Luca Sacchi Ricciardi
123 lines
2.5 KiB
YAML
123 lines
2.5 KiB
YAML
# Lab 05: Database & RDS - Docker Compose Configuration
|
|
# Simula RDS in VPC privata usando PostgreSQL in Docker private network
|
|
|
|
|
|
services:
|
|
# Application Server - per testare connessione al database
|
|
app:
|
|
image: nginx:alpine
|
|
container_name: lab05-app
|
|
hostname: app
|
|
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '1'
|
|
memory: 1G
|
|
|
|
networks:
|
|
vpc-public:
|
|
ipv4_address: 10.0.1.10
|
|
vpc-private:
|
|
ipv4_address: 10.0.2.10
|
|
|
|
ports:
|
|
- "127.0.0.1:8080:80"
|
|
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
|
|
restart: unless-stopped
|
|
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 3
|
|
|
|
# PostgreSQL Database - simula RDS in VPC privata
|
|
db:
|
|
image: postgres:16-alpine
|
|
container_name: lab05-db
|
|
hostname: db
|
|
|
|
environment:
|
|
POSTGRES_DB: lab05_db
|
|
POSTGRES_USER: lab05_user
|
|
POSTGRES_PASSWORD: lab05_password
|
|
POSTGRES_INITDB_ARGS: "-E UTF8"
|
|
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '2'
|
|
memory: 4G
|
|
|
|
networks:
|
|
vpc-private:
|
|
ipv4_address: 10.0.2.20
|
|
|
|
# NESSUNA PORTA ESPOSTA - completamente privato (INF-02)
|
|
# RDS in VPC privata non è accessibile dall'host
|
|
|
|
volumes:
|
|
- db-data:/var/lib/postgresql/data
|
|
|
|
restart: unless-stopped
|
|
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U lab05_user -d lab05_db || exit 1"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
start_period: 10s
|
|
|
|
# Test Container - per verificare isolamento
|
|
test-public:
|
|
image: alpine:3.19
|
|
container_name: lab05-test-public
|
|
hostname: test-public
|
|
|
|
command: ["sh", "-c", "sleep 3600"]
|
|
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '0.5'
|
|
memory: 512M
|
|
|
|
networks:
|
|
vpc-public:
|
|
ipv4_address: 10.0.1.30
|
|
|
|
restart: unless-stopped
|
|
|
|
# Networks simula VPC con subnet pubbliche/private
|
|
networks:
|
|
# Public Subnet - simula subnet con accesso internet
|
|
vpc-public:
|
|
name: lab05-vpc-public
|
|
driver: bridge
|
|
ipam:
|
|
driver: default
|
|
config:
|
|
- subnet: 10.0.1.0/24
|
|
gateway: 10.0.1.1
|
|
|
|
# Private Subnet - isolata, simula subnet privata VPC
|
|
vpc-private:
|
|
name: lab05-vpc-private
|
|
driver: bridge
|
|
internal: true # Isola da internet (simula private subnet)
|
|
ipam:
|
|
driver: default
|
|
config:
|
|
- subnet: 10.0.2.0/24
|
|
gateway: 10.0.2.1
|
|
|
|
# Persistent Volumes
|
|
volumes:
|
|
db-data:
|
|
driver: local
|