pcompose
An open source PaaS using docker-compose.
Deploy
Builds are made automatically on Dockerhub. Feel free to either use the automated binaries or to build your own.
- Clone this repo
git clone https://github.com/antoniomika/pcompose
- Use docker-compose to stand up pcompose and nginx-proxy with Let's Encrypt
docker-compose -p pcompose -f deploy/docker-compose.yml up -d
And you're ready to start using it!
How it works
pcompose is ultimately a wrapper around the docker-compose and docker CLIs. I could've integrated it directly with the APIs, but there were quite a few hacks that were needed to make that happen. Also, this made it extremely easy to continue to work with the familiar and easy to use CLIs
pcompose implements an SSH server, which you can add authentication to, to allow you to push a git repo which is then used to stand up a docker-compose project. pcompose then offers some convenience features as well easy access to these deployed services, all from within a docker-compose.yml file.
Here's an example docker-compose.yml
file that works with pcompose:
version: '3.7'
services:
whoami:
image: kennethreitz/httpbin
environment:
- VIRTUAL_HOST=http.example.com
- LETSENCRYPT_HOST=http.example.com
- LETSENCRYPT_EMAIL=certs@example.com
This configuration will deploy httpbin to be accessible from the address https://http.example.com
and will automatically setup Let's Encrypt and the nginx-proxy to the resource. All you need to do is:
- Place that file into a directory
mkdir httpbin && touch httpbin/docker-compose.yml
- Initialize a git repo
- Add and commit the file to the new repo
git add . && git commit -m "Init"
- Add a remote that points to pcompose
git remote add origin pcompose ssh://example.com:2222/user/httpbin
- Push to the pcompose remote
After step 5, you should see some output that looks like this:
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 12 threads
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 668 bytes | 668.00 KiB/s, done.
Total 3 (delta 1), reused 0 (delta 0)
remote: Creating user_httpbin_whoami_1 ... done
remote:
To ssh://example.com:2222/user/httpbin
95fae00..a34685d main -> main
Once that's done, you should be ready to access your service at https://http.example.com
Features
There are a few useful features that are implemented into pcompose.
Integrated Shell
The first is a linux shell with access to docker-compose and docker CLIs which is scoped to each project:
ssh -p 2222 user/httpbin@example.com
Will drop you right into a shell where you can run docker-compose or docker in the remote context.
Remote docker-compose
You can also use docker-compose through pcompose in the project context easily:
ssh -p 2222 user/httpbin@example.com ps -a
or
ssh -p 2222 user/httpbin@example.com down
Exec into containers
Next, you can exec directly into a container through pcompose (granted, the container needs to have /bin/sh
):
ssh -p 2222 user_httpbin_whoami_1@example.com
or
ssh -p 2222 c-user_httpbin_whoami_1@example.com
Container logs
You can grab and follow container logs through pcompose:
ssh -p 2222 l-user_httpbin_whoami_1@example.com
Attach to container
You can attach directly to a container through pcompose:
ssh -p 2222 a-user_httpbin_whoami_1@example.com
Caveats
nginx-proxy
nginx-proxy is a pretty great tool to handle dynamic host configuration. This can easily be swapped for traefik or some other reverse proxy that supports configuration using docker.
The way this currently works is pcompose will create the default network for docker-compose and will attach nginx-proxy
to the created network. This means you must use the default network or at least pre-create the network and attach nginx-proxy
to it in order to use it for HTTP(S) reverse proxying
Persistence
docker-compose
allows the use of relative directories for defining data volumes in applications. I recommend using relative directories from your application to make it easy for you to find your data when you need to.
I also recommend to bind mount the --data-directory
to be the same in both the host and the pcompose container. If your application uses a relative mount and the data directory is not the same, your persistence data could end up in a different location than intended!
CLI Flags
pcompose is a command line utility that runs a simple PaaS ontop of docker using docker-compose and git
Usage:
pcompose [flags]
Flags:
--authentication Require authentication for the SSH service
-k, --authentication-keys-directory string Directory where public keys for public key authentication are stored.
pcompose will watch this directory and automatically load new keys and remove keys
from the authentication list (default "deploy/pubkeys/")
-u, --authentication-password string Password to use for ssh server password authentication (default "S3Cr3tP4$$W0rD")
-o, --banned-countries string A comma separated list of banned countries. Applies to SSH connections
-x, --banned-ips string A comma separated list of banned ips that are unable to access the service. Applies to SSH connections
--cleanup-unbound Cleanup unbound (unforwarded) SSH connections after a set timeout (default true)
-c, --config string Config file (default "config.yml")
--data-directory string Directory that holds pcompose data (default "deploy/data/")
--debug Enable debugging information
--frontend-container-name string The name of the frontend container in order to connect it to the default docker-compose network. (default "nginx-proxy")
--geodb Use a geodb to verify country IP address association for IP filtering
-h, --help help for pcompose
--log-to-file Enable writing log output to file, specified by log-to-file-path
--log-to-file-compress Enable compressing log output files
--log-to-file-max-age int The maxium number of days to store log output in a file (default 28)
--log-to-file-max-backups int The maxium number of rotated logs files to keep (default 3)
--log-to-file-max-size int The maximum size of outputed log files in megabytes (default 500)
--log-to-file-path string The file to write log output to (default "/tmp/pcompose.log")
--log-to-stdout Enable writing log output to stdout (default true)
--pcompose-container-name string The name of the pcompose container in order to exec into a context. (default "pcompose")
-l, --private-key-location string The location of the SSH server private key. pcompose will create a private key here if
it doesn't exist using the --private-key-passphrase to encrypt it if supplied (default "deploy/keys/ssh_key")
-p, --private-key-passphrase string Passphrase to use to encrypt the server private key (default "S3Cr3tP4$$phrAsE")
-a, --ssh-address string The address to listen for SSH connections (default "localhost:2222")
--time-format string The time format to use for general log messages (default "2006/01/02 - 15:04:05")
-v, --version version for pcompose
-y, --whitelisted-countries string A comma separated list of whitelisted countries. Applies to SSH connections
-w, --whitelisted-ips string A comma separated list of whitelisted ips. Applies to SSH connections