9ea31368f5
Major accomplishments: - ✅ SELinux policy installed and working - ✅ Core Traefik v2.10 deployment running - ✅ Production configuration ready (v3.1) - ✅ Monitoring stack configured - ✅ Comprehensive documentation created - ✅ Security hardening implemented Current status: - 🟡 Partially deployed (60% complete) - ⚠️ Docker socket access needs resolution - ❌ Monitoring stack not deployed yet - ⚠️ Production migration pending Next steps: 1. Fix Docker socket permissions 2. Deploy monitoring stack 3. Migrate to production config 4. Validate full functionality Files added: - Complete Traefik deployment documentation - Production and test configurations - Monitoring stack configurations - SELinux policy module - Security checklists and guides - Current status documentation
52 lines
1.3 KiB
YAML
52 lines
1.3 KiB
YAML
version: '3.9'
|
|
|
|
services:
|
|
gitea:
|
|
image: gitea/gitea:1.21.11
|
|
environment:
|
|
- GITEA__database__DB_TYPE=mysql
|
|
- GITEA__database__HOST=mariadb_primary:3306
|
|
- GITEA__database__NAME=gitea
|
|
- GITEA__database__USER=gitea
|
|
- GITEA__database__PASSWD__FILE=/run/secrets/gitea_db_password
|
|
- GITEA__server__ROOT_URL=https://gitea.localhost/
|
|
- GITEA__server__SSH_DOMAIN=gitea.localhost
|
|
- GITEA__server__SSH_PORT=2222
|
|
- GITEA__service__DISABLE_REGISTRATION=true
|
|
secrets:
|
|
- gitea_db_password
|
|
volumes:
|
|
- gitea_data:/data
|
|
networks:
|
|
- traefik-public
|
|
- database-network
|
|
ports:
|
|
- target: 22
|
|
published: 2222
|
|
mode: host
|
|
deploy:
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.gitea.rule=Host(`gitea.localhost`)
|
|
- traefik.http.routers.gitea.entrypoints=websecure
|
|
- traefik.http.routers.gitea.tls=true
|
|
- traefik.http.services.gitea.loadbalancer.server.port=3000
|
|
|
|
volumes:
|
|
gitea_data:
|
|
driver: local
|
|
driver_opts:
|
|
type: nfs
|
|
o: addr=omv800.local,nolock,soft,rw
|
|
device: :/export/gitea/data
|
|
|
|
secrets:
|
|
gitea_db_password:
|
|
external: true
|
|
|
|
networks:
|
|
traefik-public:
|
|
external: true
|
|
database-network:
|
|
external: true
|