diff --git a/api/auth.conf.template b/api/auth.conf.template new file mode 100644 index 0000000..648a2c5 --- /dev/null +++ b/api/auth.conf.template @@ -0,0 +1,9 @@ +server { + listen 8080; + location / { + if ($http_x_api_key != '${API_TOKEN}') { + return 401; + } + return 200; + } +} diff --git a/api/compose.yml b/api/compose.yml new file mode 100644 index 0000000..fa0600a --- /dev/null +++ b/api/compose.yml @@ -0,0 +1,74 @@ +services: + auth: + image: nginx:alpine + container_name: api_auth + volumes: + - ./auth.conf.template:/etc/nginx/templates/default.conf.template:ro + environment: + - API_TOKEN=${API_TOKEN} + restart: always + networks: + - compose_network + + freepik: + image: dev.pivoine.art/valknar/freepik-api:latest + container_name: api_freepik + environment: + - FP_FREEPIK_API_KEY=${FP_FREEPIK_API_KEY} + - FP_WEBHOOK_SECRET=${FP_WEBHOOK_SECRET} + volumes: + - ../.data/api/freepik/outputs:/app/outputs + - ../.data/api/freepik/temp:/app/temp + restart: always + labels: + - "traefik.enable=true" + - "traefik.http.middlewares.api-redirect-web-secure.redirectscheme.scheme=https" + - "traefik.http.middlewares.api-auth.forwardauth.address=http://api_auth:8080" + - "traefik.http.middlewares.api-freepik-strip.stripprefix.prefixes=/freepik" + - "traefik.http.middlewares.api-freepik-addprefix.addprefix.prefix=/api/v1" + - "traefik.http.routers.api-freepik-web.rule=Host(`${TRAEFIK_HOST}`) && PathPrefix(`/freepik`)" + - "traefik.http.routers.api-freepik-web.entrypoints=web" + - "traefik.http.routers.api-freepik-web.middlewares=api-redirect-web-secure" + - "traefik.http.routers.api-freepik-web-secure.rule=Host(`${TRAEFIK_HOST}`) && PathPrefix(`/freepik`)" + - "traefik.http.routers.api-freepik-web-secure.entrypoints=web-secure" + - "traefik.http.routers.api-freepik-web-secure.tls.certresolver=resolver" + - "traefik.http.routers.api-freepik-web-secure.middlewares=api-auth,api-freepik-strip,api-freepik-addprefix,api-rate-limit@file" + - "traefik.http.services.api-freepik-web-secure.loadbalancer.server.port=8000" + - "traefik.docker.network=${NETWORK_NAME}" + - "com.centurylinklabs.watchtower.enable=true" + networks: + - compose_network + + facefusion: + image: dev.pivoine.art/valknar/facefusion-api:latest + container_name: api_facefusion + environment: + - FF_EXECUTION_PROVIDERS=["cpu"] + volumes: + - ../.data/api/facefusion/uploads:/app/uploads + - ../.data/api/facefusion/outputs:/app/outputs + - ../.data/api/facefusion/models:/app/models + - ../.data/api/facefusion/temp:/app/temp + - ../.data/api/facefusion/jobs:/app/jobs + restart: always + labels: + - "traefik.enable=true" + - "traefik.http.middlewares.api-facefusion-strip.stripprefix.prefixes=/facefusion" + - "traefik.http.middlewares.api-facefusion-addprefix.addprefix.prefix=/api/v1" + - "traefik.http.routers.api-facefusion-web.rule=Host(`${TRAEFIK_HOST}`) && PathPrefix(`/facefusion`)" + - "traefik.http.routers.api-facefusion-web.entrypoints=web" + - "traefik.http.routers.api-facefusion-web.middlewares=api-redirect-web-secure" + - "traefik.http.routers.api-facefusion-web-secure.rule=Host(`${TRAEFIK_HOST}`) && PathPrefix(`/facefusion`)" + - "traefik.http.routers.api-facefusion-web-secure.entrypoints=web-secure" + - "traefik.http.routers.api-facefusion-web-secure.tls.certresolver=resolver" + - "traefik.http.routers.api-facefusion-web-secure.middlewares=api-auth,api-facefusion-strip,api-facefusion-addprefix,api-rate-limit@file" + - "traefik.http.services.api-facefusion-web-secure.loadbalancer.server.port=8000" + - "traefik.docker.network=${NETWORK_NAME}" + - "com.centurylinklabs.watchtower.enable=true" + networks: + - compose_network + +networks: + compose_network: + name: ${NETWORK_NAME} + external: true