gregandev
/
workadventure
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ajout main

Browse Source
main
greglebreton 2 years ago
parent 0c088215fc
commit 9331f241c9
3 changed files with 535 additions and 51 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 54
      README.md
  2. 268
      docker-compose.yml
  3. 264
      ejabberd.yml

54
README.md
Unescape View File

@ -8,26 +8,12 @@ Ce projet a pour but de déployer la stack workadventure (https://github.com/the
Pour déployer cette stack, vous aurez besoin: Pour déployer cette stack, vous aurez besoin:
- Une machine pour héberger le serveur (proc 3Ghz, 4Go ram minimum) - Une machine pour héberger le serveur (proc 3Ghz, 4Go ram minimum)
- Un nom de domaine pour pointer vers votre serveur - Un nom de domaine pour pointer vers votre serveur (*.adventure.nom-de-domain.tld)
- L'accès à votre box internet pour la redirection des ports - L'accès à votre box internet pour la redirection des ports
## Configuration / Installation ## Configuration / Installation
### Nginx proxy manager ### Configuration
```bash
cd nginx-proxy-manager/
docker-compose up -d
```
- L'interface est disponible à cette adresse:
http://your-ip-or-domain:81
- identifiants:
- user: admin@example.com
- mdp: changeme
### Workadventure
- Renseigner le nom de domaine aux quatres endroits: - Renseigner le nom de domaine aux quatres endroits:
```bash ```bash
@ -35,43 +21,9 @@ cd workadventure/
nano .env nano .env
``` ```
- Récupérer le endpoint de la stack: ### Deployement
```bash
docker network list
docker network inspect <your workadventure network name>
```
### Nginx-proxy-manager 2
- Sur l'interface web du Nginx-proxy-manager créer une "Proxy Host entry"
... IMAGE ...
- Renseigner votre nom de domaine dans l'URL
- Renseigner le endpoint dans la config du Nginx proxy manager avec le port 9999
- Cocher les cases Block Common Exploits et Websockets, puis sauvegarder
... IMAGE ...
- Créer les certificats SSL:
... IMAGE 1 ...
... IMAGE 2 ...
... IMAGE 3 ...
### Deployer
```bash ```bash
# NGINX PROXY MANAGER
cd nginx-proxy-manager/
docker-compose up -d
# WORKADVENTURE
cd workadventure/
docker-compose up -d docker-compose up -d
``` ```

268
docker-compose.yml
Unescape View File

@ -0,0 +1,268 @@
version: "3.8"
services:
reverse-proxy:
image: traefik:v2.5.6
container_name: adventure_traefik
command:
# for web ui traefik
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.swarmmode=false"
- "--log.level=DEBUG"
- "--providers.docker.exposedByDefault=false"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesResolvers.le.acme.email=${ACME_EMAIL}"
- "--certificatesResolvers.le.acme.storage=/acme/acme.json"
- "--certificatesResolvers.le.acme.httpChallenge=true"
- "--certificatesResolvers.le.acme.httpChallenge.entryPoint=web"
- "--certificatesresolvers.le.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
ports:
- "443:443"
- "80:80"
# The Web UI (enabled by --api.insecure=true)
- "8082:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- acme:/acme
networks:
adventure_net:
front:
image: thecodingmachine/workadventure-front:v1.12.10
environment:
DEBUG_MODE: "false"
JITSI_URL: "meet.jit.si"
JITSI_PRIVATE_MODE: "false"
PUSHER_URL: https://${PUSHER_URL}
CHAT_URL: https://${CHAT_URL}
ICON_URL: https://${ICON_URL}
# CHANGE ME -----------------------------------------------------
TURN_SERVER: ${TURN_SERVER}
TURN_USER: ${TURN_USER}
TURN_PASSWORD: ${TURN_PASSWORD}
MAX_PER_GROUP: 4
MAX_USERNAME_LENGTH: 15
START_ROOM_URL: ${START_ROOM_URL}
ENABLE_OPENID: ${ENABLE_OPENID}
DISABLE_ANONYMOUS: ${DISABLE_ANONYMOUS}
ENABLE_CHAT: ${ENABLE_CHAT}
labels:
- traefik.enable=true
- traefik.http.routers.adventure-front.rule=Host(`play.${DOMAIN}`)
- traefik.http.routers.adventure-front.entryPoints=web
- traefik.http.services.adventure-front.loadbalancer.server.port=80
- traefik.http.routers.adventure-front.middlewares=https_redirect
- traefik.http.routers.adventure-front-ssl.rule=Host(`play.${DOMAIN}`)
- traefik.http.routers.adventure-front-ssl.entryPoints=websecure
- traefik.http.routers.adventure-front-ssl.tls=true
- traefik.http.routers.adventure-front-ssl.service=adventure-front
- traefik.http.routers.adventure-front-ssl.tls.certresolver=le
- traefik.http.routers.adventure-front-ssl.middlewares=redir
# middlewares
- traefik.http.middlewares.redir.redirectregex.regex=^https://www\.(.+)
- traefik.http.middlewares.redir.redirectregex.replacement=https://$${1}
- traefik.http.middlewares.redir.redirectregex.permanent=true
- traefik.http.middlewares.https_redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https_redirect.redirectscheme.permanent=true
restart: unless-stopped
networks:
adventure_net:
pusher:
image: thecodingmachine/workadventure-pusher:v1.12.10
environment:
# SECRET_JITSI_KEY: "${SECRET_JITSI_KEY}"
SECRET_KEY: yourSecretKey
API_URL: back:50051
# ADMIN_API_URL: "${ADMIN_API_URL}"
# ADMIN_API_TOKEN: "${ADMIN_API_TOKEN}"
JITSI_URL: ${JITSI_URL}
# JITSI_ISS: ${JITSI_ISS}
FRONT_URL : ${FRONT_URL}
ENABLE_CHAT: ${ENABLE_CHAT}
OPID_CLIENT_ID: ${OPID_CLIENT_ID}
OPID_CLIENT_SECRET: ${OPID_CLIENT_SECRET}
OPID_CLIENT_ISSUER: ${OPID_CLIENT_ISSUER}
OPID_CLIENT_REDIRECT_URL: ${OPID_CLIENT_REDIRECT_URL}
OPID_PROFILE_SCREEN_PROVIDER: ${OPID_PROFILE_SCREEN_PROVIDER}
DISABLE_ANONYMOUS: ${DISABLE_ANONYMOUS}
# OPID_USERNAME_CLAIM: ${OPID_USERNAME_CLAIM}
EJABBERD_API_URI: http://ejabberd:5443/api
EJABBERD_DOMAIN: ejabberd
EJABBERD_WS_URI: ws://ejabberd:5443/ws
EJABBERD_JWT_SECRET: mySecretJwtToken
START_ROOM_URL: "/_/global/garagenum.github.io/garage-wa-map/map.json"
labels:
- traefik.enable=true
- traefik.http.routers.adventure-pusher.rule=Host(`pusher.${DOMAIN}`)
- traefik.http.routers.adventure-pusher.entryPoints=web
- traefik.http.services.adventure-pusher.loadbalancer.server.port=8080
- traefik.http.routers.adventure-pusher-ssl.rule=Host(`pusher.${DOMAIN}`)
- traefik.http.routers.adventure-pusher-ssl.entryPoints=websecure
- traefik.http.routers.adventure-pusher-ssl.tls=true
- traefik.http.routers.adventure-pusher-ssl.service=adventure-pusher
- traefik.http.routers.adventure-pusher-ssl.tls.certresolver=le
restart: unless-stopped
networks:
adventure_net:
back:
image: thecodingmachine/workadventure-back:v1.12.10
command: yarn run runprod
environment:
# SECRET_KEY: ${SECRET_KEY}
# SECRET_JITSI_KEY: "${SECRET_JITSI_KEY}"
ADMIN_API_TOKEN: "${ADMIN_API_TOKEN}"
ADMIN_API_URL: "${ADMIN_API_URL}"
JITSI_URL: ${JITSI_URL}
JITSI_ISS: ""
MAX_PER_GROUP: 4
# TURN_STATIC_AUTH_SECRET: "${TURN_STATIC_AUTH_SECRET}"
REDIS_HOST: redis
ENABLE_CHAT: ${ENABLE_CHAT}
EJABBERD_API_URI: http://ejabberd:5443/api
EJABBERD_DOMAIN: //xmpp.${DOMAIN}
labels:
- traefik.enable=true
- traefik.http.routers.adventure-back.rule=Host(`api.${DOMAIN}`)
- traefik.http.routers.adventure-back.entryPoints=web
- traefik.http.services.adventure-back.loadbalancer.server.port=8080
- traefik.http.routers.adventure-back-ssl.rule=Host(`api.${DOMAIN}`)
- traefik.http.routers.adventure-back-ssl.entryPoints=websecure
- traefik.http.routers.adventure-back-ssl.tls=true
- traefik.http.routers.adventure-back-ssl.service=adventure-back
- traefik.http.routers.adventure-back-ssl.tls.certresolver=le
restart: unless-stopped
networks:
adventure_net:
# wont work for now
uploader:
image: thecodingmachine/workadventure-uploader:v1.12.10
environment:
UPLOADER_URL: //uploader
#REDIS
REDIS_HOST: redis
REDIS_PORT: 6379
UPLOADER_REDIS_DB_NUMBER: 0
#CHAT
ADMIN_API_URL:
ENABLE_CHAT_UPLOAD: "false"
UPLOAD_MAX_FILESIZE: 10485760
labels:
- traefik.enable=true
- traefik.http.routers.adventure-uploader.rule=Host(`uploader.${DOMAIN}`)
- traefik.http.routers.adventure-uploader.entryPoints=web
- traefik.http.services.adventure-uploader.loadbalancer.server.port=8080
- traefik.http.routers.adventure-uploader-ssl.rule=Host(`uploader.${DOMAIN}`)
- traefik.http.routers.adventure-uploader-ssl.entryPoints=websecure
- traefik.http.routers.adventure-uploader-ssl.service=adventure-uploader
- traefik.http.routers.adventure-uploader-ssl.tls=true
- traefik.http.routers.adventure-uploader-ssl.tls.certresolver=le
networks:
adventure_net:
chat:
image: thecodingmachine/workadventure-chat:v1.12.10
environment:
PUSHER_URL: //pusher.${DOMAIN}
UPLOADER_URL: //uploader.${DOMAIN}
# EMBEDLY_KEY: ${EMBEDLY_KEY}
ENABLE_CHAT_UPLOAD: "false"
EJABBERD_DOMAIN: //xmpp.${DOMAIN}
ENABLE_OPENID: 1
labels:
- traefik.enable=true
- traefik.http.routers.adventure-chat.rule=Host(`chat.${DOMAIN}`)
- traefik.http.routers.adventure-chat.entryPoints=web
- traefik.http.services.adventure-chat.loadbalancer.server.port=80
- traefik.http.routers.adventure-chat-ssl.rule=Host(`chat.${DOMAIN}`)
- traefik.http.routers.adventure-chat-ssl.entryPoints=websecure
- traefik.http.routers.adventure-chat-ssl.service=adventure-chat
- traefik.http.routers.adventure-chat-ssl.tls=true
- traefik.http.routers.adventure-chat-ssl.tls.certresolver=le
networks:
adventure_net:
icon:
image: matthiasluedtke/iconserver:v3.13.0
labels:
- traefik.enable=true
- traefik.http.routers.adventure-icon.rule=Host(`icon.${DOMAIN}`)
- traefik.http.routers.adventure-icon.entryPoints=web,traefik
- traefik.http.services.adventure-icon.loadbalancer.server.port=8080
- traefik.http.routers.adventure-icon-ssl.rule=Host(`icon.${DOMAIN}`)
- traefik.http.routers.adventure-icon-ssl.entryPoints=websecure
- traefik.http.routers.adventure-icon-ssl.tls=true
- traefik.http.routers.adventure-icon-ssl.service=adventure-icon
- traefik.http.routers.adventure-icon-ssl.tls.certresolver=le
networks:
adventure_net:
ejabberd:
container_name: adventure-ejabberd
image: ghcr.io/processone/ejabberd:22.05
networks:
adventure_net:
volumes:
- ./ejabberd.yml:/opt/ejabberd/conf/ejabberd.yml
labels:
- traefik.enable=true
- traefik.http.routers.xmpp.rule=Host(`xmpp.${DOMAIN}`)
- traefik.http.routers.xmpp.entryPoints=web
- traefik.http.services.xmpp.loadbalancer.server.port=5380
- traefik.http.routers.xmpp-ssl.rule=Host(`xmpp.${DOMAIN}`)
- traefik.http.routers.xmpp-ssl.entryPoints=websecure
- traefik.http.routers.xmpp-ssl.tls=true
- traefik.http.routers.xmpp-ssl.service=xmpp
redis:
container_name: adventure-redis
image: redis:6
volumes:
- redisdata:/data
networks:
adventure_net:
coturn:
image: coturn/coturn:4.5.2
command:
- turnserver
#- -c=/etc/coturn/turnserver.conf
- --log-file=stdout
# change me
- --external-ip=92.243.20.228
- --realm=turn.${DOMAIN}
- --server-name=turn.${DOMAIN}
- --listening-port=3478
- --min-port=10002
- --max-port=10100
- --tls-listening-port=5349
- --listening-ip=0.0.0.0
- --lt-cred-mech
# Enable Coturn REST API to validate temporary passwords.
#- --use-auth-secret
#- --static-auth-secret=SomeStaticAuthSecret
#- --userdb=/var/lib/turn/turndb
- --user=workadventure:WorkAdventure123
# use real-valid certificate/privatekey files
#- --cert=/root/letsencrypt/fullchain.pem
#- --pkey=/root/letsencrypt/privkey.pem
network_mode: host
networks:
adventure_net:
volumes:
acme:
redisdata:

264
ejabberd.yml
Unescape View File

@ -0,0 +1,264 @@
###
### ejabberd configuration file
###
### The parameters used in this configuration file are explained at
###
### https://docs.ejabberd.im/admin/configuration
###
hosts:
- ejabberd
loglevel: 4
log_rotate_size: 10485760
log_rotate_count: 1
certfiles:
- /opt/ejabberd/conf/server.pem
ca_file: "/opt/ejabberd/conf/cacert.pem"
## When using let's encrypt to generate certificates
##certfiles:
## - /etc/letsencrypt/live/localhost/fullchain.pem
## - /etc/letsencrypt/live/localhost/privkey.pem
##
##ca_file: "/etc/letsencrypt/live/localhost/fullchain.pem"
auth_method:
- anonymous
anonymous_protocol: login_anon
allow_multiple_connections: true
#jwt_jid_field: "identifier"
#jwt_key: "/opt/ejabberd/conf/jwtKey"
listen:
-
port: 5222
ip: "::"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: true
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 524288
-
port: 5443
ip: "::"
module: ejabberd_http
#tls: true
request_handlers:
"/admin": ejabberd_web_admin
"/api": mod_http_api
"/bosh": mod_bosh
"/captcha": ejabberd_captcha
"/upload": mod_http_upload
"/ws": ejabberd_http_ws
"/oauth": ejabberd_oauth
-
port: 5280
ip: "::"
module: ejabberd_http
request_handlers:
#"/admin": ejabberd_web_admin
"/api": mod_http_api
"/bosh": mod_bosh
"/captcha": ejabberd_captcha
"/upload": mod_http_upload
"/ws": ejabberd_http_ws
"/oauth": ejabberd_oauth
-
port: 5380
ip: "::"
module: ejabberd_http
request_handlers:
"/": ejabberd_web_admin
-
port: 1883
ip: "::"
module: mod_mqtt
backlog: 1000
s2s_use_starttls: optional
acl:
local:
user_regexp: ""
loopback:
ip:
- 127.0.0.0/8
- ::1/128
- ::FFFF:127.0.0.1/128
admin:
user:
- "admin@ejabberd"
access_rules:
local:
allow: local
c2s:
deny: blocked
allow: all
announce:
allow: all
configure:
allow: all
muc_create:
- allow: all
- deny: blocked
pubsub_createnode:
allow: local
trusted_network:
allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
- all
what:
- "*"
- "muc_online_rooms"
- "!stop"
- "!start"
"public commands":
who:
- all
what:
- "status"
- "connected_users_number"
- "muc_online_rooms"
shaper:
normal: 1000
fast: 50000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
5000: admin
100: all
c2s_shaper:
none: admin
normal: all
s2s_shaper: fast
max_fsm_queue: 10000
acme:
# CHANGE ME ----------------------------------------
contact: "mailto:contact@nom-de-domain.tld"
ca_url: "https://acme-staging-v02.api.letsencrypt.org/directory"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
##mod_restful_admin:
## api:
## - path: [ "admin" ]
## module: mod_restful_admin
## params:
## key: "secret"
## allowed_commands: [ register, unregister,status, add_rosteritem, create_room, send_direct_invitation, set_room_affiliation ]
## - path: [ "register" ]
## module: mod_restful_register
## params:
## key: "secret"
mod_http_upload:
put_url: https://@HOST@:5443/upload
mod_last: {}
mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
## db_type: sql
assume_mam_usage: true
default: never
mod_mqtt: {}
mod_muc:
hosts:
- conference.ejabberd
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_mam:
- allow
default_room_options:
allow_subscription: true # enable MucSub
mam: true
persistent: true
anonymous: false
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- flat
- pep
force_node_config:
## Avoid buggy clients to make their bookmarks public
storage:bookmarks:
access_model: whitelist
mod_push: {}
mod_push_keepalive:
resume_timeout: 72
wake_on_start: false
wake_on_timeout: true
mod_register:
## Only accept registration requests from the "trusted"
## network (see access_rules section above).
## Think twice before enabling registration from any
## address. See the Jabber SPAM Manifesto for details:
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
ip_access: trusted_network
mod_roster:
versioning: true
store_current_id: false
mod_sip: {}
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
ack_timeout: infinity
resend_on_timeout: if_offline
resume_timeout: 0
mod_vcard: {}
mod_vcard_xupdate: {}
mod_version:
show_os: false
websocket_ping_interval: 300
websocket_timeout: 900
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8
Write Preview
Loading…
Cancel
Save