0d1278b9ac
👉 Windmillに BASE_URL が設定されていません。
これがあると:
OAuth callback が壊れる
redirect_uri_mismatch
/api/oauth/callback/google が見つからない
全部起きます。
これは Windmill + Traefik の典型トラブルです。
170 lines
4.9 KiB
YAML
170 lines
4.9 KiB
YAML
version: "3.9"
|
||
|
||
x-logging: &default-logging
|
||
driver: "json-file"
|
||
options:
|
||
max-size: "${LOG_MAX_SIZE:-20m}"
|
||
max-file: "${LOG_MAX_FILE:-10}"
|
||
compress: "true"
|
||
|
||
networks:
|
||
traefik-net:
|
||
external: true # サーバー上の既存Traefikネットワーク
|
||
windmill-internal:
|
||
driver: bridge
|
||
|
||
services:
|
||
db:
|
||
deploy:
|
||
replicas: 1
|
||
image: postgres:16
|
||
shm_size: 1g
|
||
restart: unless-stopped
|
||
volumes:
|
||
- db_data:/var/lib/postgresql/data
|
||
expose:
|
||
- 5432
|
||
environment:
|
||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||
POSTGRES_DB: windmill
|
||
healthcheck:
|
||
test: [ "CMD-SHELL", "pg_isready -U postgres" ]
|
||
interval: 10s
|
||
timeout: 5s
|
||
retries: 5
|
||
logging: *default-logging
|
||
networks:
|
||
- windmill-internal
|
||
|
||
windmill_server:
|
||
image: ${WM_IMAGE}
|
||
container_name: windmill_server
|
||
pull_policy: always
|
||
deploy:
|
||
replicas: 1
|
||
restart: unless-stopped
|
||
expose:
|
||
- 8000
|
||
environment:
|
||
- DATABASE_URL=${DATABASE_URL}
|
||
- MODE=server
|
||
- BASE_URL=https://windmill.keinafarm.net
|
||
depends_on:
|
||
db:
|
||
condition: service_healthy
|
||
volumes:
|
||
- worker_logs:/tmp/windmill/logs
|
||
# Git同期のために、カレントディレクトリ(リポジトリルート)を/workspaceにマウント
|
||
# これにより、コンテナ内から .git ディレクトリにアクセス可能となり、git pushが可能になる
|
||
- .:/workspace
|
||
labels:
|
||
- "traefik.enable=true"
|
||
# HTTPSルーター
|
||
- "traefik.http.routers.windmill.rule=Host(`windmill.keinafarm.net`)"
|
||
- "traefik.http.routers.windmill.entrypoints=websecure"
|
||
- "traefik.http.routers.windmill.tls=true"
|
||
- "traefik.http.routers.windmill.tls.certresolver=letsencrypt"
|
||
- "traefik.http.services.windmill.loadbalancer.server.port=8000"
|
||
# HTTPからHTTPSへのリダイレクト
|
||
- "traefik.http.routers.windmill-http.rule=Host(`windmill.keinafarm.net`)"
|
||
- "traefik.http.routers.windmill-http.entrypoints=web"
|
||
- "traefik.http.routers.windmill-http.middlewares=windmill-https-redirect"
|
||
- "traefik.http.middlewares.windmill-https-redirect.redirectscheme.scheme=https"
|
||
networks:
|
||
- traefik-net
|
||
- windmill-internal
|
||
logging: *default-logging
|
||
|
||
windmill_worker:
|
||
image: ${WM_IMAGE}
|
||
pull_policy: always
|
||
deploy:
|
||
replicas: 3
|
||
resources:
|
||
limits:
|
||
cpus: "1"
|
||
memory: 2048M
|
||
restart: unless-stopped
|
||
environment:
|
||
- DATABASE_URL=${DATABASE_URL}
|
||
- MODE=worker
|
||
- WORKER_GROUP=default
|
||
depends_on:
|
||
db:
|
||
condition: service_healthy
|
||
volumes:
|
||
- /var/run/docker.sock:/var/run/docker.sock
|
||
- worker_dependency_cache:/tmp/windmill/cache
|
||
- worker_logs:/tmp/windmill/logs
|
||
# WorkerからもGit同期が必要な場合に備えてマウント
|
||
- .:/workspace
|
||
networks:
|
||
- windmill-internal
|
||
logging: *default-logging
|
||
|
||
windmill_worker_native:
|
||
image: ${WM_IMAGE}
|
||
pull_policy: always
|
||
deploy:
|
||
replicas: 1
|
||
resources:
|
||
limits:
|
||
cpus: "1"
|
||
memory: 2048M
|
||
restart: unless-stopped
|
||
environment:
|
||
- DATABASE_URL=${DATABASE_URL}
|
||
- MODE=worker
|
||
- WORKER_GROUP=native
|
||
- NUM_WORKERS=8
|
||
- SLEEP_QUEUE=200
|
||
depends_on:
|
||
db:
|
||
condition: service_healthy
|
||
volumes:
|
||
- worker_logs:/tmp/windmill/logs
|
||
networks:
|
||
- windmill-internal
|
||
logging: *default-logging
|
||
|
||
windmill_extra:
|
||
image: ghcr.io/windmill-labs/windmill-extra:latest
|
||
pull_policy: always
|
||
restart: unless-stopped
|
||
expose:
|
||
- 3001
|
||
- 3002
|
||
- 3003
|
||
environment:
|
||
- ENABLE_LSP=true
|
||
- ENABLE_MULTIPLAYER=false
|
||
- ENABLE_DEBUGGER=true
|
||
- DEBUGGER_PORT=3003
|
||
- ENABLE_NSJAIL=false
|
||
- REQUIRE_SIGNED_DEBUG_REQUESTS=false
|
||
- WINDMILL_BASE_URL=http://windmill_server:8000
|
||
volumes:
|
||
- lsp_cache:/pyls/.cache
|
||
networks:
|
||
- windmill-internal
|
||
logging: *default-logging
|
||
labels:
|
||
# LSPなどのWebSocket用設定(Caddyfileの代替)
|
||
- "traefik.enable=true"
|
||
# LSPへのルーティング (/ws/* -> 3001)
|
||
- "traefik.http.routers.windmill-lsp.rule=Host(`windmill.keinafarm.net`) && PathPrefix(`/ws/`)"
|
||
- "traefik.http.routers.windmill-lsp.entrypoints=websecure"
|
||
- "traefik.http.routers.windmill-lsp.tls=true"
|
||
- "traefik.http.services.windmill-lsp.loadbalancer.server.port=3001"
|
||
# Debuggerへのルーティング (/ws_debug/* -> 3003)
|
||
- "traefik.http.routers.windmill-debug.rule=Host(`windmill.keinafarm.net`) && PathPrefix(`/ws_debug/`)"
|
||
- "traefik.http.routers.windmill-debug.entrypoints=websecure"
|
||
- "traefik.http.routers.windmill-debug.tls=true"
|
||
- "traefik.http.services.windmill-debug.loadbalancer.server.port=3003"
|
||
|
||
volumes:
|
||
db_data: null
|
||
worker_dependency_cache: null
|
||
worker_logs: null
|
||
lsp_cache: null
|