generated from coop-cloud/example
310 lines
12 KiB
YAML
310 lines
12 KiB
YAML
services:
|
|
app:
|
|
image: thecodingmachine/workadventure-play:v1.31.0
|
|
environment:
|
|
- DEBUG_MODE
|
|
- JITSI_URL
|
|
- JITSI_PRIVATE_MODE
|
|
- ENABLE_MAP_EDITOR
|
|
- MAP_EDITOR_ALLOWED_USERS
|
|
- PUSHER_URL=https://${DOMAIN}
|
|
- ICON_URL=/icon
|
|
- TURN_SERVER
|
|
- TURN_USER
|
|
- TURN_PASSWORD
|
|
- TURN_STATIC_AUTH_SECRET
|
|
- STUN_SERVER
|
|
- SKIP_RENDER_OPTIMIZATIONS
|
|
- MAX_PER_GROUP
|
|
- MAX_USERNAME_LENGTH
|
|
- DISABLE_ANONYMOUS
|
|
- DISABLE_NOTIFICATIONS
|
|
- SECRET_KEY
|
|
- API_URL=back:50051
|
|
- FRONT_URL=/
|
|
- INTERNAL_MAP_STORAGE_URL=http://map-storage:3000
|
|
- PUBLIC_MAP_STORAGE_URL=https://${DOMAIN}/map-storage
|
|
- START_ROOM_URL
|
|
- OPENID_PROMPT=login
|
|
- OPENID_WOKA_NAME_POLICY
|
|
- OPENID_CLIENT_ID
|
|
- OPENID_CLIENT_SECRET
|
|
- OPENID_CLIENT_ISSUER
|
|
- OPENID_PROFILE_SCREEN_PROVIDER
|
|
- OPENID_SCOPE
|
|
- OPENID_USERNAME_CLAIM
|
|
- OPENID_LOCALE_CLAIM
|
|
- OPENID_LOGOUT_REDIRECT_URL
|
|
- FALLBACK_LOCALE
|
|
- ENABLE_CHAT
|
|
- ENABLE_CHAT_UPLOAD
|
|
- ENABLE_CHAT_ONLINE_LIST
|
|
- ENABLE_CHAT_DISCONNECTED_LIST
|
|
- UPLOADER_URL=/uploader
|
|
# Report issues menu
|
|
- ENABLE_REPORT_ISSUES_MENU=${ENABLE_REPORT_ISSUES_MENU}
|
|
- REPORT_ISSUES_URL=${REPORT_ISSUES_URL}
|
|
- ENABLE_OPENAPI_ENDPOINT=true
|
|
- ADMIN_API_TOKEN
|
|
# - ADMIN_API_URL
|
|
# - ADMIN_URL
|
|
- ROOM_API_PORT=50051
|
|
- ROOM_API_SECRET_KEY=${ROOM_API_SECRET_KEY}
|
|
- GRPC_VERBOSITY=ERROR
|
|
- GRPC_TRACE=all
|
|
- SENTRY_ORG=${SENTRY_ORG}
|
|
- SENTRY_PROJECT=${SENTRY_PROJECT}
|
|
- SENTRY_DSN_FRONT=${SENTRY_DSN_FRONT}
|
|
- SENTRY_DSN_PUSHER=${SENTRY_DSN_PUSHER}
|
|
- SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT}
|
|
- SENTRY_RELEASE=${SENTRY_RELEASE}
|
|
- SENTRY_TRACES_SAMPLE_RATE=${SENTRY_TRACES_SAMPLE_RATE}
|
|
- JITSI_DOMAIN
|
|
- JITSI_XMPP_DOMAIN
|
|
- JITSI_MUC_DOMAIN
|
|
- WOKA_SPEED
|
|
- FEATURE_FLAG_BROADCAST_AREAS=${FEATURE_FLAG_BROADCAST_AREAS}
|
|
# Tools integration
|
|
- KLAXOON_ENABLED=${KLAXOON_ENABLED}
|
|
- KLAXOON_CLIENT_ID=${KLAXOON_CLIENT_ID}
|
|
- YOUTUBE_ENABLED=${YOUTUBE_ENABLED}
|
|
- GOOGLE_DRIVE_ENABLED=${GOOGLE_DRIVE_ENABLED}
|
|
- GOOGLE_DOCS_ENABLED=${GOOGLE_DOCS_ENABLED}
|
|
- GOOGLE_SHEETS_ENABLED=${GOOGLE_SHEETS_ENABLED}
|
|
- GOOGLE_SLIDES_ENABLED=${GOOGLE_SLIDES_ENABLED}
|
|
- ERASER_ENABLED=${ERASER_ENABLED}
|
|
- EXCALIDRAW_ENABLED=${EXCALIDRAW_ENABLED}
|
|
- EXCALIDRAW_DOMAINS=${EXCALIDRAW_DOMAINS}
|
|
- EMBEDDED_DOMAINS_WHITELIST=${EMBEDDED_DOMAINS_WHITELIST}
|
|
- CARDS_ENABLED=${CARDS_ENABLED}
|
|
- PEER_VIDEO_LOW_BANDWIDTH=${PEER_VIDEO_LOW_BANDWIDTH}
|
|
- PEER_VIDEO_RECOMMENDED_BANDWIDTH=${PEER_VIDEO_RECOMMENDED_BANDWIDTH}
|
|
- PEER_SCREEN_SHARE_LOW_BANDWIDTH=${PEER_SCREEN_SHARE_LOW_BANDWIDTH}
|
|
- PEER_SCREEN_SHARE_RECOMMENDED_BANDWIDTH=${PEER_SCREEN_SHARE_RECOMMENDED_BANDWIDTH}
|
|
# Google drive picker
|
|
- GOOGLE_DRIVE_PICKER_CLIENT_ID=${GOOGLE_DRIVE_PICKER_CLIENT_ID}
|
|
- GOOGLE_DRIVE_PICKER_APP_ID=${GOOGLE_DRIVE_PICKER_APP_ID}
|
|
- MAP_STORAGE_API_TOKEN=${MAP_STORAGE_API_TOKEN:-${SECRET_KEY}}
|
|
- MAP_EDITOR_ALLOW_ALL_USERS
|
|
deploy:
|
|
labels:
|
|
traefik.enable: "true"
|
|
traefik.http.routers.play.rule: "Host(`${DOMAIN}`) && PathPrefix(`/`)"
|
|
traefik.http.routers.play.entryPoints: "web"
|
|
traefik.http.services.play.loadbalancer.server.port: "3000"
|
|
traefik.http.routers.play-ssl.rule: "Host(`${DOMAIN}`) && PathPrefix(`/`)"
|
|
traefik.http.routers.play-ssl.entryPoints: "web-secure"
|
|
traefik.http.routers.play-ssl.tls: "true"
|
|
traefik.http.routers.play-ssl.tls.certresolver: "myresolver"
|
|
traefik.http.routers.play-ssl.service: "play"
|
|
traefik.http.routers.room-api.rule: "Host(`${DOMAIN}`)"
|
|
traefik.http.routers.room-api.entryPoints: "grpc"
|
|
traefik.http.routers.room-api.service: "room-api"
|
|
traefik.http.services.room-api.loadbalancer.server.port: "50051"
|
|
traefik.http.services.room-api.loadbalancer.server.scheme: "h2c"
|
|
# traefik.http.routers.play-ws.rule: "HostRegexp(`$DOMAIN`) && PathPrefix(`/ws/`)"
|
|
# traefik.http.routers.play-ws.priority: "2"
|
|
# traefik.http.routers.play-ws.service: play-ws
|
|
# traefik.http.services.play-ws.loadbalancer.server.port: "3001"
|
|
traefik.http.routers.room-api.tls: "true"
|
|
traefik.http.routers.room-api.tls.certresolver: "myresolver"
|
|
caddy: ${DOMAIN}
|
|
caddy.@default.path: /*
|
|
caddy.reverse_proxy: "@default {{upstreams 3000}}"
|
|
caddy.tls.on_demand:
|
|
caddy.@ws.0_header: Connection *Upgrade*
|
|
caddy.@ws.1_header: Upgrade websocket
|
|
caddy.0_reverse_proxy: "@ws {{upstreams 3001}}"
|
|
caddy.1_reverse_proxy: "/ws* {{upstreams 3001}}"
|
|
coop-cloud.${STACK_NAME}.version: 0.1.0+v1.31.0
|
|
networks:
|
|
- proxy
|
|
- internal
|
|
|
|
back:
|
|
image: thecodingmachine/workadventure-back:v1.31.0
|
|
environment:
|
|
- PLAY_URL=https://${DOMAIN}
|
|
- SECRET_JITSI_KEY
|
|
- ENABLE_MAP_EDITOR
|
|
- SECRET_KEY
|
|
- ADMIN_API_TOKEN
|
|
# - ADMIN_API_URL
|
|
- TURN_SERVER
|
|
- TURN_USER
|
|
- TURN_PASSWORD
|
|
- TURN_STATIC_AUTH_SECRET
|
|
- STUN_SERVER
|
|
- JITSI_URL
|
|
- JITSI_ISS
|
|
- BBB_URL
|
|
- BBB_SECRET
|
|
- MAX_PER_GROUP
|
|
- STORE_VARIABLES_FOR_LOCAL_MAPS
|
|
- REDIS_HOST=redis
|
|
- PROMETHEUS_AUTHORIZATION_TOKEN
|
|
- MAP_STORAGE_URL=map-storage:50053
|
|
- INTERNAL_MAP_STORAGE_URL=http://map-storage:3000
|
|
- PUBLIC_MAP_STORAGE_URL=https://${DOMAIN}/map-storage
|
|
- PLAYER_VARIABLES_MAX_TTL
|
|
- ENABLE_CHAT
|
|
- ENABLE_CHAT_UPLOAD
|
|
- SENTRY_DSN=${SENTRY_DSN_BACK}
|
|
- SENTRY_RELEASE=${SENTRY_RELEASE}
|
|
- SENTRY_TRACES_SAMPLE_RATE=${SENTRY_TRACES_SAMPLE_RATE}
|
|
- MAP_EDITOR_ALLOW_ALL_USERS
|
|
deploy:
|
|
labels:
|
|
traefik.enable: "true"
|
|
traefik.docker.network: proxy
|
|
traefik.http.middlewares.strip-api-prefix.stripprefix.prefixes: "/api"
|
|
traefik.http.routers.back.rule: "Host(`${DOMAIN}`) && PathPrefix(`/api`)"
|
|
traefik.http.routers.back.middlewares: "strip-api-prefix@docker"
|
|
traefik.http.routers.back.entryPoints: "web"
|
|
traefik.http.services.back.loadbalancer.server.port: "8080"
|
|
traefik.http.routers.back-ssl.middlewares: "strip-api-prefix@docker"
|
|
traefik.http.routers.back-ssl.rule: "Host(`${DOMAIN}`) && PathPrefix(`/api`)"
|
|
traefik.http.routers.back-ssl.entryPoints: "web-secure"
|
|
traefik.http.routers.back-ssl.service: "back"
|
|
traefik.http.routers.back-ssl.tls: "true"
|
|
traefik.http.routers.back-ssl.tls.certresolver: "${LETS_ENCRYPT_ENV}"
|
|
caddy: ${DOMAIN}
|
|
caddy.@api.path: /api*
|
|
caddy.reverse_proxy: "@api {{upstreams 8080}}"
|
|
networks:
|
|
- proxy
|
|
- internal
|
|
|
|
uploader:
|
|
image: thecodingmachine/workadventure-uploader:v1.31.0
|
|
environment:
|
|
- UPLOADER_URL=https://${DOMAIN}/uploader
|
|
#AWS
|
|
- AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
|
|
- AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
|
|
- AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}
|
|
- AWS_BUCKET=${AWS_BUCKET}
|
|
- AWS_URL=${AWS_URL}
|
|
- AWS_ENDPOINT=${AWS_ENDPOINT}
|
|
#REDIS
|
|
- REDIS_HOST=redis
|
|
# - REDIS_PORT=
|
|
#CHAT
|
|
# - ADMIN_API_URL=${ADMIN_API_URL}
|
|
- ENABLE_CHAT_UPLOAD=${ENABLE_CHAT_UPLOAD}
|
|
- UPLOAD_MAX_FILESIZE=${UPLOAD_MAX_FILESIZE}
|
|
labels:
|
|
traefik.enable: "true"
|
|
traefik.http.middlewares.strip-uploader-prefix.stripprefix.prefixes: "/uploader"
|
|
traefik.http.routers.uploader.rule: "Host(`${DOMAIN}`) && PathPrefix(`/uploader`)"
|
|
traefik.http.routers.uploader.middlewares: "strip-uploader-prefix@docker"
|
|
traefik.http.routers.uploader.entryPoints: "web"
|
|
traefik.http.services.uploader.loadbalancer.server.port: "8080"
|
|
traefik.http.routers.uploader-ssl.middlewares: "strip-uploader-prefix@docker"
|
|
traefik.http.routers.uploader-ssl.rule: "Host(`${DOMAIN}`) && PathPrefix(`/uploader`)"
|
|
traefik.http.routers.uploader-ssl.entryPoints: "web-secure"
|
|
traefik.http.routers.uploader-ssl.service: "uploader"
|
|
traefik.http.routers.uploader-ssl.tls: "true"
|
|
traefik.http.routers.uploader-ssl.tls.certresolver: "myresolver"
|
|
caddy: ${DOMAIN}
|
|
caddy.@uploader.path: /uploader*
|
|
caddy.reverse_proxy: "@uploader {{upstreams 8080}}"
|
|
networks:
|
|
- internal
|
|
- proxy
|
|
|
|
icon:
|
|
image: matthiasluedtke/iconserver:v3.22.0
|
|
labels:
|
|
traefik.enable: "true"
|
|
traefik.http.middlewares.strip-icon-prefix.stripprefix.prefixes: "/icon"
|
|
traefik.http.routers.icon.middlewares: "strip-icon-prefix@docker"
|
|
traefik.http.routers.icon.rule: "Host(`${DOMAIN}`) && PathPrefix(`/icon`)"
|
|
traefik.http.routers.icon.entryPoints: "web"
|
|
traefik.http.services.icon.loadbalancer.server.port: "8080"
|
|
traefik.http.routers.icon-ssl.middlewares: "strip-icon-prefix@docker"
|
|
traefik.http.routers.icon-ssl.rule: "Host(`${DOMAIN}`) && PathPrefix(`/icon`)"
|
|
traefik.http.routers.icon-ssl.entryPoints: "web-secure"
|
|
traefik.http.routers.icon-ssl.service: "icon"
|
|
traefik.http.routers.icon-ssl.tls: "true"
|
|
traefik.http.routers.icon-ssl.tls.certresolver: "myresolver"
|
|
caddy: ${DOMAIN}
|
|
caddy.@icon.path: /icon*
|
|
caddy.reverse_proxy: "@icon {{upstreams 8080}}"
|
|
networks:
|
|
- proxy
|
|
- internal
|
|
|
|
redis:
|
|
image: redis:8
|
|
volumes:
|
|
- redisdata:/data
|
|
networks:
|
|
- proxy
|
|
|
|
map-storage:
|
|
image: thecodingmachine/workadventure-map-storage:v1.31.0
|
|
environment:
|
|
API_URL: back:50051
|
|
PROMETHEUS_AUTHORIZATION_TOKEN: "$PROMETHEUS_AUTHORIZATION_TOKEN"
|
|
AUTHENTICATION_STRATEGY: "$MAP_STORAGE_AUTHENTICATION_STRATEGY"
|
|
ENABLE_BEARER_AUTHENTICATION: "$MAP_STORAGE_ENABLE_BEARER_AUTHENTICATION"
|
|
ENABLE_BASIC_AUTHENTICATION: "$MAP_STORAGE_ENABLE_BASIC_AUTHENTICATION"
|
|
ENABLE_DIGEST_AUTHENTICATION: "$MAP_STORAGE_ENABLE_DIGEST_AUTHENTICATION"
|
|
AUTHENTICATION_USER: "$MAP_STORAGE_AUTHENTICATION_USER"
|
|
AUTHENTICATION_PASSWORD: "$MAP_STORAGE_AUTHENTICATION_PASSWORD"
|
|
AUTHENTICATION_TOKEN: "$MAP_STORAGE_AUTHENTICATION_TOKEN"
|
|
AUTHENTICATION_VALIDATOR_URL: "$MAP_STORAGE_AUTHENTICATION_VALIDATOR_URL"
|
|
SENTRY_DSN: $SENTRY_DSN_MAPSTORAGE
|
|
SENTRY_RELEASE: $SENTRY_RELEASE
|
|
SENTRY_ENVIRONMENT: $SENTRY_ENVIRONMENT
|
|
SENTRY_TRACES_SAMPLE_RATE: $SENTRY_TRACES_SAMPLE_RATE
|
|
PATH_PREFIX: "/map-storage"
|
|
ENTITY_COLLECTION_URLS: "https://${DOMAIN}/collections/FurnitureCollection.json,https://${DOMAIN}/collections/OfficeCollection.json"
|
|
MAP_STORAGE_API_TOKEN: "${MAP_STORAGE_API_TOKEN:-${SECRET_KEY}}"
|
|
PUSHER_URL: "https://${DOMAIN}/"
|
|
volumes:
|
|
- map-storage-data:/maps
|
|
labels:
|
|
traefik.enable: "true"
|
|
traefik.http.middlewares.strip-map-storage-prefix.stripprefix.prefixes: "/map-storage"
|
|
traefik.http.routers.map-storage.middlewares: "strip-map-storage-prefix@docker"
|
|
traefik.http.routers.map-storage.rule: "Host(`${DOMAIN}`) && PathPrefix(`/map-storage`)"
|
|
traefik.http.routers.map-storage.entryPoints: "web"
|
|
traefik.http.services.map-storage.loadbalancer.server.port: "3000"
|
|
traefik.http.routers.map-storage-ssl.middlewares: "strip-map-storage-prefix@docker"
|
|
traefik.http.routers.map-storage-ssl.rule: "Host(`${DOMAIN}`) && PathPrefix(`/map-storage`)"
|
|
traefik.http.routers.map-storage-ssl.entryPoints: "web-secure"
|
|
traefik.http.routers.map-storage-ssl.service: "map-storage"
|
|
traefik.http.routers.map-storage-ssl.tls: "true"
|
|
traefik.http.routers.map-storage-ssl.tls.certresolver: "myresolver"
|
|
caddy: ${DOMAIN}
|
|
caddy.handle_path: /map-storage*
|
|
caddy.handle_path.reverse_proxy: "{{upstreams 3000}}"
|
|
networks:
|
|
- proxy
|
|
- internal
|
|
|
|
volumes:
|
|
redisdata:
|
|
map-storage-data:
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
internal:
|
|
|
|
secrets:
|
|
turn_static_auth_secret:
|
|
external: true
|
|
name: ${STACK_NAME}_turn_static_auth_secret_${SECRET_TURN_STATIC_AUTH_SECRET_VERSION}
|
|
admin_api_token:
|
|
external: true
|
|
name: ${STACK_NAME}_admin_api_token_${SECRET_ADMIN_API_TOKEN_VERSION}
|
|
secret_key:
|
|
external: true
|
|
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
|
|
matrix_admin_password:
|
|
external: true
|
|
name: ${STACK_NAME}_matrix_admin_password_${SECRET_MATRIX_ADMIN_PASSWORD_VERSION}
|