generated from coop-cloud/example
110 lines
3.0 KiB
YAML
110 lines
3.0 KiB
YAML
---
|
|
version: "3.8"
|
|
|
|
x-environment: &default-env
|
|
- SNIKKET_ADMIN_EMAIL
|
|
- SNIKKET_CERTFILE=/certs/$DOMAIN/cert.pem
|
|
- SNIKKET_DOMAIN=${DOMAIN}
|
|
- SNIKKET_KEYFILE=/certs/$DOMAIN/key.pem
|
|
- SNIKKET_TWEAK_INTERNAL_HTTP_HOST=${STACK_NAME}_server
|
|
- SNIKKET_TWEAK_INTERNAL_HTTP_INTERFACE=0.0.0.0
|
|
- SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_HOST=${STACK_NAME}_portal
|
|
- SNIKKET_TWEAK_PORTAL_INTERNAL_HTTP_INTERFACE=0.0.0.0
|
|
- SNIKKET_TWEAK_TURNSERVER=0
|
|
- SNIKKET_TWEAK_TURNSERVER_DOMAIN
|
|
- SNIKKET_TWEAK_TURNSERVER_SECRET_FILE=/run/secrets/coturn_secret
|
|
- SNIKKET_WEB_PROSODY_ENDPOINT=http://${STACK_NAME}_server:5280
|
|
|
|
services:
|
|
app:
|
|
image: thecoopcloud/snikket-web-proxy:latest
|
|
networks:
|
|
- proxy
|
|
- backend
|
|
environment: *default-env
|
|
volumes:
|
|
- snikket_data:/snikket
|
|
deploy:
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`, `groups.${DOMAIN}`, `share.${DOMAIN}`${EXTRA_DOMAINS})"
|
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
|
- "traefik.http.routers.${STACK_NAME}.tls.domains[0].main=${DOMAIN}"
|
|
- "traefik.http.routers.${STACK_NAME}.tls.domains[0].sans=groups.${DOMAIN},share.${DOMAIN}"
|
|
|
|
portal:
|
|
image: snikket/snikket-web-portal:beta
|
|
environment: *default-env
|
|
networks:
|
|
- backend
|
|
|
|
server:
|
|
image: thecoopcloud/snikket-server:latest
|
|
secrets:
|
|
- coturn_secret
|
|
configs:
|
|
- source: app_entrypoint
|
|
target: /docker-entrypoint.sh
|
|
mode: 0555
|
|
volumes:
|
|
- snikket_data:/snikket
|
|
- certs:/certs
|
|
environment: *default-env
|
|
entrypoint: /docker-entrypoint.sh
|
|
networks:
|
|
- backend
|
|
ports:
|
|
# Client App Connections (Client to Server) (XMPP-c2s)
|
|
- target: 5222
|
|
published: 5222
|
|
mode: host
|
|
- target: 5223
|
|
published: 5223
|
|
mode: host
|
|
|
|
# Federation With Other Snikket Servers (Server to Server) (XMPP-s2s)
|
|
- target: 5269
|
|
published: 5269
|
|
mode: host
|
|
|
|
# File Transfer Proxy (proxy65)
|
|
- target: 5000
|
|
published: 5000
|
|
mode: host
|
|
|
|
certs:
|
|
image: humenius/traefik-certs-dumper:1.5
|
|
volumes:
|
|
- traefik_letsencrypt:/traefik
|
|
- certs:/output
|
|
environment:
|
|
- ACME_FILE_PATH=/traefik/production-acme.json
|
|
- DOMAIN=${DOMAIN},groups.${DOMAIN},share.${DOMAIN}
|
|
- OVERRIDE_UID=101 # prosody
|
|
- OVERRIDE_GID=102 # prosody
|
|
|
|
configs:
|
|
app_entrypoint:
|
|
name: ${STACK_NAME}_app_entrypoint_${APP_ENTRYPOINT_VERSION}
|
|
file: entrypoint.sh.tmpl
|
|
template_driver: golang
|
|
|
|
secrets:
|
|
coturn_secret:
|
|
external: true
|
|
name: ${STACK_NAME}_coturn_secret_${SECRET_COTURN_SECRET_VERSION}
|
|
|
|
volumes:
|
|
snikket_data:
|
|
certs:
|
|
traefik_letsencrypt:
|
|
name: "${TRAEFIK_SERVICE:-traefik_letsencrypt}"
|
|
external: true
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
backend:
|