|
- --ping=true
|
|
- --entrypoints.web.address=:80
|
|
- --entrypoints.websecure.address=:443
|
|
- --entrypoints.web.http.redirections.entrypoint.to=websecure
|
|
- --entrypoints.web.http.redirections.entrypoint.scheme=https
|
|
- --providers.swarm=true
|
|
- --providers.swarm.exposedByDefault=false
|
|
- --providers.swarm.network=homelab
|
|
- --providers.swarm.watch=true
|
|
- --providers.file.directory=/etc/traefik/dynamic
|
|
- --providers.file.watch=true
|
|
- --certificatesresolvers.cloudflare.acme.dnschallenge=true
|
|
- --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
|
|
- --certificatesresolvers.cloudflare.acme.email=john.allisonwin@outlook.com
|
|
- --certificatesresolvers.cloudflare.acme.storage=/certificates/acme.json
|
|
- --log.level=DEBUG
|
|
- --accesslog=true
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "8082:8080"
|
|
environment:
|
|
- CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- /home/doc/swarm-data/appdata/traefik/certificates:/certificates
|
|
- /home/doc/swarm/swarm-production/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro
|
|
secrets:
|
|
- cloudflare_api_token
|
|
networks:
|
|
- homelab
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/ping"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 30s
|
|
deploy:
|
|
mode: replicated
|
|
replicas: 1
|
|
placement:
|
|
constraints:
|
|
- node.hostname == p0
|
|
resources:
|
|
limits:
|
|
memory: 512M
|
|
cpus: '0.5'
|
|
reservations:
|
|
memory: 256M
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.traefik.rule=Host(`proxy.frostlabs.me`)"
|
|
- "traefik.http.routers.traefik.entrypoints=websecure"
|
|
- "traefik.http.routers.traefik.tls.certresolver=cloudflare"
|
|
- "traefik.http.routers.traefik.service=api@internal"
|
|
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
|
|
|
|
networks:
|
|
homelab:
|
|
external: true
|
|
|
|
secrets:
|
|
cloudflare_api_token:
|
|
external: true
|