create uat environment config

README.md

@@ -99,5 +99,5 @@ The athena websockets interface is not implemented yet, so the comma app and ath
 
 Launch with:
 ```
-docker-compose -f docker-compose.yml -f docker-compose.uat.yml up -d
+(cd environment/uat && docker-compose up -d)
 ```

docker-compose.uat.yml

@@ -1,20 +0,0 @@
-version: "3.0"
-services:
-  nginx:
-    image: nginx:1.15-alpine
-    depends_on:
-      - server
-    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - ./data/nginx:/etc/nginx/conf.d
-      - ./data/certbot/conf:/etc/letsencrypt
-      - ./data/certbot/www:/var/www/certbot
-  certbot:
-    image: certbot/certbot
-    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
-    volumes:
-      - ./data/certbot/conf:/etc/letsencrypt
-      - ./data/certbot/www:/var/www/certbot

environment/uat/.gitignore

@@ -0,0 +1,2 @@
+database
+realdata

environment/uat/README.md

@@ -0,0 +1,3 @@
+# User Acceptance Testing (UAT) environnment
+
+Hostname: `uat.api.retropilot.org`

environment/uat/docker-compose.yml

@@ -0,0 +1,89 @@
+version: "3.0"
+
+services:
+  # Traefik reverse proxy
+  # https://doc.traefik.io/traefik/
+  reverse-proxy:
+    image: traefik:v2.6
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      # See traefik/traefik.toml for static config
+      - ./traefik:/etc/traefik
+#    labels:
+#      - "traefik.enable=true"
+#      # Expose traefik dashboard at https://uat.traefik.retropilot.org
+#      - "traefik.http.routers.dashboard.rule=Host(`uat.traefik.retropilot.org`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+#      - "traefik.http.routers.dashboard.entrypoints=websecure"
+#      - "traefik.http.routers.dashboard.service=api@internal"
+#      - "traefik.http.routers.dashboard.tls=true"
+#      - "traefik.http.routers.dashboard.tls.certresolver=myresolver"
+#      # Secure the dashboard with BasicAuth middleware
+#      - "traefik.http.routers.dashboard.middlewares=dashboard-auth@docker"
+#      # BasicAuth: username=admin, password=password
+#      # Generate new password: sudo apt install -y apache2-utils; echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g
+#      - "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$2y$$05$$iT4z7pjcdNRYU9Y89VlUUe.13TdQ9H7rBtIO6PJruuK.RAW8lvmxW"
+
+  # PostgreSQL database
+  db:
+    image: postgres:14-bullseye
+    restart: unless-stopped
+    ports:
+      - "5432:5432"
+    volumes:
+      - ./database:/var/lib/postgresql/data
+    environment:
+      POSTGRES_USER: ${DB_USER}
+      POSTGRES_PASSWORD: ${DB_PASS}
+      POSTGRES_DB: ${DB_NAME}
+
+  # API server
+  api:
+    # Use the retropilot-server image from the GitHub Container Registry
+    image: ghcr.io/retropilot/retropilot-server:uat
+    restart: unless-stopped
+    volumes:
+      # Mount realdata dir to /realdata in the container
+      - ./realdata:/realdata
+    env_file:
+      - .env
+    labels:
+      - "traefik.enable=true"
+      # API service forwards requests to container port 8080
+      - "traefik.http.services.api.loadbalancer.server.port=8080"
+      # Expose api at https://uat.api.retropilot.org
+      - "traefik.http.routers.api.rule=Host(`uat.api.retropilot.org`)"
+      - "traefik.http.routers.api.entrypoints=websecure"
+      - "traefik.http.routers.api.service=api@docker"
+      - "traefik.http.routers.api.tls=true"
+      - "traefik.http.routers.api.tls.certresolver=myresolver"
+#      # Athena service forwards requests to container port 4040
+#      - "traefik.http.services.athena.loadbalancer.server.port=4040"
+#      # Expose athena at https://uat.athena.retropilot.org
+#      - "traefik.http.routers.athena.rule=Host(`uat.athena.retropilot.org`)"
+#      - "traefik.http.routers.athena.entrypoints=websecure"
+#      - "traefik.http.routers.athena.service=athena@docker"
+#      - "traefik.http.routers.athena.tls=true"
+#      - "traefik.http.routers.athena.tls.certresolver=myresolver"
+
+  # API worker
+  worker:
+    # Use the same image as the server
+    image: ghcr.io/retropilot/retropilot-server:uat
+    # But run the worker script instead
+    command: npm run worker
+    restart: unless-stopped
+    volumes:
+      - ./realdata:/realdata
+    env_file:
+      - .env
+
+#  watchtower:
+#    # automatically update containers when new images are released
+#    image: containrrr/watchtower
+#    volumes:
+#      - /var/run/docker.sock:/var/run/docker.sock
+#    command: --interval 30

environment/uat/traefik/acme/.gitignore

@@ -0,0 +1 @@
+acme.json

environment/uat/traefik/traefik.toml

@@ -0,0 +1,32 @@
+# traefik reverse proxy config
+# docs: https://doc.traefik.io/traefik/
+
+[api]
+  dashboard = true
+
+[log]
+  level = "INFO"
+
+[providers]
+  [providers.docker]
+    endpoint = "unix:///var/run/docker.sock"
+    exposedByDefault = false
+
+[entryPoints]
+  [entryPoints.web]
+    address = ":80"
+    [entryPoints.web.http]
+      [entryPoints.web.http.redirections]
+        [entryPoints.web.http.redirections.entryPoint]
+          to = "websecure"
+  [entryPoints.websecure]
+    address = ":443"
+
+[certificatesResolvers]
+  [certificatesResolvers.myresolver]
+    [certificatesResolvers.myresolver.acme]
+      caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
+      email = "admin@retropilot.org"
+      storage = "acme.json"
+      [certificatesResolvers.myresolver.acme.httpChallenge]
+        entryPoint = "web"