mirror of
https://github.com/maplibre/martin.git
synced 2024-12-30 10:22:27 +03:00
fbb282dcb7
This is a partial fix for #496 * BREAKING: Now Martin behaves the same way as `psql` -- by default, if SSL is available on the server, it will be used, even though it will not verify that the server has a valid SSL certificate * Martin now understands `PGSSLCERT`, `PGSSLKEY`, and `PGSSLROOTCERT` env vars (and corresponding config keys) - same as psql. * Martin can now process `?sslmode=verify-ca` and `verify-full` (just like psql). The verify modes require root and/or client cert & key. * remove `danger_accept_invalid_certs` -- turns out that behavior is expected by default unless ssl mode is set to verify - which upstream lib [does not support](https://github.com/sfackler/rust-postgres/issues/768) - PR [submitted](https://github.com/sfackler/rust-postgres/pull/988). * added connection_timeout_ms option for postgres and set it to 5 seconds by default. This way it will fail out earlier. * added error reporting to bb8 - but it is currently [broken upstream](https://github.com/djc/bb8/issues/151) - not sure we can fix it easily, so may need to switch to deadpool later. * added docker-based TLS test (horray!) - wasn't trivial at all, despite ending up fairly simple.
93 lines
2.6 KiB
YAML
93 lines
2.6 KiB
YAML
version: "3"
|
|
|
|
services:
|
|
martin:
|
|
image: maplibre/martin:v0.6.2
|
|
restart: unless-stopped
|
|
ports:
|
|
- "3000:3000"
|
|
environment:
|
|
- DATABASE_URL=postgres://postgres:postgres@db/db
|
|
- RUST_LOG=actix_web=info,martin=debug,tokio_postgres=debug
|
|
depends_on:
|
|
- db
|
|
|
|
db-is-ready:
|
|
# This should match the version of postgres used in the CI workflow
|
|
image: postgis/postgis:14-3.3
|
|
network_mode: host
|
|
command:
|
|
- "sh"
|
|
- "-c"
|
|
- "until pg_isready -h localhost -p ${PGPORT:-5411} -U postgres; do sleep 1; done"
|
|
restart: "no"
|
|
environment:
|
|
- PGDATABASE=db
|
|
- PGUSER=postgres
|
|
- PGPASSWORD=postgres
|
|
- PGHOST=localhost
|
|
- PGPORT=${PGPORT:-5411}
|
|
|
|
db:
|
|
# This should match the version of postgres used in the CI workflow
|
|
image: postgis/postgis:14-3.3-alpine
|
|
restart: unless-stopped
|
|
ports:
|
|
- "${PGPORT:-5411}:5432"
|
|
environment:
|
|
# POSTGRES_* variables are used by the postgis/postgres image
|
|
# PG_* variables are used by psql
|
|
- POSTGRES_DB=db
|
|
- POSTGRES_USER=postgres
|
|
- POSTGRES_PASSWORD=postgres
|
|
- PGDATABASE=db
|
|
- PGUSER=postgres
|
|
- PGPASSWORD=postgres
|
|
volumes:
|
|
- ./tests/fixtures:/fixtures
|
|
- ./tests/fixtures/initdb-dc.sh:/docker-entrypoint-initdb.d/20_martin.sh
|
|
|
|
db-ssl:
|
|
# This should match the version of postgres used in the CI workflow
|
|
image: postgis/postgis:15-3.3
|
|
command:
|
|
- "postgres"
|
|
- "-c"
|
|
- "ssl=on"
|
|
- "-c"
|
|
- "ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem"
|
|
- "-c"
|
|
- "ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key"
|
|
restart: unless-stopped
|
|
ports:
|
|
- "${PGPORT:-5411}:5432"
|
|
environment:
|
|
# POSTGRES_* variables are used by the postgis/postgres image
|
|
# PG_* variables are used by psql
|
|
- POSTGRES_DB=db
|
|
- POSTGRES_USER=postgres
|
|
- POSTGRES_PASSWORD=postgres
|
|
- PGDATABASE=db
|
|
- PGUSER=postgres
|
|
- PGPASSWORD=postgres
|
|
volumes:
|
|
- ./tests/fixtures:/fixtures
|
|
- ./tests/fixtures/initdb-dc.sh:/docker-entrypoint-initdb.d/20_martin.sh
|
|
|
|
db-legacy:
|
|
# This should match the version of postgres used in the CI workflow
|
|
image: postgis/postgis:11-3.0-alpine
|
|
restart: unless-stopped
|
|
ports:
|
|
- "${PGPORT:-5411}:5432"
|
|
environment:
|
|
- POSTGRES_DB=db
|
|
- POSTGRES_USER=postgres
|
|
- POSTGRES_PASSWORD=postgres
|
|
- PGDATABASE=db
|
|
- PGUSER=postgres
|
|
- PCPASSWORD=postgres
|
|
volumes:
|
|
- ./tests/fixtures:/fixtures
|
|
- ./tests/fixtures/initdb-dc.sh:/docker-entrypoint-initdb.d/20_martin.sh
|