-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
25 lines (24 loc) · 1.33 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
nginx:
build: https://github.com/occrp/watchful-nginx.git
ports:
- "80:80"
- "443:443"
volumes:
- "./services/etc/nginx/:/etc/nginx/:ro" # config
- "./tests/:/opt/tests/:ro" # tests
- "/srv/data/secrets/nginx/:/etc/ssl/nginx/" # this is where dhparam goes; maybe we should use a data container for this
- "/srv/data/cache/fasada/:/srv/data/cache/nginx" # cache; maybe we should use a data container for this?
- "/srv/logs/fasada/:/srv/logs/nginx/" # logs
# letsencrypt
- "/srv/data/secrets/letsencrypt/archive/:/srv/data/secrets/letsencrypt/archive/:ro" # LetsEncrypt certificate store, containing all the certs ever issued
- "/srv/data/secrets/letsencrypt/live/:/srv/data/secrets/letsencrypt/live/:ro" # LetsEncrypt live certificate store, containing symlinks to the most current certificates for a given domain
tor:
image: vpetersson/torrelay
user: debian-tor
volumes:
- "./services/etc/tor/:/etc/tor/:ro"
- "/srv/data/secrets/tor/:/var/lib/tor/web/" # apparently tor has to have RW acess to this directory;
# TODO make private_key read-only?
links:
- nginx
command: ["/usr/sbin/tor", "-f", "/etc/tor/torrc"]