flfeders/FEDEO
2
1
Fork 0
Code Issues 96 Pull Requests Actions Packages Projects 22 Releases Wiki Activity
Files
5fca7792a249199a9af90354b5912b6233256fa9
FEDEO/docker-compose.yml

422 lines
16 KiB
YAML
Raw Blame History

services:
frontend:
image: git.federspiel.tech/flfeders/fedeo/frontend:dev
restart: always
environment:
- NUXT_PUBLIC_API_BASE=https://app.fedeo.de/backend
- NUXT_PUBLIC_PDF_LICENSE=eyJkYXRhIjoiZXlKMElqb2laR1YyWld4dmNHVnlJaXdpWVhaMUlqb3hOemt3TmpNNU9UazVMQ0prYlNJNkltRndjQzVtWldSbGJ5NWtaU0lzSW00aU9pSXpOemt3Wm1Vek5UazBZbVU0TlRRNElpd2laWGh3SWpveE56a3dOak01T1RrNUxDSmtiWFFpT2lKemNHVmphV1pwWXlJc0luQWlPaUoyYVdWM1pYSWlmUT09Iiwic2lnbmF0dXJlIjoicWU4K0ZxQUJDNUp5bEJUU094Vkd5RTJMbk9UNmpyc2EyRStsN2tNNWhkM21KK2ZvVjYwaTFKeFdhZGtqSDRNWXZxQklMc0dpdWh5d2pMbUFjRHZuWGxOcTRMcXFLRm53dzVtaG1LK3lTeDRXbzVaS1loK1VZdFBzWUZjV3oyUHVGMmJraGJrVjJ6RzRlTGtRU09wdmJKY3JUZU1rN0N1VkN6Q1UraHF5T0ZVVXllWnRmaHlmcWswZEFFL0RMR1hvTDFSQXFjNkNkYU9FTDRTdC9Idy9DQnFieTE2aisvT3RxQUlLcy9NWTR6SVk3RTI3bWo4RUx5VjhXNkdXNXhqc0VUVzNKN0RRMUVlb3RhVlNLT29kc3pVRlhUYzVlbHVuSm04ZlcwM1ErMUhtSnpmWGoyS1dwM1dnamJDazZYSHozamFML2lOdUYvZFZNaWYvc2FoR3NnPT0ifQ==
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.port=3000"
# Middlewares
- "traefik.http.middlewares.fedeo-frontend-redirect-web-secure.redirectscheme.scheme=https"
# Web Entrypoint
- "traefik.http.routers.fedeo-frontend.middlewares=fedeo-frontend-redirect-web-secure"
- "traefik.http.routers.fedeo-frontend.rule=Host(`app.fedeo.de`) && PathPrefix(`/`)"
- "traefik.http.routers.fedeo-frontend.entrypoints=web"
- "traefik.http.routers.fedeo-frontend.priority=1"
# Web Secure Entrypoint
- "traefik.http.routers.fedeo-frontend-secure.rule=Host(`app.fedeo.de`) && PathPrefix(`/`)"
- "traefik.http.routers.fedeo-frontend-secure.entrypoints=web-secured" #
- "traefik.http.routers.fedeo-frontend-secure.tls.certresolver=mytlschallenge"
- "traefik.http.routers.fedeo-frontend-secure.priority=1"
docs:
image: git.federspiel.tech/flfeders/fedeo/docs:dev
restart: always
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.port=3000"
# Middlewares
- "traefik.http.middlewares.fedeo-docs-redirect-web-secure.redirectscheme.scheme=https"
- "traefik.http.middlewares.fedeo-docs-strip.stripprefix.prefixes=/docs"
# Web Entrypoint
- "traefik.http.routers.fedeo-docs.middlewares=fedeo-docs-redirect-web-secure"
- "traefik.http.routers.fedeo-docs.rule=Host(`app.fedeo.de`) && PathPrefix(`/docs`)"
- "traefik.http.routers.fedeo-docs.entrypoints=web"
- "traefik.http.routers.fedeo-docs.priority=120"
# Web Secure Entrypoint
- "traefik.http.routers.fedeo-docs-secure.rule=Host(`app.fedeo.de`) && PathPrefix(`/docs`)"
- "traefik.http.routers.fedeo-docs-secure.entrypoints=web-secured"
- "traefik.http.routers.fedeo-docs-secure.tls.certresolver=mytlschallenge"
- "traefik.http.routers.fedeo-docs-secure.middlewares=fedeo-docs-strip"
- "traefik.http.routers.fedeo-docs-secure.priority=120"
backend:
image: git.federspiel.tech/flfeders/fedeo/backend:dev
restart: always
environment:
- INFISICAL_CLIENT_ID=a6838bd6-9983-4bf4-9be2-ace830b9abdf
- INFISICAL_CLIENT_SECRET=4e3441acc0adbffd324aa50e668a95a556a3f55ec6bb85954e176e35a3392003
- NODE_ENV=production
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.port=3100"
# Middlewares
- "traefik.http.middlewares.fedeo-backend-redirect-web-secure.redirectscheme.scheme=https"
- "traefik.http.middlewares.fedeo-backend-strip.stripprefix.prefixes=/backend"
# Web Entrypoint
- "traefik.http.routers.fedeo-backend.middlewares=fedeo-backend-redirect-web-secure"
- "traefik.http.routers.fedeo-backend.rule=Host(`app.fedeo.de`) && PathPrefix(`/backend`)"
- "traefik.http.routers.fedeo-backend.entrypoints=web"
# Web Secure Entrypoint
- "traefik.http.routers.fedeo-backend-secure.rule=Host(`app.fedeo.de`) && PathPrefix(`/backend`)"
- "traefik.http.routers.fedeo-backend-secure.entrypoints=web-secured" #
- "traefik.http.routers.fedeo-backend-secure.tls.certresolver=mytlschallenge"
- "traefik.http.routers.fedeo-backend-secure.middlewares=fedeo-backend-strip"
matrix-db:
image: postgres:16-alpine
restart: unless-stopped
profiles:
- matrix
environment:
- POSTGRES_DB=${MATRIX_POSTGRES_DB:-synapse}
- POSTGRES_USER=${MATRIX_POSTGRES_USER:-synapse}
- POSTGRES_PASSWORD=${MATRIX_POSTGRES_PASSWORD:-change-this-matrix-db-password}
- POSTGRES_INITDB_ARGS=--encoding=UTF8 --lc-collate=C --lc-ctype=C
volumes:
- ./matrix/postgres:/var/lib/postgresql/data
networks:
- traefik
matrix-redis:
image: redis:7-alpine
restart: unless-stopped
profiles:
- matrix
networks:
- traefik
matrix-synapse:
image: ghcr.io/element-hq/synapse:latest
restart: unless-stopped
profiles:
- matrix
depends_on:
- matrix-db
- matrix-redis
environment:
- SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
volumes:
- ./matrix/synapse:/data
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.port=8008"
- "traefik.http.services.fedeo-matrix.loadbalancer.server.port=8008"
# Matrix Client-Server API
- "traefik.http.routers.fedeo-matrix.rule=Host(`${MATRIX_HOMESERVER_HOST:-matrix.fedeo.de}`) && PathPrefix(`/_matrix`)"
- "traefik.http.routers.fedeo-matrix.entrypoints=web"
- "traefik.http.routers.fedeo-matrix.middlewares=fedeo-matrix-redirect-web-secure"
- "traefik.http.routers.fedeo-matrix.service=fedeo-matrix"
- "traefik.http.middlewares.fedeo-matrix-redirect-web-secure.redirectscheme.scheme=https"
- "traefik.http.routers.fedeo-matrix-secure.rule=Host(`${MATRIX_HOMESERVER_HOST:-matrix.fedeo.de}`) && PathPrefix(`/_matrix`)"
- "traefik.http.routers.fedeo-matrix-secure.entrypoints=web-secured"
- "traefik.http.routers.fedeo-matrix-secure.tls.certresolver=mytlschallenge"
- "traefik.http.routers.fedeo-matrix-secure.service=fedeo-matrix"
# Matrix Federation API, nur öffnen wenn Federation gewünscht ist.
- "traefik.http.routers.fedeo-matrix-federation.rule=Host(`${MATRIX_HOMESERVER_HOST:-matrix.fedeo.de}`) && PathPrefix(`/_matrix/federation`)"
- "traefik.http.routers.fedeo-matrix-federation.entrypoints=web-secured"
- "traefik.http.routers.fedeo-matrix-federation.tls.certresolver=mytlschallenge"
- "traefik.http.routers.fedeo-matrix-federation.service=fedeo-matrix"
matrix-well-known:
image: nginx:1.27-alpine
restart: unless-stopped
profiles:
- matrix
volumes:
- ./matrix/well-known:/usr/share/nginx/html/.well-known/matrix:ro
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.port=80"
- "traefik.http.services.fedeo-matrix-well-known.loadbalancer.server.port=80"
- "traefik.http.middlewares.fedeo-matrix-well-known-cors.headers.accesscontrolalloworiginlist=*"
- "traefik.http.middlewares.fedeo-matrix-well-known-cors.headers.accesscontrolallowmethods=GET,OPTIONS"
- "traefik.http.middlewares.fedeo-matrix-well-known-cors.headers.accesscontrolallowheaders=Content-Type,Authorization"
- "traefik.http.routers.fedeo-matrix-well-known.rule=Host(`${MATRIX_SERVER_NAME:-fedeo.de}`) && PathPrefix(`/.well-known/matrix`)"
- "traefik.http.routers.fedeo-matrix-well-known.entrypoints=web-secured"
- "traefik.http.routers.fedeo-matrix-well-known.tls.certresolver=mytlschallenge"
- "traefik.http.routers.fedeo-matrix-well-known.middlewares=fedeo-matrix-well-known-cors"
- "traefik.http.routers.fedeo-matrix-well-known.service=fedeo-matrix-well-known"
matrix-turn:
image: instrumentisto/coturn:4
restart: unless-stopped
profiles:
- matrix
command:
- --fingerprint
- --use-auth-secret
- --static-auth-secret=${MATRIX_TURN_SHARED_SECRET:-change-this-turn-secret}
- --realm=${MATRIX_SERVER_NAME:-fedeo.de}
- --listening-port=3478
- --tls-listening-port=5349
- --min-port=49160
- --max-port=49200
- --no-cli
- --no-tlsv1
- --no-tlsv1_1
ports:
- "3478:3478/tcp"
- "3478:3478/udp"
- "5349:5349/tcp"
- "49160-49200:49160-49200/udp"
networks:
- traefik
matrix-livekit:
image: livekit/livekit-server:v1.9
restart: unless-stopped
profiles:
- matrix
depends_on:
- matrix-redis
entrypoint: /bin/sh
command:
- -ec
- |
cat >/tmp/livekit.yaml <<EOF
port: 7880
redis:
address: matrix-redis:6379
rtc:
tcp_port: 7881
port_range_start: 50000
port_range_end: 50100
use_external_ip: true
keys:
${LIVEKIT_KEY:-fedeo-livekit}: ${LIVEKIT_SECRET:-change-this-livekit-secret-please-replace}
room:
auto_create: false
EOF
exec /livekit-server --config /tmp/livekit.yaml
ports:
- "7881:7881/tcp"
- "50000-50100:50000-50100/udp"
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.port=7880"
- "traefik.http.services.fedeo-matrix-livekit.loadbalancer.server.port=7880"
- "traefik.http.middlewares.fedeo-matrix-livekit-strip.stripprefix.prefixes=/livekit/sfu"
- "traefik.http.routers.fedeo-matrix-livekit.rule=Host(`${MATRIX_RTC_HOST:-call.fedeo.de}`) && PathPrefix(`/livekit/sfu`)"
- "traefik.http.routers.fedeo-matrix-livekit.entrypoints=web-secured"
- "traefik.http.routers.fedeo-matrix-livekit.tls.certresolver=mytlschallenge"
- "traefik.http.routers.fedeo-matrix-livekit.middlewares=fedeo-matrix-livekit-strip"
- "traefik.http.routers.fedeo-matrix-livekit.service=fedeo-matrix-livekit"
matrix-rtc-jwt:
image: ghcr.io/element-hq/lk-jwt-service:latest
restart: unless-stopped
profiles:
- matrix
depends_on:
- matrix-livekit
- matrix-synapse
environment:
- LIVEKIT_URL=wss://${MATRIX_RTC_HOST:-call.fedeo.de}/livekit/sfu
- LIVEKIT_KEY=${LIVEKIT_KEY:-fedeo-livekit}
- LIVEKIT_SECRET=${LIVEKIT_SECRET:-change-this-livekit-secret-please-replace}
- LIVEKIT_FULL_ACCESS_HOMESERVERS=${MATRIX_SERVER_NAME:-fedeo.de}
- LIVEKIT_JWT_BIND=:8080
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.port=8080"
- "traefik.http.services.fedeo-matrix-rtc-jwt.loadbalancer.server.port=8080"
- "traefik.http.middlewares.fedeo-matrix-rtc-jwt-strip.stripprefix.prefixes=/livekit/jwt"
- "traefik.http.routers.fedeo-matrix-rtc-jwt.rule=Host(`${MATRIX_RTC_HOST:-call.fedeo.de}`) && PathPrefix(`/livekit/jwt`)"
- "traefik.http.routers.fedeo-matrix-rtc-jwt.entrypoints=web-secured"
- "traefik.http.routers.fedeo-matrix-rtc-jwt.tls.certresolver=mytlschallenge"
- "traefik.http.routers.fedeo-matrix-rtc-jwt.middlewares=fedeo-matrix-rtc-jwt-strip"
- "traefik.http.routers.fedeo-matrix-rtc-jwt.service=fedeo-matrix-rtc-jwt"
matrix-dev-db:
image: postgres:16-alpine
restart: unless-stopped
profiles:
- matrix-dev
environment:
- POSTGRES_DB=synapse
- POSTGRES_USER=synapse
- POSTGRES_PASSWORD=synapse-dev-password
- POSTGRES_INITDB_ARGS=--encoding=UTF8 --lc-collate=C --lc-ctype=C
volumes:
- ./matrix/dev/postgres:/var/lib/postgresql/data
networks:
- traefik
matrix-dev-redis:
image: redis:7-alpine
restart: unless-stopped
profiles:
- matrix-dev
networks:
- traefik
matrix-dev-synapse:
image: ghcr.io/element-hq/synapse:latest
restart: unless-stopped
profiles:
- matrix-dev
depends_on:
- matrix-dev-db
- matrix-dev-redis
environment:
- SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
volumes:
- ./matrix/dev/synapse:/data
ports:
- "${MATRIX_DEV_SYNAPSE_PORT:-8008}:8008"
networks:
- traefik
matrix-dev-turn:
image: instrumentisto/coturn:4
restart: unless-stopped
profiles:
- matrix-dev
command:
- --fingerprint
- --use-auth-secret
- --static-auth-secret=matrix-dev-turn-secret
- --realm=localhost
- --listening-port=3478
- --min-port=49160
- --max-port=49200
- --no-cli
- --no-tls
- --no-dtls
ports:
- "${MATRIX_DEV_TURN_PORT:-3478}:3478/tcp"
- "${MATRIX_DEV_TURN_PORT:-3478}:3478/udp"
- "${MATRIX_DEV_TURN_MIN_PORT:-49160}-${MATRIX_DEV_TURN_MAX_PORT:-49200}:49160-49200/udp"
networks:
- traefik
matrix-dev-livekit:
image: livekit/livekit-server:v1.9
restart: unless-stopped
profiles:
- matrix-dev
depends_on:
- matrix-dev-redis
entrypoint: /bin/sh
command:
- -ec
- |
cat >/tmp/livekit.yaml <<EOF
port: 7880
redis:
address: matrix-dev-redis:6379
rtc:
tcp_port: 7881
port_range_start: 50000
port_range_end: 50100
use_external_ip: false
keys:
devkey: devsecret-local-matrix-stack-32-chars
room:
auto_create: false
EOF
exec /livekit-server --config /tmp/livekit.yaml
ports:
- "${MATRIX_DEV_LIVEKIT_PORT:-7880}:7880"
- "${MATRIX_DEV_LIVEKIT_TCP_PORT:-7881}:7881/tcp"
- "${MATRIX_DEV_LIVEKIT_RTC_MIN_PORT:-50000}-${MATRIX_DEV_LIVEKIT_RTC_MAX_PORT:-50100}:50000-50100/udp"
networks:
- traefik
matrix-dev-rtc-jwt:
image: ghcr.io/element-hq/lk-jwt-service:latest
restart: unless-stopped
profiles:
- matrix-dev
depends_on:
- matrix-dev-livekit
- matrix-dev-synapse
environment:
- LIVEKIT_URL=ws://localhost:${MATRIX_DEV_LIVEKIT_PORT:-7880}
- LIVEKIT_KEY=devkey
- LIVEKIT_SECRET=devsecret-local-matrix-stack-32-chars
- LIVEKIT_FULL_ACCESS_HOMESERVERS=localhost
- LIVEKIT_JWT_BIND=:8080
ports:
- "${MATRIX_DEV_RTC_JWT_PORT:-8081}:8080"
networks:
- traefik
matrix-dev-element:
image: vectorim/element-web:latest
restart: unless-stopped
profiles:
- matrix-dev
volumes:
- ./matrix/dev/element-config.json:/app/config.json:ro
ports:
- "${MATRIX_DEV_ELEMENT_PORT:-8080}:80"
networks:
- traefik
# db:
# image: postgres
# restart: always
# shm_size: 128mb
# environment:
# POSTGRES_PASSWORD: abc
# POSTGRES_USER: sandelcom
# POSTGRES_DB: sensorfy
# volumes:
# - ./pg-data:/var/lib/postgresql/data
# ports:
# - "5432:5432"
traefik:
image: traefik:v2.11
restart: unless-stopped
container_name: traefik
command:
- "--api.insecure=false"
- "--api.dashboard=false"
- "--api.debug=false"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=traefik"
- "--entrypoints.web.address=:80"
- "--entrypoints.web-secured.address=:443"
- "--accesslog=true"
- "--accesslog.filepath=/logs/access.log"
- "--accesslog.bufferingsize=5000"
- "--accesslog.fields.defaultMode=keep"
- "--accesslog.fields.headers.defaultMode=keep"
- "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true" #
- "--certificatesresolvers.mytlschallenge.acme.email=moin@fedeo.de"
- "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
ports:
- 80:80
- 443:443
volumes:
- "./traefik/letsencrypt:/letsencrypt" # <== Volume for certs (TLS)
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik/logs:/logs"
networks:
- traefik
networks:
traefik:
external: false
Reference in New Issue View Git Blame Copy Permalink