71 lines
2.7 KiB
Django/Jinja
71 lines
2.7 KiB
Django/Jinja
services:
|
|
minio:
|
|
image: minio/minio:latest # add to renovate; https://github.com/renovatebot/renovate/issues/2438
|
|
container_name: minio
|
|
restart: unless-stopped
|
|
pull_policy: missing
|
|
ports:
|
|
# - '9000:9000' # S3
|
|
- '9001:9001' # WebUI
|
|
networks:
|
|
- traefik
|
|
volumes:
|
|
- data:/data # wird im "command" verwendet/gesetzt
|
|
environment:
|
|
MINIO_ROOT_USER: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'username') }}"
|
|
MINIO_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'password') }}"
|
|
command: server /data --console-address ":9001"
|
|
healthcheck: # https://github.com/minio/minio/issues/18389
|
|
test: ["CMD", "mc", "ready", "local"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
labels:
|
|
traefik.enable: true
|
|
# s3
|
|
traefik.http.routers.minio-s3.service: minio-s3
|
|
traefik.http.routers.minio-s3.priority: "10"
|
|
traefik.http.routers.minio-s3.rule: Host(`s3.mgrote.net`)
|
|
traefik.http.routers.minio-s3.tls: true
|
|
traefik.http.routers.minio-s3.tls.certresolver: resolver_letsencrypt
|
|
traefik.http.routers.minio-s3.entrypoints: entry_https
|
|
traefik.http.services.minio-s3.loadbalancer.server.port: 9000
|
|
# WebUI
|
|
# traefik.http.routers.minio-ui.service: minio-ui
|
|
# traefik.http.routers.minio-ui.priority: "20"
|
|
# traefik.http.routers.minio-ui.rule: Host(`ui-s3.mgrote.net`)
|
|
# traefik.http.routers.minio-ui.tls: true
|
|
# traefik.http.routers.minio-ui.tls.certresolver: resolver_letsencrypt
|
|
# traefik.http.routers.minio-ui.entrypoints: entry_https
|
|
# traefik.http.services.minio-ui.loadbalancer.server.port: 9001
|
|
# traefik.http.routers.minio-ui.middlewares: minio-ui-ipallowlist # also entferne den Prefix danach wieder
|
|
# traefik.http.middlewares.minio-ui-ipallowlist.ipallowlist.sourcerange: 192.168.2.0/24,10.25.25.0/24
|
|
# traefik.http.middlewares.minio-ui-ipallowlist.ipallowlist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth
|
|
|
|
######## Networks ########
|
|
networks:
|
|
traefik:
|
|
external: true
|
|
######## Volumes ########
|
|
volumes:
|
|
data:
|
|
|
|
# todo
|
|
|
|
# minio inr enobate aufgabe
|
|
# bug: composoe pull staret updated container nciht
|
|
# mcli paket installieren
|
|
# client: wget https://dl.min.io/client/mc/release/linux-amd64/mc chmod +x mc
|
|
#erstelle user
|
|
#erstelle access und secrte_key
|
|
#erstelle policy
|
|
#weise policy user zu
|
|
#./mc alias set minio_lokal http://docker10.mgrote.net:9000 access secret
|
|
# remove midnehoght commander überall
|
|
# checkliste
|
|
# policies in wiki mit reihenfolge
|
|
# tarefi gitea 429?
|
|
# gui auch uber traefik mit szubnet beschrankung
|
|
# linter
|
|
# todo später automatisieren
|
|
# ui von außen testen
|