KI-AGENT: Matrix-Stack in Docker Compose vorbereiten
This commit is contained in:
@@ -71,6 +71,182 @@ services:
|
||||
- "traefik.http.routers.fedeo-backend-secure.entrypoints=web-secured" #
|
||||
- "traefik.http.routers.fedeo-backend-secure.tls.certresolver=mytlschallenge"
|
||||
- "traefik.http.routers.fedeo-backend-secure.middlewares=fedeo-backend-strip"
|
||||
matrix-db:
|
||||
image: postgres:16-alpine
|
||||
restart: unless-stopped
|
||||
profiles:
|
||||
- matrix
|
||||
environment:
|
||||
- POSTGRES_DB=${MATRIX_POSTGRES_DB:-synapse}
|
||||
- POSTGRES_USER=${MATRIX_POSTGRES_USER:-synapse}
|
||||
- POSTGRES_PASSWORD=${MATRIX_POSTGRES_PASSWORD:-change-this-matrix-db-password}
|
||||
- POSTGRES_INITDB_ARGS=--encoding=UTF8 --lc-collate=C --lc-ctype=C
|
||||
volumes:
|
||||
- ./matrix/postgres:/var/lib/postgresql/data
|
||||
networks:
|
||||
- traefik
|
||||
|
||||
matrix-redis:
|
||||
image: redis:7-alpine
|
||||
restart: unless-stopped
|
||||
profiles:
|
||||
- matrix
|
||||
networks:
|
||||
- traefik
|
||||
|
||||
matrix-synapse:
|
||||
image: ghcr.io/element-hq/synapse:latest
|
||||
restart: unless-stopped
|
||||
profiles:
|
||||
- matrix
|
||||
depends_on:
|
||||
- matrix-db
|
||||
- matrix-redis
|
||||
environment:
|
||||
- SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
|
||||
volumes:
|
||||
- ./matrix/synapse:/data
|
||||
networks:
|
||||
- traefik
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=traefik"
|
||||
- "traefik.port=8008"
|
||||
- "traefik.http.services.fedeo-matrix.loadbalancer.server.port=8008"
|
||||
# Matrix Client-Server API
|
||||
- "traefik.http.routers.fedeo-matrix.rule=Host(`${MATRIX_HOMESERVER_HOST:-matrix.fedeo.de}`) && PathPrefix(`/_matrix`)"
|
||||
- "traefik.http.routers.fedeo-matrix.entrypoints=web"
|
||||
- "traefik.http.routers.fedeo-matrix.middlewares=fedeo-matrix-redirect-web-secure"
|
||||
- "traefik.http.routers.fedeo-matrix.service=fedeo-matrix"
|
||||
- "traefik.http.middlewares.fedeo-matrix-redirect-web-secure.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.fedeo-matrix-secure.rule=Host(`${MATRIX_HOMESERVER_HOST:-matrix.fedeo.de}`) && PathPrefix(`/_matrix`)"
|
||||
- "traefik.http.routers.fedeo-matrix-secure.entrypoints=web-secured"
|
||||
- "traefik.http.routers.fedeo-matrix-secure.tls.certresolver=mytlschallenge"
|
||||
- "traefik.http.routers.fedeo-matrix-secure.service=fedeo-matrix"
|
||||
# Matrix Federation API, nur öffnen wenn Federation gewünscht ist.
|
||||
- "traefik.http.routers.fedeo-matrix-federation.rule=Host(`${MATRIX_HOMESERVER_HOST:-matrix.fedeo.de}`) && PathPrefix(`/_matrix/federation`)"
|
||||
- "traefik.http.routers.fedeo-matrix-federation.entrypoints=web-secured"
|
||||
- "traefik.http.routers.fedeo-matrix-federation.tls.certresolver=mytlschallenge"
|
||||
- "traefik.http.routers.fedeo-matrix-federation.service=fedeo-matrix"
|
||||
|
||||
matrix-well-known:
|
||||
image: nginx:1.27-alpine
|
||||
restart: unless-stopped
|
||||
profiles:
|
||||
- matrix
|
||||
volumes:
|
||||
- ./matrix/well-known:/usr/share/nginx/html/.well-known/matrix:ro
|
||||
networks:
|
||||
- traefik
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=traefik"
|
||||
- "traefik.port=80"
|
||||
- "traefik.http.services.fedeo-matrix-well-known.loadbalancer.server.port=80"
|
||||
- "traefik.http.middlewares.fedeo-matrix-well-known-cors.headers.accesscontrolalloworiginlist=*"
|
||||
- "traefik.http.middlewares.fedeo-matrix-well-known-cors.headers.accesscontrolallowmethods=GET,OPTIONS"
|
||||
- "traefik.http.middlewares.fedeo-matrix-well-known-cors.headers.accesscontrolallowheaders=Content-Type,Authorization"
|
||||
- "traefik.http.routers.fedeo-matrix-well-known.rule=Host(`${MATRIX_SERVER_NAME:-fedeo.de}`) && PathPrefix(`/.well-known/matrix`)"
|
||||
- "traefik.http.routers.fedeo-matrix-well-known.entrypoints=web-secured"
|
||||
- "traefik.http.routers.fedeo-matrix-well-known.tls.certresolver=mytlschallenge"
|
||||
- "traefik.http.routers.fedeo-matrix-well-known.middlewares=fedeo-matrix-well-known-cors"
|
||||
- "traefik.http.routers.fedeo-matrix-well-known.service=fedeo-matrix-well-known"
|
||||
|
||||
matrix-turn:
|
||||
image: instrumentisto/coturn:4
|
||||
restart: unless-stopped
|
||||
profiles:
|
||||
- matrix
|
||||
command:
|
||||
- --fingerprint
|
||||
- --use-auth-secret
|
||||
- --static-auth-secret=${MATRIX_TURN_SHARED_SECRET:-change-this-turn-secret}
|
||||
- --realm=${MATRIX_SERVER_NAME:-fedeo.de}
|
||||
- --listening-port=3478
|
||||
- --tls-listening-port=5349
|
||||
- --min-port=49160
|
||||
- --max-port=49200
|
||||
- --no-cli
|
||||
- --no-tlsv1
|
||||
- --no-tlsv1_1
|
||||
ports:
|
||||
- "3478:3478/tcp"
|
||||
- "3478:3478/udp"
|
||||
- "5349:5349/tcp"
|
||||
- "49160-49200:49160-49200/udp"
|
||||
networks:
|
||||
- traefik
|
||||
|
||||
matrix-livekit:
|
||||
image: livekit/livekit-server:v1.9
|
||||
restart: unless-stopped
|
||||
profiles:
|
||||
- matrix
|
||||
depends_on:
|
||||
- matrix-redis
|
||||
entrypoint: /bin/sh
|
||||
command:
|
||||
- -ec
|
||||
- |
|
||||
cat >/tmp/livekit.yaml <<EOF
|
||||
port: 7880
|
||||
redis:
|
||||
address: matrix-redis:6379
|
||||
rtc:
|
||||
tcp_port: 7881
|
||||
port_range_start: 50000
|
||||
port_range_end: 50100
|
||||
use_external_ip: true
|
||||
keys:
|
||||
${LIVEKIT_KEY:-fedeo-livekit}: ${LIVEKIT_SECRET:-change-this-livekit-secret}
|
||||
room:
|
||||
auto_create: false
|
||||
EOF
|
||||
exec livekit-server --config /tmp/livekit.yaml
|
||||
ports:
|
||||
- "7881:7881/tcp"
|
||||
- "50000-50100:50000-50100/udp"
|
||||
networks:
|
||||
- traefik
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=traefik"
|
||||
- "traefik.port=7880"
|
||||
- "traefik.http.services.fedeo-matrix-livekit.loadbalancer.server.port=7880"
|
||||
- "traefik.http.middlewares.fedeo-matrix-livekit-strip.stripprefix.prefixes=/livekit/sfu"
|
||||
- "traefik.http.routers.fedeo-matrix-livekit.rule=Host(`${MATRIX_RTC_HOST:-call.fedeo.de}`) && PathPrefix(`/livekit/sfu`)"
|
||||
- "traefik.http.routers.fedeo-matrix-livekit.entrypoints=web-secured"
|
||||
- "traefik.http.routers.fedeo-matrix-livekit.tls.certresolver=mytlschallenge"
|
||||
- "traefik.http.routers.fedeo-matrix-livekit.middlewares=fedeo-matrix-livekit-strip"
|
||||
- "traefik.http.routers.fedeo-matrix-livekit.service=fedeo-matrix-livekit"
|
||||
|
||||
matrix-rtc-jwt:
|
||||
image: ghcr.io/element-hq/lk-jwt-service:latest
|
||||
restart: unless-stopped
|
||||
profiles:
|
||||
- matrix
|
||||
depends_on:
|
||||
- matrix-livekit
|
||||
- matrix-synapse
|
||||
environment:
|
||||
- LIVEKIT_URL=wss://${MATRIX_RTC_HOST:-call.fedeo.de}/livekit/sfu
|
||||
- LIVEKIT_KEY=${LIVEKIT_KEY:-fedeo-livekit}
|
||||
- LIVEKIT_SECRET=${LIVEKIT_SECRET:-change-this-livekit-secret}
|
||||
- LIVEKIT_FULL_ACCESS_HOMESERVERS=${MATRIX_SERVER_NAME:-fedeo.de}
|
||||
- LIVEKIT_JWT_BIND=:8080
|
||||
networks:
|
||||
- traefik
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=traefik"
|
||||
- "traefik.port=8080"
|
||||
- "traefik.http.services.fedeo-matrix-rtc-jwt.loadbalancer.server.port=8080"
|
||||
- "traefik.http.middlewares.fedeo-matrix-rtc-jwt-strip.stripprefix.prefixes=/livekit/jwt"
|
||||
- "traefik.http.routers.fedeo-matrix-rtc-jwt.rule=Host(`${MATRIX_RTC_HOST:-call.fedeo.de}`) && PathPrefix(`/livekit/jwt`)"
|
||||
- "traefik.http.routers.fedeo-matrix-rtc-jwt.entrypoints=web-secured"
|
||||
- "traefik.http.routers.fedeo-matrix-rtc-jwt.tls.certresolver=mytlschallenge"
|
||||
- "traefik.http.routers.fedeo-matrix-rtc-jwt.middlewares=fedeo-matrix-rtc-jwt-strip"
|
||||
- "traefik.http.routers.fedeo-matrix-rtc-jwt.service=fedeo-matrix-rtc-jwt"
|
||||
# db:
|
||||
# image: postgres
|
||||
# restart: always
|
||||
|
||||
Reference in New Issue
Block a user