services: traefik: image: traefik:v2.11 container_name: fedeo-traefik restart: unless-stopped command: - --api.insecure=false - --api.dashboard=false - --providers.docker=true - --providers.docker.exposedbydefault=false - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.scheme=https - --certificatesresolvers.letsencrypt.acme.tlschallenge=true - --certificatesresolvers.letsencrypt.acme.email=${CONTACT_EMAIL} - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json - --accesslog=true - --accesslog.filepath=/logs/access.log ports: - "80:80" - "443:443" volumes: - ./traefik/letsencrypt:/letsencrypt - ./traefik/logs:/logs - /var/run/docker.sock:/var/run/docker.sock:ro networks: - web db: image: postgres:16 container_name: fedeo-db restart: unless-stopped environment: POSTGRES_DB: ${DB_NAME} POSTGRES_USER: ${DB_USER} POSTGRES_PASSWORD: ${DB_PASSWORD} volumes: - ./postgres:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U ${DB_USER} -d ${DB_NAME}"] interval: 10s timeout: 5s retries: 10 networks: - internal minio: image: minio/minio:latest container_name: fedeo-minio restart: unless-stopped command: server /data --console-address ":9001" environment: MINIO_ROOT_USER: ${MINIO_ROOT_USER} MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD} volumes: - ./minio:/data healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 10s timeout: 5s retries: 10 networks: - internal createbuckets: image: minio/mc:latest container_name: fedeo-minio-init depends_on: minio: condition: service_healthy entrypoint: > /bin/sh -c " mc alias set local http://minio:9000 ${MINIO_ROOT_USER} ${MINIO_ROOT_PASSWORD}; mc mb --ignore-existing local/${MINIO_BUCKET}; mc anonymous set private local/${MINIO_BUCKET}; exit 0; " restart: "no" networks: - internal backend: build: context: ./backend container_name: fedeo-backend restart: unless-stopped depends_on: db: condition: service_healthy minio: condition: service_healthy createbuckets: condition: service_completed_successfully environment: NODE_ENV: production FEDEO_RUN_MIGRATIONS: ${FEDEO_RUN_MIGRATIONS:-true} HOST: ${HOST:-0.0.0.0} PORT: ${PORT:-3100} COOKIE_SECRET: ${COOKIE_SECRET} JWT_SECRET: ${JWT_SECRET} ENCRYPTION_KEY: ${ENCRYPTION_KEY} DATABASE_URL: ${DATABASE_URL} MAILER_SMTP_HOST: ${MAILER_SMTP_HOST} MAILER_SMTP_PORT: ${MAILER_SMTP_PORT} MAILER_SMTP_SSL: ${MAILER_SMTP_SSL} MAILER_SMTP_USER: ${MAILER_SMTP_USER} MAILER_SMTP_PASS: ${MAILER_SMTP_PASS} MAILER_FROM: ${MAILER_FROM} S3_ENDPOINT: ${S3_ENDPOINT} S3_REGION: ${S3_REGION} S3_ACCESS_KEY: ${S3_ACCESS_KEY} S3_SECRET_KEY: ${S3_SECRET_KEY} S3_BUCKET: ${S3_BUCKET} M2M_API_KEY: ${M2M_API_KEY} API_BASE_URL: ${API_BASE_URL} GOCARDLESS_BASE_URL: ${GOCARDLESS_BASE_URL} GOCARDLESS_SECRET_ID: ${GOCARDLESS_SECRET_ID} GOCARDLESS_SECRET_KEY: ${GOCARDLESS_SECRET_KEY} DOKUBOX_IMAP_HOST: ${DOKUBOX_IMAP_HOST} DOKUBOX_IMAP_PORT: ${DOKUBOX_IMAP_PORT} DOKUBOX_IMAP_SECURE: ${DOKUBOX_IMAP_SECURE} DOKUBOX_IMAP_USER: ${DOKUBOX_IMAP_USER} DOKUBOX_IMAP_PASSWORD: ${DOKUBOX_IMAP_PASSWORD} OPENAI_API_KEY: ${OPENAI_API_KEY} STIRLING_API_KEY: ${STIRLING_API_KEY} FEDEO_BOOTSTRAP_ADMIN_EMAIL: ${FEDEO_BOOTSTRAP_ADMIN_EMAIL:-} FEDEO_BOOTSTRAP_ADMIN_PASSWORD: ${FEDEO_BOOTSTRAP_ADMIN_PASSWORD:-} FEDEO_BOOTSTRAP_ADMIN_FIRST_NAME: ${FEDEO_BOOTSTRAP_ADMIN_FIRST_NAME:-Admin} FEDEO_BOOTSTRAP_ADMIN_LAST_NAME: ${FEDEO_BOOTSTRAP_ADMIN_LAST_NAME:-Benutzer} FEDEO_BOOTSTRAP_TENANT_NAME: ${FEDEO_BOOTSTRAP_TENANT_NAME:-FEDEO} FEDEO_BOOTSTRAP_TENANT_SHORT: ${FEDEO_BOOTSTRAP_TENANT_SHORT:-FEDEO} MATRIX_HOMESERVER_URL: ${MATRIX_HOMESERVER_URL:-http://matrix-synapse:8008} MATRIX_SERVER_NAME: ${MATRIX_SERVER_NAME:-${DOMAIN}} MATRIX_RTC_HOST: ${MATRIX_RTC_HOST:-${DOMAIN}} MATRIX_RTC_JWT_URL: ${MATRIX_RTC_JWT_URL:-} MATRIX_LIVEKIT_URL: ${MATRIX_LIVEKIT_URL:-} MATRIX_REGISTRATION_SHARED_SECRET: ${MATRIX_REGISTRATION_SHARED_SECRET:-} MATRIX_SERVICE_USER_LOCALPART: ${MATRIX_SERVICE_USER_LOCALPART:-fedeo_service} LIVEKIT_KEY: ${LIVEKIT_KEY:-fedeo-livekit} LIVEKIT_SECRET: ${LIVEKIT_SECRET:-} labels: - traefik.enable=true - traefik.http.routers.fedeo-backend.rule=Host(`${DOMAIN}`) && PathPrefix(`/backend`) - traefik.http.routers.fedeo-backend.entrypoints=websecure - traefik.http.routers.fedeo-backend.tls.certresolver=letsencrypt - traefik.http.middlewares.fedeo-backend-strip.stripprefix.prefixes=/backend - traefik.http.routers.fedeo-backend.middlewares=fedeo-backend-strip - traefik.http.services.fedeo-backend.loadbalancer.server.port=3100 - traefik.docker.network=fedeo_web networks: - web - internal frontend: build: context: ./frontend container_name: fedeo-frontend restart: unless-stopped depends_on: - backend environment: NODE_ENV: production NUXT_PUBLIC_API_BASE: https://${DOMAIN}/backend NUXT_PUBLIC_PDF_LICENSE: ${NUXT_PUBLIC_PDF_LICENSE} NUXT_PUBLIC_MATRIX_ELEMENT_URL: ${NUXT_PUBLIC_MATRIX_ELEMENT_URL:-} labels: - traefik.enable=true - traefik.http.routers.fedeo-frontend.rule=Host(`${DOMAIN}`) - traefik.http.routers.fedeo-frontend.entrypoints=websecure - traefik.http.routers.fedeo-frontend.tls.certresolver=letsencrypt - traefik.http.services.fedeo-frontend.loadbalancer.server.port=3000 - traefik.docker.network=fedeo_web networks: - web matrix-db: image: postgres:16-alpine container_name: fedeo-matrix-db restart: unless-stopped profiles: - matrix environment: POSTGRES_DB: ${MATRIX_POSTGRES_DB:-synapse} POSTGRES_USER: ${MATRIX_POSTGRES_USER:-synapse} POSTGRES_PASSWORD: ${MATRIX_POSTGRES_PASSWORD:-change-this-matrix-db-password} POSTGRES_INITDB_ARGS: --encoding=UTF8 --lc-collate=C --lc-ctype=C volumes: - ./matrix/postgres:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U ${MATRIX_POSTGRES_USER:-synapse} -d ${MATRIX_POSTGRES_DB:-synapse}"] interval: 10s timeout: 5s retries: 10 networks: - internal matrix-redis: image: redis:7-alpine container_name: fedeo-matrix-redis restart: unless-stopped profiles: - matrix networks: - internal matrix-synapse: image: ghcr.io/element-hq/synapse:latest container_name: fedeo-matrix-synapse restart: unless-stopped profiles: - matrix depends_on: matrix-db: condition: service_healthy matrix-redis: condition: service_started environment: SYNAPSE_CONFIG_PATH: /data/homeserver.yaml volumes: - ./matrix/synapse:/data labels: - traefik.enable=true - traefik.http.routers.fedeo-matrix.rule=Host(`${DOMAIN}`) && PathPrefix(`/_matrix`) - traefik.http.routers.fedeo-matrix.entrypoints=websecure - traefik.http.routers.fedeo-matrix.tls.certresolver=letsencrypt - traefik.http.services.fedeo-matrix.loadbalancer.server.port=8008 - traefik.docker.network=fedeo_web networks: - web - internal matrix-well-known: image: nginx:1.27-alpine container_name: fedeo-matrix-well-known restart: unless-stopped profiles: - matrix volumes: - ./matrix/well-known:/usr/share/nginx/html/.well-known/matrix:ro labels: - traefik.enable=true - traefik.http.middlewares.fedeo-matrix-well-known-cors.headers.accesscontrolalloworiginlist=* - traefik.http.middlewares.fedeo-matrix-well-known-cors.headers.accesscontrolallowmethods=GET,OPTIONS - traefik.http.middlewares.fedeo-matrix-well-known-cors.headers.accesscontrolallowheaders=Content-Type,Authorization - traefik.http.routers.fedeo-matrix-well-known.rule=Host(`${DOMAIN}`) && PathPrefix(`/.well-known/matrix`) - traefik.http.routers.fedeo-matrix-well-known.entrypoints=websecure - traefik.http.routers.fedeo-matrix-well-known.tls.certresolver=letsencrypt - traefik.http.routers.fedeo-matrix-well-known.middlewares=fedeo-matrix-well-known-cors - traefik.http.services.fedeo-matrix-well-known.loadbalancer.server.port=80 - traefik.docker.network=fedeo_web networks: - web matrix-turn: image: instrumentisto/coturn:4 container_name: fedeo-matrix-turn restart: unless-stopped profiles: - matrix command: - --fingerprint - --use-auth-secret - --static-auth-secret=${MATRIX_TURN_SHARED_SECRET:-change-this-turn-secret} - --realm=${MATRIX_SERVER_NAME:-${DOMAIN}} - --listening-port=3478 - --tls-listening-port=5349 - --min-port=49160 - --max-port=49200 - --no-cli - --no-tlsv1 - --no-tlsv1_1 ports: - "3478:3478/tcp" - "3478:3478/udp" - "5349:5349/tcp" - "49160-49200:49160-49200/udp" networks: - internal matrix-livekit: image: livekit/livekit-server:v1.9 container_name: fedeo-matrix-livekit restart: unless-stopped profiles: - matrix depends_on: - matrix-redis entrypoint: /bin/sh command: - -ec - | cat >/tmp/livekit.yaml <