generated from coop-cloud/example
138 lines
4.0 KiB
YAML
138 lines
4.0 KiB
YAML
---
|
|
version: "3.8"
|
|
|
|
x-environment: &default-env
|
|
- SNIKKET_ADMIN_EMAIL
|
|
- SNIKKET_CERTFILE=/certs/$DOMAIN/cert.pem
|
|
- SNIKKET_DOMAIN=${DOMAIN}
|
|
- SNIKKET_KEYFILE=/certs/$DOMAIN/key.pem
|
|
- SNIKKET_TWEAK_INTERNAL_HTTP_HOST=${STACK_NAME}_server
|
|
- SNIKKET_TWEAK_INTERNAL_HTTP_INTERFACE=0.0.0.0
|
|
- SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_HOST=${STACK_NAME}_portal
|
|
- SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_INTERFACE=0.0.0.0
|
|
- SNIKKET_TWEAK_TURNSERVER=0
|
|
- SNIKKET_TWEAK_TURNSERVER_DOMAIN
|
|
- SNIKKET_TWEAK_TURNSERVER_SECRET_FILE=/run/secrets/coturn_secret
|
|
- SNIKKET_WEB_PROSODY_ENDPOINT=http://${STACK_NAME}_server:5280
|
|
|
|
services:
|
|
app:
|
|
image: snikket/snikket-web-proxy:beta.20220119.1
|
|
networks:
|
|
- proxy
|
|
- backend
|
|
environment: *default-env
|
|
volumes:
|
|
- snikket_data:/snikket
|
|
configs:
|
|
- source: cert_monitor
|
|
target: /usr/local/bin/cert-monitor.sh
|
|
mode: 0555
|
|
- source: http_template
|
|
target: /etc/nginx/templates/http
|
|
deploy:
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`, `groups.${DOMAIN}`, `share.${DOMAIN}`${EXTRA_DOMAINS})"
|
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
|
- "traefik.http.routers.${STACK_NAME}.tls.domains[0].main=${DOMAIN}"
|
|
- "traefik.http.routers.${STACK_NAME}.tls.domains[0].sans=groups.${DOMAIN},share.${DOMAIN}"
|
|
- "coop-cloud.${STACK_NAME}.version=0.1.0+beta.20220119.1"
|
|
|
|
portal:
|
|
image: snikket/snikket-web-portal:beta.20220119.1
|
|
environment: *default-env
|
|
networks:
|
|
- backend
|
|
|
|
server:
|
|
image: snikket/snikket-server:beta.20220119.1
|
|
secrets:
|
|
- coturn_secret
|
|
configs:
|
|
- source: app_entrypoint
|
|
target: /docker-entrypoint.sh
|
|
mode: 0555
|
|
- source: prosody_cfg
|
|
target: /etc/prosody/prosody.cfg.lua
|
|
- source: start_coturn
|
|
target: /usr/local/bin/start-coturn.sh
|
|
mode: 0555
|
|
volumes:
|
|
- snikket_data:/snikket
|
|
- certs:/certs
|
|
environment: *default-env
|
|
entrypoint: /docker-entrypoint.sh
|
|
networks:
|
|
- backend
|
|
ports:
|
|
# Client App Connections (Client to Server) (XMPP-c2s)
|
|
- target: 5222
|
|
published: 5222
|
|
mode: host
|
|
- target: 5223
|
|
published: 5223
|
|
mode: host
|
|
|
|
# Federation With Other Snikket Servers (Server to Server) (XMPP-s2s)
|
|
- target: 5269
|
|
published: 5269
|
|
mode: host
|
|
|
|
# File Transfer Proxy (proxy65)
|
|
- target: 5000
|
|
published: 5000
|
|
mode: host
|
|
|
|
certs:
|
|
image: humenius/traefik-certs-dumper:1.5
|
|
volumes:
|
|
- traefik_letsencrypt:/traefik
|
|
- certs:/output
|
|
environment:
|
|
- ACME_FILE_PATH=/traefik/production-acme.json
|
|
- DOMAIN=${DOMAIN},groups.${DOMAIN},share.${DOMAIN}
|
|
- OVERRIDE_UID=101 # prosody
|
|
- OVERRIDE_GID=102 # prosody
|
|
|
|
configs:
|
|
app_entrypoint:
|
|
name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
|
|
file: entrypoint.sh.tmpl
|
|
template_driver: golang
|
|
cert_monitor:
|
|
name: ${STACK_NAME}_cert_monitor_${CERT_MONITOR_VERSION}
|
|
file: cert-monitor.sh.tmpl
|
|
template_driver: golang
|
|
http_template:
|
|
name: ${STACK_NAME}_http_template_${HTTP_TEMPLATE_VERSION}
|
|
file: http.template.tmpl
|
|
template_driver: golang
|
|
prosody_cfg:
|
|
name: ${STACK_NAME}_prosody_cfg_lua_${PROSODY_CFG_LUA_VERSION}
|
|
file: prosody.cfg.lua.tmpl
|
|
template_driver: golang
|
|
start_coturn:
|
|
name: ${STACK_NAME}_start_coturn_${START_COTURN_VERSION}
|
|
file: start-coturn.sh.tmpl
|
|
template_driver: golang
|
|
|
|
secrets:
|
|
coturn_secret:
|
|
external: true
|
|
name: ${STACK_NAME}_coturn_secret_${SECRET_COTURN_SECRET_VERSION}
|
|
|
|
volumes:
|
|
snikket_data:
|
|
certs:
|
|
traefik_letsencrypt:
|
|
name: "${TRAEFIK_SERVICE:-traefik_letsencrypt}"
|
|
external: true
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
backend:
|