diff --git a/compose.yml b/compose.yml index 84bc6e8..eb3cb47 100644 --- a/compose.yml +++ b/compose.yml @@ -53,7 +53,7 @@ services: TURN_SERVER: ${TURN_SERVER:-} TURN_SECRET: ${TURN_SECRET:-} ENABLE_LEARNING_DASHBOARD: ${ENABLE_LEARNING_DASHBOARD:-true} - NUMBER_OF_BACKEND_NODEJS_PROCESSES: 2 + NUMBER_OF_BACKEND_NODEJS_PROCESSES: 2 # look for containers? volumes: - bigbluebutton:/var/bigbluebutton - vol-freeswitch:/var/freeswitch/meetings @@ -61,6 +61,8 @@ services: bbb-net: ipv4_address: 10.7.7.2 + # create compose overrides for multiple backend/frontend + # see authentik repo for compose file reference in .env html5-backend-1: <<: *html5backend environment: @@ -314,21 +316,19 @@ services: # wip: coturn (how to ssl? entrypoint.sh deals with this too) coturn: image: coturn/coturn:4.6-alpine - command: - - "--external-ip=${EXTERNAL_IPv4}/${EXTERNAL_IPv4}" - - "--static-auth-secret=${TURN_SECRET}" # how to add docker secret here? - #volumes: - # - ${COTURN_TLS_CERT_PATH}:/tmp/cert.pem # how to use traefik for SSL here? - # - ${COTURN_TLS_KEY_PATH}:/tmp/key.pem # how to use traefik for SSL here? - # - ./mod/coturn/entrypoint.sh:/usr/local/bin/docker-entrypoint.sh - # - ./mod/coturn/turnserver.conf:/etc/coturn/turnserver.conf configs: + - source: entrypoint_coturn + target: /usr/local/bin/docker-entrypoint.sh + mode: 0555 - source: turnserver_conf target: /etc/coturn/turnserver.conf + secrets: + - turn_secret environment: ENABLE_HTTPS_PROXY: true user: root - # network_mode: host + entrypoint: /usr/local/bin/docker-entrypoint.sh + network_mode: host deploy: update_config: failure_action: rollback @@ -337,47 +337,34 @@ services: order: start-first restart_policy: max_attempts: 3 - labels: - - "traefik.enable=true" - - "traefik.docker.network=proxy" - # how to configure traefik to serve coturn on a port range? - # how to configure trafik for a headless service? - # other services like matrix seem to use their own custom nginx config for ports - - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" - - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" - - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - - "coop-cloud.${STACK_NAME}.version=0.1.0+4.3.1" - - # wip: greenlight (secrets? ipv4?) + + # greenlight greenlight: image: bigbluebutton/greenlight:v3.1.0 depends_on: - postgres - redis environment: - # DATABASE_URL: postgres://postgres:${POSTGRESQL_SECRET:-password}@postgres:5432/greenlight-v3 # DATABASE_URL is being set by entrypoint-greenlight.sh REDIS_URL: redis://redis:6379 BIGBLUEBUTTON_ENDPOINT: https://${DOMAIN}/bigbluebutton/api - BIGBLUEBUTTON_SECRET: /run/secret/shared_secret # can this use docker secrets? - SECRET_KEY_BASE: /run/secret/rails_secret # can this use docker secrets? + # BIGBLUEBUTTON_SECRET is being set by entrypoint-greenlight.sh + # SECRET_KEY_BASE is being set by entrypoint-greenlight.sh RELATIVE_URL_ROOT: / volumes: - greenlight_data:/usr/src/app/storage configs: - - source: abra_entrypoint_greenlight - target: /entrypoint-greenlight.sh + - source: entrypoint_greenlight + target: /usr/local/bin/docker-entrypoint.sh mode: 0555 secrets: - postgres_password - entrypoint: /entrypoint-greenlight.sh + - shared_secret + - rails_secret + entrypoint: /usr/local/bin/docker-entrypoint.sh networks: bbb-net: - ipv4_address: 10.7.7.21 + ipv4_address: 10.7.7.21 # is static ipv4 even possible? deploy: update_config: failure_action: rollback @@ -405,40 +392,40 @@ services: - postgres_password networks: bbb-net: - ipv4_address: 10.7.7.22 - deploy: - update_config: - failure_action: rollback - order: start-first - rollback_config: - order: start-first - restart_policy: - max_attempts: 3 + ipv4_address: 10.7.7.22 volumes: greenlight_data: postgres_data: configs: + entrypoint_greenlight: + name: ${STACK_NAME}_entrypoint_greenlight_${ENTRYPOINT_GREENLIGHT_VERSION} + file: ./entrypoint.greenlight.sh turnserver_conf: name: ${STACK_NAME}_turnserver_conf_${TURNSERVER_CONF_VERSION} - abra_entrypoint_greenlight: - name: ${STACK_NAME}_entrypoint_greenlight_${ENTRYPOINT_GREENLIGHT_VERSION} - file: ./entrypoint-greenlight.sh + file: ./turnserver.conf + entrypoint_coturn: + name: ${STACK_NAME}_entrypoint_coturn_${ENTRYPOINT_COTURN_VERSION} + file: ./entrypoint.coturn.sh secrets: - shared_secret: - external: true - name: ${STACK_NAME}_shared_secret_${SHARED_SECRET_VERSION} - etherpad_api_key: - external: true - name: ${STACK_NAME}_etherpad_api_key_${ETHERPAD_API_KEY_VERSION} - rails_secret: - external: true - name: ${STACK_NAME}_rails_secret_${RAILS_SECRET_VERSION} postgres_password: external: true name: ${STACK_NAME}_postgres_password_${SECRET_POSTGRES_PASSWORD_VERSION} + shared_secret: + external: true + name: ${STACK_NAME}_shared_secret_${SECRET_SHARED_SECRET_VERSION} + rails_secret: + external: true + name: ${STACK_NAME}_rails_secret_${SECRET_RAILS_SECRET_VERSION} + turn_secret: + external: true + name: ${STACK_NAME}_turn_secret_${SECRET_TURN_SECRET_VERSION} + + etherpad_api_key: + external: true + name: ${STACK_NAME}_etherpad_api_key_${ETHERPAD_API_KEY_VERSION} fsesl_password: external: true name: ${STACK_NAME}_fsesl_password_${FSESL_PASSWORD_VERSION}