TrueNAS/docker-apps
TrueNAS/docker-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8e640c0acf
docker-apps/mariadb/stacks/compose.yml
Chris d067d5f1f7 first commit
2025-04-03 22:57:52 +02:00

57 lines
2.2 KiB
YAML
Raw Blame History

name: mariadb
secrets:
mariadb_root_password:
file: ${SECRETSDIR}/mariadb_root_password
networks:
mariadb-net:
external: true
traefik-net:
external: true
services:
mariadb:
image: mariadb:latest
restart: unless-stopped
env_file: .mariadb.env
hostname: mariadb
user: ${PUID}:${PGID}
volumes:
- "${DATADIR}/appdata:/var/lib/mysql"
secrets:
- mariadb_root_password
networks:
- mariadb-net
- traefik-net
labels:
- traefik.enable=true
- traefik.docker.network=traefik-net
#
# tcp service
# -----------
- "traefik.tcp.services.${APPLICATION_NAME}-tcp-svc.loadbalancer.server.port=${SERVICE_PORT}"
#
# tcp routers
# -----------
# limit router to mariadb ":8306" entrypoint
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr.entrypoints=mariadb"
# set match criteria for router, since this is not tls, header might not contain hostsni field; we're forced to use wildcard
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr.rule=HostSNI(`*`)"
# assign svc target to router
- "traefik.tcp.routers.${APPLICATION_NAME}-tcp-rtr.service=${APPLICATION_NAME}-tcp-svc"
###### mysql with tls via traefik not working
# #
# # limit router to mariadb ":8306" entrypoint
# - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.entrypoints=mariadb"
# # set match criteria for router
# - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.rule=HostSNI(`${APPLICATION_NAME}.${DOMAINNAME}`)"
# # set router to be dedicated to secure requests only for the hosts specified in match criteria
# - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.tls=true"
# # forward requests "as is" keeping all data encrypted.
# - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.tls.passthrough=true"
# - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.tls.options=tls-opts@file"
# # generate certificates using following certresolver
# - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.tls.certresolver=sthomeresolver"
# # assign svc target to router
# - "traefik.tcp.routers.${APPLICATION_NAME}-tcp-secure-rtr.service=${APPLICATION_NAME}-tcp-svc"
Reference in New Issue View Git Blame Copy Permalink