--- version: "3.8" x-environment: &default-env - SNIKKET_ADMIN_EMAIL - SNIKKET_CERTFILE=/certs/$DOMAIN/cert.pem - SNIKKET_DOMAIN=${DOMAIN} - SNIKKET_KEYFILE=/certs/$DOMAIN/key.pem - SNIKKET_TWEAK_INTERNAL_HTTP_HOST=${STACK_NAME}_server - SNIKKET_TWEAK_INTERNAL_HTTP_INTERFACE=0.0.0.0 - SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_HOST=${STACK_NAME}_portal - SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_INTERFACE=0.0.0.0 - SNIKKET_TWEAK_TURNSERVER=0 - SNIKKET_TWEAK_TURNSERVER_DOMAIN - SNIKKET_TWEAK_TURNSERVER_SECRET_FILE=/run/secrets/coturn_secret - SNIKKET_WEB_PROSODY_ENDPOINT=http://${STACK_NAME}_server:5280 services: app: image: snikket/snikket-web-proxy:beta.20220119.1 networks: - proxy - backend environment: *default-env volumes: - snikket_data:/snikket configs: - source: cert_monitor target: /usr/local/bin/cert-monitor.sh mode: 0555 - source: http_template target: /etc/nginx/templates/http deploy: labels: - "traefik.enable=true" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`, `groups.${DOMAIN}`, `share.${DOMAIN}`${EXTRA_DOMAINS})" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.tls.domains[0].main=${DOMAIN}" - "traefik.http.routers.${STACK_NAME}.tls.domains[0].sans=groups.${DOMAIN},share.${DOMAIN}" - "coop-cloud.${STACK_NAME}.version=0.1.0+beta.20220119.1" portal: image: snikket/snikket-web-portal:beta.20220119.1 environment: *default-env networks: - backend server: image: snikket/snikket-server:beta.20220119.1 secrets: - coturn_secret configs: - source: app_entrypoint target: /docker-entrypoint.sh mode: 0555 - source: prosody_cfg target: /etc/prosody/prosody.cfg.lua - source: start_coturn target: /usr/local/bin/start-coturn.sh mode: 0555 volumes: - snikket_data:/snikket - certs:/certs environment: *default-env entrypoint: /docker-entrypoint.sh networks: - backend ports: # Client App Connections (Client to Server) (XMPP-c2s) - target: 5222 published: 5222 mode: host - target: 5223 published: 5223 mode: host # Federation With Other Snikket Servers (Server to Server) (XMPP-s2s) - target: 5269 published: 5269 mode: host # File Transfer Proxy (proxy65) - target: 5000 published: 5000 mode: host certs: image: humenius/traefik-certs-dumper:1.5 volumes: - traefik_letsencrypt:/traefik - certs:/output environment: - ACME_FILE_PATH=/traefik/production-acme.json - DOMAIN=${DOMAIN},groups.${DOMAIN},share.${DOMAIN} - OVERRIDE_UID=101 # prosody - OVERRIDE_GID=102 # prosody configs: app_entrypoint: name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION} file: entrypoint.sh.tmpl template_driver: golang cert_monitor: name: ${STACK_NAME}_cert_monitor_${CERT_MONITOR_VERSION} file: cert-monitor.sh.tmpl template_driver: golang http_template: name: ${STACK_NAME}_http_template_${HTTP_TEMPLATE_VERSION} file: http.template.tmpl template_driver: golang prosody_cfg: name: ${STACK_NAME}_prosody_cfg_lua_${PROSODY_CFG_LUA_VERSION} file: prosody.cfg.lua.tmpl template_driver: golang start_coturn: name: ${STACK_NAME}_start_coturn_${START_COTURN_VERSION} file: start-coturn.sh.tmpl template_driver: golang secrets: coturn_secret: external: true name: ${STACK_NAME}_coturn_secret_${SECRET_COTURN_SECRET_VERSION} volumes: snikket_data: certs: traefik_letsencrypt: name: "${TRAEFIK_SERVICE:-traefik_letsencrypt}" external: true networks: proxy: external: true backend: