Files
workadventure/compose.yml
T
Bortseb 30f7f58106
continuous-integration/drone/push Build is failing
Add initial coop-cloud version number
2026-06-10 03:17:47 +00:00

310 lines
12 KiB
YAML

services:
app:
image: thecodingmachine/workadventure-play:v1.31.0
environment:
- DEBUG_MODE
- JITSI_URL
- JITSI_PRIVATE_MODE
- ENABLE_MAP_EDITOR
- MAP_EDITOR_ALLOWED_USERS
- PUSHER_URL=https://${DOMAIN}
- ICON_URL=/icon
- TURN_SERVER
- TURN_USER
- TURN_PASSWORD
- TURN_STATIC_AUTH_SECRET
- STUN_SERVER
- SKIP_RENDER_OPTIMIZATIONS
- MAX_PER_GROUP
- MAX_USERNAME_LENGTH
- DISABLE_ANONYMOUS
- DISABLE_NOTIFICATIONS
- SECRET_KEY
- API_URL=back:50051
- FRONT_URL=/
- INTERNAL_MAP_STORAGE_URL=http://map-storage:3000
- PUBLIC_MAP_STORAGE_URL=https://${DOMAIN}/map-storage
- START_ROOM_URL
- OPENID_PROMPT=login
- OPENID_WOKA_NAME_POLICY
- OPENID_CLIENT_ID
- OPENID_CLIENT_SECRET
- OPENID_CLIENT_ISSUER
- OPENID_PROFILE_SCREEN_PROVIDER
- OPENID_SCOPE
- OPENID_USERNAME_CLAIM
- OPENID_LOCALE_CLAIM
- OPENID_LOGOUT_REDIRECT_URL
- FALLBACK_LOCALE
- ENABLE_CHAT
- ENABLE_CHAT_UPLOAD
- ENABLE_CHAT_ONLINE_LIST
- ENABLE_CHAT_DISCONNECTED_LIST
- UPLOADER_URL=/uploader
# Report issues menu
- ENABLE_REPORT_ISSUES_MENU=${ENABLE_REPORT_ISSUES_MENU}
- REPORT_ISSUES_URL=${REPORT_ISSUES_URL}
- ENABLE_OPENAPI_ENDPOINT=true
- ADMIN_API_TOKEN
# - ADMIN_API_URL
# - ADMIN_URL
- ROOM_API_PORT=50051
- ROOM_API_SECRET_KEY=${ROOM_API_SECRET_KEY}
- GRPC_VERBOSITY=ERROR
- GRPC_TRACE=all
- SENTRY_ORG=${SENTRY_ORG}
- SENTRY_PROJECT=${SENTRY_PROJECT}
- SENTRY_DSN_FRONT=${SENTRY_DSN_FRONT}
- SENTRY_DSN_PUSHER=${SENTRY_DSN_PUSHER}
- SENTRY_ENVIRONMENT=${SENTRY_ENVIRONMENT}
- SENTRY_RELEASE=${SENTRY_RELEASE}
- SENTRY_TRACES_SAMPLE_RATE=${SENTRY_TRACES_SAMPLE_RATE}
- JITSI_DOMAIN
- JITSI_XMPP_DOMAIN
- JITSI_MUC_DOMAIN
- WOKA_SPEED
- FEATURE_FLAG_BROADCAST_AREAS=${FEATURE_FLAG_BROADCAST_AREAS}
# Tools integration
- KLAXOON_ENABLED=${KLAXOON_ENABLED}
- KLAXOON_CLIENT_ID=${KLAXOON_CLIENT_ID}
- YOUTUBE_ENABLED=${YOUTUBE_ENABLED}
- GOOGLE_DRIVE_ENABLED=${GOOGLE_DRIVE_ENABLED}
- GOOGLE_DOCS_ENABLED=${GOOGLE_DOCS_ENABLED}
- GOOGLE_SHEETS_ENABLED=${GOOGLE_SHEETS_ENABLED}
- GOOGLE_SLIDES_ENABLED=${GOOGLE_SLIDES_ENABLED}
- ERASER_ENABLED=${ERASER_ENABLED}
- EXCALIDRAW_ENABLED=${EXCALIDRAW_ENABLED}
- EXCALIDRAW_DOMAINS=${EXCALIDRAW_DOMAINS}
- EMBEDDED_DOMAINS_WHITELIST=${EMBEDDED_DOMAINS_WHITELIST}
- CARDS_ENABLED=${CARDS_ENABLED}
- PEER_VIDEO_LOW_BANDWIDTH=${PEER_VIDEO_LOW_BANDWIDTH}
- PEER_VIDEO_RECOMMENDED_BANDWIDTH=${PEER_VIDEO_RECOMMENDED_BANDWIDTH}
- PEER_SCREEN_SHARE_LOW_BANDWIDTH=${PEER_SCREEN_SHARE_LOW_BANDWIDTH}
- PEER_SCREEN_SHARE_RECOMMENDED_BANDWIDTH=${PEER_SCREEN_SHARE_RECOMMENDED_BANDWIDTH}
# Google drive picker
- GOOGLE_DRIVE_PICKER_CLIENT_ID=${GOOGLE_DRIVE_PICKER_CLIENT_ID}
- GOOGLE_DRIVE_PICKER_APP_ID=${GOOGLE_DRIVE_PICKER_APP_ID}
- MAP_STORAGE_API_TOKEN=${MAP_STORAGE_API_TOKEN:-${SECRET_KEY}}
- MAP_EDITOR_ALLOW_ALL_USERS
deploy:
labels:
traefik.enable: "true"
traefik.http.routers.play.rule: "Host(`${DOMAIN}`) && PathPrefix(`/`)"
traefik.http.routers.play.entryPoints: "web"
traefik.http.services.play.loadbalancer.server.port: "3000"
traefik.http.routers.play-ssl.rule: "Host(`${DOMAIN}`) && PathPrefix(`/`)"
traefik.http.routers.play-ssl.entryPoints: "web-secure"
traefik.http.routers.play-ssl.tls: "true"
traefik.http.routers.play-ssl.tls.certresolver: "myresolver"
traefik.http.routers.play-ssl.service: "play"
traefik.http.routers.room-api.rule: "Host(`${DOMAIN}`)"
traefik.http.routers.room-api.entryPoints: "grpc"
traefik.http.routers.room-api.service: "room-api"
traefik.http.services.room-api.loadbalancer.server.port: "50051"
traefik.http.services.room-api.loadbalancer.server.scheme: "h2c"
# traefik.http.routers.play-ws.rule: "HostRegexp(`$DOMAIN`) && PathPrefix(`/ws/`)"
# traefik.http.routers.play-ws.priority: "2"
# traefik.http.routers.play-ws.service: play-ws
# traefik.http.services.play-ws.loadbalancer.server.port: "3001"
traefik.http.routers.room-api.tls: "true"
traefik.http.routers.room-api.tls.certresolver: "myresolver"
caddy: ${DOMAIN}
caddy.@default.path: /*
caddy.reverse_proxy: "@default {{upstreams 3000}}"
caddy.tls.on_demand:
caddy.@ws.0_header: Connection *Upgrade*
caddy.@ws.1_header: Upgrade websocket
caddy.0_reverse_proxy: "@ws {{upstreams 3001}}"
caddy.1_reverse_proxy: "/ws* {{upstreams 3001}}"
coop-cloud.${STACK_NAME}.version: 0.1.0+v1.31.0
networks:
- proxy
- internal
back:
image: thecodingmachine/workadventure-back:v1.31.0
environment:
- PLAY_URL=https://${DOMAIN}
- SECRET_JITSI_KEY
- ENABLE_MAP_EDITOR
- SECRET_KEY
- ADMIN_API_TOKEN
# - ADMIN_API_URL
- TURN_SERVER
- TURN_USER
- TURN_PASSWORD
- TURN_STATIC_AUTH_SECRET
- STUN_SERVER
- JITSI_URL
- JITSI_ISS
- BBB_URL
- BBB_SECRET
- MAX_PER_GROUP
- STORE_VARIABLES_FOR_LOCAL_MAPS
- REDIS_HOST=redis
- PROMETHEUS_AUTHORIZATION_TOKEN
- MAP_STORAGE_URL=map-storage:50053
- INTERNAL_MAP_STORAGE_URL=http://map-storage:3000
- PUBLIC_MAP_STORAGE_URL=https://${DOMAIN}/map-storage
- PLAYER_VARIABLES_MAX_TTL
- ENABLE_CHAT
- ENABLE_CHAT_UPLOAD
- SENTRY_DSN=${SENTRY_DSN_BACK}
- SENTRY_RELEASE=${SENTRY_RELEASE}
- SENTRY_TRACES_SAMPLE_RATE=${SENTRY_TRACES_SAMPLE_RATE}
- MAP_EDITOR_ALLOW_ALL_USERS
deploy:
labels:
traefik.enable: "true"
traefik.docker.network: proxy
traefik.http.middlewares.strip-api-prefix.stripprefix.prefixes: "/api"
traefik.http.routers.back.rule: "Host(`${DOMAIN}`) && PathPrefix(`/api`)"
traefik.http.routers.back.middlewares: "strip-api-prefix@docker"
traefik.http.routers.back.entryPoints: "web"
traefik.http.services.back.loadbalancer.server.port: "8080"
traefik.http.routers.back-ssl.middlewares: "strip-api-prefix@docker"
traefik.http.routers.back-ssl.rule: "Host(`${DOMAIN}`) && PathPrefix(`/api`)"
traefik.http.routers.back-ssl.entryPoints: "web-secure"
traefik.http.routers.back-ssl.service: "back"
traefik.http.routers.back-ssl.tls: "true"
traefik.http.routers.back-ssl.tls.certresolver: "${LETS_ENCRYPT_ENV}"
caddy: ${DOMAIN}
caddy.@api.path: /api*
caddy.reverse_proxy: "@api {{upstreams 8080}}"
networks:
- proxy
- internal
uploader:
image: thecodingmachine/workadventure-uploader:v1.31.0
environment:
- UPLOADER_URL=https://${DOMAIN}/uploader
#AWS
- AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
- AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
- AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION}
- AWS_BUCKET=${AWS_BUCKET}
- AWS_URL=${AWS_URL}
- AWS_ENDPOINT=${AWS_ENDPOINT}
#REDIS
- REDIS_HOST=redis
# - REDIS_PORT=
#CHAT
# - ADMIN_API_URL=${ADMIN_API_URL}
- ENABLE_CHAT_UPLOAD=${ENABLE_CHAT_UPLOAD}
- UPLOAD_MAX_FILESIZE=${UPLOAD_MAX_FILESIZE}
labels:
traefik.enable: "true"
traefik.http.middlewares.strip-uploader-prefix.stripprefix.prefixes: "/uploader"
traefik.http.routers.uploader.rule: "Host(`${DOMAIN}`) && PathPrefix(`/uploader`)"
traefik.http.routers.uploader.middlewares: "strip-uploader-prefix@docker"
traefik.http.routers.uploader.entryPoints: "web"
traefik.http.services.uploader.loadbalancer.server.port: "8080"
traefik.http.routers.uploader-ssl.middlewares: "strip-uploader-prefix@docker"
traefik.http.routers.uploader-ssl.rule: "Host(`${DOMAIN}`) && PathPrefix(`/uploader`)"
traefik.http.routers.uploader-ssl.entryPoints: "web-secure"
traefik.http.routers.uploader-ssl.service: "uploader"
traefik.http.routers.uploader-ssl.tls: "true"
traefik.http.routers.uploader-ssl.tls.certresolver: "myresolver"
caddy: ${DOMAIN}
caddy.@uploader.path: /uploader*
caddy.reverse_proxy: "@uploader {{upstreams 8080}}"
networks:
- internal
- proxy
icon:
image: matthiasluedtke/iconserver:v3.22.0
labels:
traefik.enable: "true"
traefik.http.middlewares.strip-icon-prefix.stripprefix.prefixes: "/icon"
traefik.http.routers.icon.middlewares: "strip-icon-prefix@docker"
traefik.http.routers.icon.rule: "Host(`${DOMAIN}`) && PathPrefix(`/icon`)"
traefik.http.routers.icon.entryPoints: "web"
traefik.http.services.icon.loadbalancer.server.port: "8080"
traefik.http.routers.icon-ssl.middlewares: "strip-icon-prefix@docker"
traefik.http.routers.icon-ssl.rule: "Host(`${DOMAIN}`) && PathPrefix(`/icon`)"
traefik.http.routers.icon-ssl.entryPoints: "web-secure"
traefik.http.routers.icon-ssl.service: "icon"
traefik.http.routers.icon-ssl.tls: "true"
traefik.http.routers.icon-ssl.tls.certresolver: "myresolver"
caddy: ${DOMAIN}
caddy.@icon.path: /icon*
caddy.reverse_proxy: "@icon {{upstreams 8080}}"
networks:
- proxy
- internal
redis:
image: redis:8
volumes:
- redisdata:/data
networks:
- proxy
map-storage:
image: thecodingmachine/workadventure-map-storage:v1.31.0
environment:
API_URL: back:50051
PROMETHEUS_AUTHORIZATION_TOKEN: "$PROMETHEUS_AUTHORIZATION_TOKEN"
AUTHENTICATION_STRATEGY: "$MAP_STORAGE_AUTHENTICATION_STRATEGY"
ENABLE_BEARER_AUTHENTICATION: "$MAP_STORAGE_ENABLE_BEARER_AUTHENTICATION"
ENABLE_BASIC_AUTHENTICATION: "$MAP_STORAGE_ENABLE_BASIC_AUTHENTICATION"
ENABLE_DIGEST_AUTHENTICATION: "$MAP_STORAGE_ENABLE_DIGEST_AUTHENTICATION"
AUTHENTICATION_USER: "$MAP_STORAGE_AUTHENTICATION_USER"
AUTHENTICATION_PASSWORD: "$MAP_STORAGE_AUTHENTICATION_PASSWORD"
AUTHENTICATION_TOKEN: "$MAP_STORAGE_AUTHENTICATION_TOKEN"
AUTHENTICATION_VALIDATOR_URL: "$MAP_STORAGE_AUTHENTICATION_VALIDATOR_URL"
SENTRY_DSN: $SENTRY_DSN_MAPSTORAGE
SENTRY_RELEASE: $SENTRY_RELEASE
SENTRY_ENVIRONMENT: $SENTRY_ENVIRONMENT
SENTRY_TRACES_SAMPLE_RATE: $SENTRY_TRACES_SAMPLE_RATE
PATH_PREFIX: "/map-storage"
ENTITY_COLLECTION_URLS: "https://${DOMAIN}/collections/FurnitureCollection.json,https://${DOMAIN}/collections/OfficeCollection.json"
MAP_STORAGE_API_TOKEN: "${MAP_STORAGE_API_TOKEN:-${SECRET_KEY}}"
PUSHER_URL: "https://${DOMAIN}/"
volumes:
- map-storage-data:/maps
labels:
traefik.enable: "true"
traefik.http.middlewares.strip-map-storage-prefix.stripprefix.prefixes: "/map-storage"
traefik.http.routers.map-storage.middlewares: "strip-map-storage-prefix@docker"
traefik.http.routers.map-storage.rule: "Host(`${DOMAIN}`) && PathPrefix(`/map-storage`)"
traefik.http.routers.map-storage.entryPoints: "web"
traefik.http.services.map-storage.loadbalancer.server.port: "3000"
traefik.http.routers.map-storage-ssl.middlewares: "strip-map-storage-prefix@docker"
traefik.http.routers.map-storage-ssl.rule: "Host(`${DOMAIN}`) && PathPrefix(`/map-storage`)"
traefik.http.routers.map-storage-ssl.entryPoints: "web-secure"
traefik.http.routers.map-storage-ssl.service: "map-storage"
traefik.http.routers.map-storage-ssl.tls: "true"
traefik.http.routers.map-storage-ssl.tls.certresolver: "myresolver"
caddy: ${DOMAIN}
caddy.handle_path: /map-storage*
caddy.handle_path.reverse_proxy: "{{upstreams 3000}}"
networks:
- proxy
- internal
volumes:
redisdata:
map-storage-data:
networks:
proxy:
external: true
internal:
secrets:
turn_static_auth_secret:
external: true
name: ${STACK_NAME}_turn_static_auth_secret_${SECRET_TURN_STATIC_AUTH_SECRET_VERSION}
admin_api_token:
external: true
name: ${STACK_NAME}_admin_api_token_${SECRET_ADMIN_API_TOKEN_VERSION}
secret_key:
external: true
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
matrix_admin_password:
external: true
name: ${STACK_NAME}_matrix_admin_password_${SECRET_MATRIX_ADMIN_PASSWORD_VERSION}