db:
  image: mysql:5.7.10
  environment:
    MYSQL_DATABASE: portus
    MYSQL_ROOT_PASSWORD: ${ROOTPASSWORD}
    MYSQL_USER: portus
    MYSQL_PASSWORD: ${DBPASSWORD}
  tty: true
  stdin_open: true
  volumes:
  - ${DIR}/db:/var/lib/mysql
sslproxy:
  image: nginx:1.9.9
  tty: true
  stdin_open: true
  links:
  - portus:portus
  volumes:
  - ${DIR}/certs:/etc/nginx/certs:ro
  - ${DIR}/proxy:/etc/nginx/conf.d:ro
registry:
  image: registry:2.3.1
  environment:
    REGISTRY_LOG_LEVEL: warn
    REGISTRY_STORAGE_DELETE_ENABLED: true
    REGISTRY_AUTH: token
    REGISTRY_AUTH_TOKEN_REALM: https://${DOMAIN}:${PPORT}/v2/token
    REGISTRY_AUTH_TOKEN_SERVICE: ${DOMAIN}:${RPORT}
    REGISTRY_AUTH_TOKEN_ISSUER: ${DOMAIN}
    REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /certs/registry.crt
    REGISTRY_HTTP_TLS_CERTIFICATE: /certs/registry.crt
    REGISTRY_HTTP_TLS_KEY: /certs/registry.key
    REGISTRY_HTTP_SECRET: httpsecret
    REGISTRY_NOTIFICATIONS_ENDPOINTS: >
      - name: portus
        url: http://portus:3000/v2/webhooks/events
        timeout: 500
        threshold: 5
        backoff: 1
  tty: true
  stdin_open: true
  links:
  - portus:portus
  volumes:
  - ${DIR}/certs:/certs
  - ${DIR}/data:/var/lib/registry
lb:
  image: rancher/load-balancer-service
  tty: true
  stdin_open: true
  ports:
  - ${RPORT}:5000/tcp
  - ${PPORT}:443/tcp
  labels:
    io.rancher.loadbalancer.target.sslproxy: ${PPORT}=443
    io.rancher.loadbalancer.target.registry: ${RPORT}=5000
    io.rancher.scheduler.global: 'true'
    io.rancher.scheduler.affinity:not_host_label: lb=0
  links:
  - registry:registry
  - sslproxy:sslproxy
portus:
  image: sshipway/portus:2.0.4
  environment: 
    PORTUS_MACHINE_FQDN: ${DOMAIN}
    PORTUS_PRODUCTION_HOST: db
    PORTUS_PRODUCTION_DATABASE: portus
    PORTUS_PRODUCTION_USERNAME: portus
    PORTUS_PRODUCTION_PASSWORD: ${DBPASSWORD}
    PORTUS_GRAVATAR_ENABLED: true
    PORTUS_KEY_PATH: /certs/registry.key
    PORTUS_PASSWORD: ${DBPASSWORD}
    PORTUS_SECRET_KEY_BASE: ${ROOTPASSWORD}
    PORTUS_CHECK_SSL_USAGE_ENABLED: true
    PORTUS_SMTP_ENABLED: false
    PORTUS_LDAP_ENABLED: ${LDAP}
    PORTUS_LDAP_HOSTNAME: ${LDAPHOST}
    PORTUS_LDAP_PORT: ${LDAPPORT}
    PORTUS_LDAP_METHOD: ${LDAPTLS}
    PORTUS_LDAP_BASE: ${LDAPBASE}
    PORTUS_LDAP_UID: cn
    PORTUS_LDAP_AUTHENTICATION_ENABLED: ${LDAPBIND}
    PORTUS_LDAP_AUTHENTICATION_BIND_DN: ${LDAPBINDDN}
    PORTUS_LDAP_AUTHENTICATION_PASSWORD: ${LDAPBINDPASS}
    PORTUS_LDAP_GUESS_EMAIL_ENABLED: true
    PORTUS_LDAP_GUESS_EMAIL_ATTR: mail
    PORTUS_PORT: ${PPORT}
    REGISTRY_SSL_ENABLED: true
    REGISTRY_HOSTNAME: ${DOMAIN}
    REGISTRY_PORT: ${RPORT}
    REGISTRY_NAME: Registry
  tty: true
  stdin_open: true
  volumes:
  - ${DIR}/certs:/certs
  - ${DIR}/proxy:/etc/nginx/conf.d
  links:
  - db:db
  labels:
    io.rancher.container.pull_image: always