version: '2' services: ## KV part ## # CONSUL consul: image: progrium/consul command: -server -bootstrap -log-level debug -ui-dir /ui ports: - "8400:8400" - "8500:8500" - "8600:53/udp" expose: - "8300" - "8301" - "8301/udp" - "8302" - "8302/udp" networks: net: ipv4_address: 10.0.1.2 # ETCD V3 etcd3: image: quay.io/coreos/etcd:v3.2.9 command: /usr/local/bin/etcd --data-dir=/etcd-data --name node1 --initial-advertise-peer-urls http://10.0.1.12:2380 --listen-peer-urls http://10.0.1.12:2380 --advertise-client-urls http://10.0.1.12:2379,http://10.0.1.12:4001 --listen-client-urls http://10.0.1.12:2379,http://10.0.1.12:4001 --initial-cluster node1=http://10.0.1.12:2380 --debug ports: - "4001:4001" - "2380:2380" - "2379:2379" networks: net: ipv4_address: 10.0.1.12 etcdctl-ping: image: tenstartups/etcdctl command: --endpoints=[10.0.1.12:2379] get "traefik/acme/storage" environment: ETCDCTL_DIAL_: "TIMEOUT 10s" ETCDCTL_API : "3" networks: - net ## BOULDER part ## boulder: # To minimize fetching this should be the same version used below image: containous/boulder:containous-acmev2 environment: FAKE_DNS: 172.17.0.1 PKCS11_PROXY_SOCKET: tcp://boulder-hsm:5657 restart: unless-stopped extra_hosts: - le.wtf:127.0.0.1 - boulder:127.0.0.1 ports: - 4000:4000 # ACME - 4001:4001 # ACMEv2 - 4002:4002 # OCSP - 4003:4003 # OCSP - 4430:4430 # ACME via HTTPS - 4431:4431 # ACMEv2 via HTTPS - 4500:4500 # ct-test-srv - 6000:6000 # gsb-test-srv - 8000:8000 # debug ports - 8001:8001 - 8002:8002 - 8003:8003 - 8004:8004 - 8005:8005 - 8006:8006 - 8008:8008 - 8009:8009 - 8010:8010 - 8055:8055 # dns-test-srv updates - 9380:9380 # mail-test-srv - 9381:9381 # mail-test-srv depends_on: - bhsm - bmysql networks: net: ipv4_address: 10.0.1.3 bhsm: # To minimize fetching this should be the same version used above image: letsencrypt/boulder-tools:2018-03-07 hostname: boulder-hsm environment: PKCS11_DAEMON_SOCKET: tcp://0.0.0.0:5657 command: /usr/local/bin/pkcs11-daemon /usr/lib/softhsm/libsofthsm2.so expose: - 5657 networks: net: ipv4_address: 10.0.1.4 aliases: - boulder-hsm bmysql: image: mariadb:10.1 hostname: boulder-mysql environment: MYSQL_ALLOW_EMPTY_PASSWORD: "yes" command: mysqld --bind-address=0.0.0.0 logging: driver: none networks: net: ipv4_address: 10.0.1.5 aliases: - boulder-mysql ## TRAEFIK part ## storeconfig: build: context: ../.. image: containous/traefik volumes: - "./traefik.toml:/traefik.toml:ro" command: storeconfig --debug networks: - net traefik01: build: context: ../.. image: containous/traefik command: ${TRAEFIK_CMD} extra_hosts: - traefik.boulder.com:172.17.0.1 volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" expose: - "443" - "5001" - "5002" ports: - "80:80" - "8080:8080" - "443:443" - "5001:443" # Needed for SNI challenge - "5002:80" # Needed for HTTP challenge networks: net: ipv4_address: 10.0.1.8 traefik02: build: context: ../.. image: containous/traefik command: ${TRAEFIK_CMD} extra_hosts: - traefik.boulder.com:172.17.0.1 volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" expose: - "443" - "5001" - "5002" ports: - "88:80" - "8888:8080" - "8443:443" depends_on: - traefik01 networks: net: ipv4_address: 10.0.1.9 whoami01: image: containous/whoami expose: - "80" labels: - "traefik.port=80" - "traefik.backend=wam01" - "traefik.frontend.rule=Host:who01.localhost.com" - "traefik.enable=true" networks: net: ipv4_address: 10.0.1.10 whoami02: image: containous/whoami expose: - "80" labels: - "traefik.port=80" - "traefik.backend=wam02" - "traefik.frontend.rule=Host:who02.localhost.com" - "traefik.enable=true" networks: - net networks: net: driver: bridge ipam: config: - subnet: 10.0.1.0/26