generated from coop-cloud/example
Initial working version
This commit is contained in:
parent
f2ceb2024c
commit
a57c0f994f
48
compose.yml
48
compose.yml
|
@ -3,7 +3,7 @@ version: "3.8"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: nginx:1.20.0
|
image: screensy/website
|
||||||
networks:
|
networks:
|
||||||
- proxy
|
- proxy
|
||||||
deploy:
|
deploy:
|
||||||
|
@ -11,7 +11,7 @@ services:
|
||||||
condition: on-failure
|
condition: on-failure
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
|
||||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
|
@ -20,13 +20,45 @@ services:
|
||||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||||
- "coop-cloud.${STACK_NAME}.version="
|
- "coop-cloud.${STACK_NAME}.version="
|
||||||
healthcheck:
|
# healthcheck:
|
||||||
test: ["CMD", "curl", "-f", "http://localhost"]
|
# test: ["CMD", "curl", "-f", "http://localhost"]
|
||||||
interval: 30s
|
# interval: 30s
|
||||||
timeout: 10s
|
# timeout: 10s
|
||||||
retries: 10
|
# retries: 10
|
||||||
start_period: 1m
|
# start_period: 1m
|
||||||
|
|
||||||
|
rendezvous:
|
||||||
|
image: screensy/rendezvous
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
deploy:
|
||||||
|
restart_policy:
|
||||||
|
condition: on-failure
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.services.${STACK_NAME}-rendezvous.loadbalancer.server.port=4000"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-rendezvous.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS}) && HeadersRegexp(`Connection`, `.*Upgrade.*`) && Headers(`Upgrade`, `websocket`)"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-rendezvous.entrypoints=web-secure"
|
||||||
|
- "traefik.http.routers.${STACK_NAME}-rendezvous.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
|
|
||||||
|
turn:
|
||||||
|
image: "coturn/coturn:4.5.2"
|
||||||
|
# Use the host network directly as Docker performs badly with
|
||||||
|
# large port ranges
|
||||||
|
networks:
|
||||||
|
- host
|
||||||
|
configs:
|
||||||
|
- source: turnserver_conf
|
||||||
|
target: /etc/coturn/turnserver.conf
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
external: true
|
external: true
|
||||||
|
host:
|
||||||
|
external: true
|
||||||
|
|
||||||
|
configs:
|
||||||
|
turnserver_conf:
|
||||||
|
name: ${STACK_NAME}_turnserver_conf_${TURNSERVER_CONF_VERSION}
|
||||||
|
file: turnserver.conf.tmpl
|
||||||
|
template_driver: golang
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
# Set the value below to your public IP address or domain.
|
||||||
|
external-ip={{ env "DOMAIN" }}
|
||||||
|
|
||||||
|
# Set the TURN/STUN server listener port for UDP and TCP.
|
||||||
|
listening-port=3478
|
||||||
|
|
||||||
|
# Create a default static user account with username "screensy" and password
|
||||||
|
# "screensy".
|
||||||
|
user=screensy:screensy
|
||||||
|
|
||||||
|
# Use long-term credential mechanism to prevent completely anonymous access by
|
||||||
|
# spammers.
|
||||||
|
lt-cred-mech
|
||||||
|
|
||||||
|
# Set the realm to be used for the users. Required by lt-cred-mech.
|
||||||
|
realm=screensy
|
||||||
|
|
||||||
|
# Turn off the CLI support since we do not support it.
|
||||||
|
no-cli
|
||||||
|
|
||||||
|
# Do not start TLS client listener since we do not support it. This is not
|
||||||
|
# dangerous, since even with an unencrypted TURN server, the WebRTC data cannot
|
||||||
|
# be compromised.
|
||||||
|
no-tls
|
||||||
|
|
||||||
|
# Do not start DTLS client listener since we do not support it.
|
||||||
|
no-dtls
|
Loading…
Reference in New Issue