gregandev
/
workadventure
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: gregandev:main
Branches Tags
gregandev:main
gregandev:nginx-proxy
..
compare: gregandev:nginx-proxy
Branches Tags
gregandev:main
gregandev:nginx-proxy

2 Commits
main ... nginx-prox

Author SHA1 Message Date
greglebreton 041e887a8b maj readme
2 years ago
greglebreton a96cfffdb4 maj readme
2 years ago
9 changed files with 363 additions and 628 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats
  1. 75
      .env
  2. 80
      README.md
  3. 268
      docker-compose.yml
  4. 264
      ejabberd.yml
  5. 12
      nginx-proxy-manager/docker-compose.yml
  6. 82
      reverse-proxy.cinf
  7. 82
      reverse-proxy.conf
  8. 39
      workadventure/.env
  9. 89
      workadventure/docker-compose.yml

75
.env
Unescape View File

@ -1,75 +0,0 @@
# The base domain
DOMAIN=adventure.nom-domain.tld
DEBUG_MODE=false
# JITSI_URL=meet.jit.si
JITSI_URL=jitsi.nom-domain.tld
# If your Jitsi environment has authentication set up, you MUST set JITSI_PRIVATE_MODE to "true" and you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
JITSI_PRIVATE_MODE=false
JITSI_ISS=
SECRET_JITSI_KEY=
# URL of the TURN server (needed to "punch a hole" through some networks for P2P connections)
#TURN_SERVER=turn:numb.viagenie.ca
#TURN_USER=webrtc@live.com
#TURN_PASSWORD=muazkh
DATA_DIR=./wa
TURN_SERVER=turn:turn.adventure.nom-de-domaine.tld:3478?transport=tcp
TURN_USER=workadventure
TURN_PASSWORD=workadventure123
# The URL used by default, in the form: "/_/global/map/url.json"
START_ROOM_URL=/_/global/thecodingmachine.github.io/workadventure-map-starter-kit/map.json
# The email address used by Let's encrypt to send renewal warnings (compulsory)
ACME_EMAIL=email@nom-domain.tld
# Set to true to allow using this instance as a target for the apiUrl property
FEDERATE_PUSHER=false
# Server settings
MAX_PER_GROUP=4
MAX_USERNAME_LENGTH=25
DISABLE_NOTIFICATIONS=false
SKIP_RENDER_OPTIMIZATIONS=false
# Secrets
SECRET_KEY="some-long-string-of-letters-and-numbers"
ADMIN_API_TOKEN="some-other-long-string-of-letters-and-numbers"
ADMIN_API_URL=
# CONTAINERS ADRESSES
FRONT_URL=play.adventure.nom-domain.tld
PUSHER_HOST=pusher.adventure.nom-domain.tld
BACK_HOST=api.adventure.nom-domain.tld
UPLOADER_HOST=uploader.adventure.nom-domain.tld
CHAT_URL=chat.adventure.nom-domain.tld
CHAT_HOST=chat.adventure.nom-domain.tld
ICON_HOST=icon.adventure.nom-domain.tld
MAP_HOST=map.adventure.nom-domain.tld
# OIDC
ENABLE_OPENID=true
OPID_CLIENT_ID=adventure
OPID_CLIENT_SECRET=<keycloak-secret>
OPID_CLIENT_ISSUER=https://keycloak.nom-domain.tld/auth/realms/<realm>/.well-known/openid-configuration
OPID_CLIENT_REDIRECT_URL=https://pusher.adventure.nom-domain.tld/openid-callback
OPID_PROFILE_SCREEN_PROVIDER=http://pusher.adventure.nom-domain.tld/login-screen
DISABLE_ANONYMOUS=true
OPID_USERNAME_CLAIM=preferred_username
# chat
ENABLE_CHAT=true
ENABLE_CHAT_UPLOAD=true
UPLOAD_MAX_FILESIZE=10485760
# redis
#UPLOADER_REDIS_HOST=
#UPLOADER_REDIS_PORT=
UPLOADER_REDIS_DB_NUMBER=0
# ejabberd
#EJABBERD_DOMAIN=ejabberd
#EJABBERD_WS_URI=ws://ejabberd:5443/ws
#EJABBERD_API_URI=https://ejabberd:5443/api

80
README.md
Unescape View File

@ -1,52 +1,90 @@
# WORKADVENTURE
# workadventure
## Description
Ce projet a pour but de déployer la stack workadventure (https://github.com/thecodingmachine/workadventure) en auto-hébergement.
Consulter la branche nginx-proxy pour un déploiement dérrière un proxy Nginx ([ici](https://git.gregandev.fr/gregandev/workadventure/src/branch/nginx-proxy))
## Pré-requis
Pour déployer cette stack, vous aurez besoin:
- Une machine pour héberger le serveur (proc 3Ghz, 4Go ram minimum)
- Un nom de domaine pour pointer vers votre serveur (*.adventure.nom-de-domain.tld)
- L'accès à votre box internet pour la redirection des ports (80 & 443)
- Un nom de domaine pour pointer vers votre serveur
- L'accès à votre box internet pour la redirection des ports
## Configuration / Installation
### Configuration
> Note: Si vous utilisez déjà Nginx en mode applicatif, utiliser le reverse-proxy.conf pour faire votre virtualhost qui devrat pointer vers l'IP du conteneur Traefik sur le docker network (voir plus bas)
### Nginx proxy manager
```bash
cd nginx-proxy-manager/
docker-compose up -d
```
- L'interface est disponible Ă  cette adresse:
http://your-ip-or-domain:81
- Renseigner le nom de domaine:
- identifiants:
- user: admin@example.com
- mdp: changeme
### Workadventure
- Renseigner le nom de domaine aux quatres endroits:
```bash
cd workadventure/
nano .env
```
### Deployement
- Récupérer le endpoint de la stack:
```bash
docker-compose up -d
docker network list
docker network inspect <your workadventure network name>
```
> Note: Attendre que les certificats SSL soient effectués (~10 min)
### Nginx-proxy-manager 2
### Map building
- Sur l'interface web du Nginx-proxy-manager créer une "Proxy Host entry"
... IMAGE ...
- Renseigner votre nom de domaine dans l'URL
- Renseigner le endpoint dans la config du Nginx proxy manager avec le port 9999
tutos:
- https://github.com/garagenum/garage-wa-map
- https://workadventu.re/map-building/
- Cocher les cases Block Common Exploits et Websockets, puis sauvegarder
### OIDC
... IMAGE ...
- Créer les certificats SSL:
... IMAGE 1 ...
... IMAGE 2 ...
... IMAGE 3 ...
### Deployer
- Workadventure:
```bash
nano .env
# NGINX PROXY MANAGER
cd nginx-proxy-manager/
docker-compose up -d
# WORKADVENTURE
cd workadventure/
docker-compose up -d
```
> Note: Renseigner les URLs en suivant les exemples
- Keycloak:
![keycloak-settings](docs/keycloak.png)
### Map building
tuto: https://workadventu.re/map-building/
## Roadmap
- SSO login
- Faire une map de fou!
## Contributing

268
docker-compose.yml
Unescape View File

@ -1,268 +0,0 @@
version: "3.8"
services:
reverse-proxy:
image: traefik:v2.5.6
container_name: adventure_traefik
command:
# for web ui traefik
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.swarmmode=false"
- "--log.level=DEBUG"
- "--providers.docker.exposedByDefault=false"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesResolvers.le.acme.email=${ACME_EMAIL}"
- "--certificatesResolvers.le.acme.storage=/acme/acme.json"
- "--certificatesResolvers.le.acme.httpChallenge=true"
- "--certificatesResolvers.le.acme.httpChallenge.entryPoint=web"
- "--certificatesresolvers.le.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
ports:
- "443:443"
- "80:80"
# The Web UI (enabled by --api.insecure=true)
- "8082:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- acme:/acme
networks:
adventure_net:
front:
image: thecodingmachine/workadventure-front:v1.12.10
environment:
DEBUG_MODE: "false"
JITSI_URL: "meet.jit.si"
JITSI_PRIVATE_MODE: "false"
PUSHER_URL: https://${PUSHER_URL}
CHAT_URL: https://${CHAT_URL}
ICON_URL: https://${ICON_URL}
# CHANGE ME -----------------------------------------------------
TURN_SERVER: ${TURN_SERVER}
TURN_USER: ${TURN_USER}
TURN_PASSWORD: ${TURN_PASSWORD}
MAX_PER_GROUP: 4
MAX_USERNAME_LENGTH: 15
START_ROOM_URL: ${START_ROOM_URL}
ENABLE_OPENID: ${ENABLE_OPENID}
DISABLE_ANONYMOUS: ${DISABLE_ANONYMOUS}
ENABLE_CHAT: ${ENABLE_CHAT}
labels:
- traefik.enable=true
- traefik.http.routers.adventure-front.rule=Host(`play.${DOMAIN}`)
- traefik.http.routers.adventure-front.entryPoints=web
- traefik.http.services.adventure-front.loadbalancer.server.port=80
- traefik.http.routers.adventure-front.middlewares=https_redirect
- traefik.http.routers.adventure-front-ssl.rule=Host(`play.${DOMAIN}`)
- traefik.http.routers.adventure-front-ssl.entryPoints=websecure
- traefik.http.routers.adventure-front-ssl.tls=true
- traefik.http.routers.adventure-front-ssl.service=adventure-front
- traefik.http.routers.adventure-front-ssl.tls.certresolver=le
- traefik.http.routers.adventure-front-ssl.middlewares=redir
# middlewares
- traefik.http.middlewares.redir.redirectregex.regex=^https://www\.(.+)
- traefik.http.middlewares.redir.redirectregex.replacement=https://$${1}
- traefik.http.middlewares.redir.redirectregex.permanent=true
- traefik.http.middlewares.https_redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https_redirect.redirectscheme.permanent=true
restart: unless-stopped
networks:
adventure_net:
pusher:
image: thecodingmachine/workadventure-pusher:v1.12.10
environment:
# SECRET_JITSI_KEY: "${SECRET_JITSI_KEY}"
SECRET_KEY: yourSecretKey
API_URL: back:50051
# ADMIN_API_URL: "${ADMIN_API_URL}"
# ADMIN_API_TOKEN: "${ADMIN_API_TOKEN}"
JITSI_URL: ${JITSI_URL}
# JITSI_ISS: ${JITSI_ISS}
FRONT_URL : ${FRONT_URL}
ENABLE_CHAT: ${ENABLE_CHAT}
OPID_CLIENT_ID: ${OPID_CLIENT_ID}
OPID_CLIENT_SECRET: ${OPID_CLIENT_SECRET}
OPID_CLIENT_ISSUER: ${OPID_CLIENT_ISSUER}
OPID_CLIENT_REDIRECT_URL: ${OPID_CLIENT_REDIRECT_URL}
OPID_PROFILE_SCREEN_PROVIDER: ${OPID_PROFILE_SCREEN_PROVIDER}
DISABLE_ANONYMOUS: ${DISABLE_ANONYMOUS}
# OPID_USERNAME_CLAIM: ${OPID_USERNAME_CLAIM}
EJABBERD_API_URI: http://ejabberd:5443/api
EJABBERD_DOMAIN: ejabberd
EJABBERD_WS_URI: ws://ejabberd:5443/ws
EJABBERD_JWT_SECRET: mySecretJwtToken
START_ROOM_URL: "/_/global/garagenum.github.io/garage-wa-map/map.json"
labels:
- traefik.enable=true
- traefik.http.routers.adventure-pusher.rule=Host(`pusher.${DOMAIN}`)
- traefik.http.routers.adventure-pusher.entryPoints=web
- traefik.http.services.adventure-pusher.loadbalancer.server.port=8080
- traefik.http.routers.adventure-pusher-ssl.rule=Host(`pusher.${DOMAIN}`)
- traefik.http.routers.adventure-pusher-ssl.entryPoints=websecure
- traefik.http.routers.adventure-pusher-ssl.tls=true
- traefik.http.routers.adventure-pusher-ssl.service=adventure-pusher
- traefik.http.routers.adventure-pusher-ssl.tls.certresolver=le
restart: unless-stopped
networks:
adventure_net:
back:
image: thecodingmachine/workadventure-back:v1.12.10
command: yarn run runprod
environment:
# SECRET_KEY: ${SECRET_KEY}
# SECRET_JITSI_KEY: "${SECRET_JITSI_KEY}"
ADMIN_API_TOKEN: "${ADMIN_API_TOKEN}"
ADMIN_API_URL: "${ADMIN_API_URL}"
JITSI_URL: ${JITSI_URL}
JITSI_ISS: ""
MAX_PER_GROUP: 4
# TURN_STATIC_AUTH_SECRET: "${TURN_STATIC_AUTH_SECRET}"
REDIS_HOST: redis
ENABLE_CHAT: ${ENABLE_CHAT}
EJABBERD_API_URI: http://ejabberd:5443/api
EJABBERD_DOMAIN: //xmpp.${DOMAIN}
labels:
- traefik.enable=true
- traefik.http.routers.adventure-back.rule=Host(`api.${DOMAIN}`)
- traefik.http.routers.adventure-back.entryPoints=web
- traefik.http.services.adventure-back.loadbalancer.server.port=8080
- traefik.http.routers.adventure-back-ssl.rule=Host(`api.${DOMAIN}`)
- traefik.http.routers.adventure-back-ssl.entryPoints=websecure
- traefik.http.routers.adventure-back-ssl.tls=true
- traefik.http.routers.adventure-back-ssl.service=adventure-back
- traefik.http.routers.adventure-back-ssl.tls.certresolver=le
restart: unless-stopped
networks:
adventure_net:
# wont work for now
uploader:
image: thecodingmachine/workadventure-uploader:v1.12.10
environment:
UPLOADER_URL: //uploader
#REDIS
REDIS_HOST: redis
REDIS_PORT: 6379
UPLOADER_REDIS_DB_NUMBER: 0
#CHAT
ADMIN_API_URL:
ENABLE_CHAT_UPLOAD: "false"
UPLOAD_MAX_FILESIZE: 10485760
labels:
- traefik.enable=true
- traefik.http.routers.adventure-uploader.rule=Host(`uploader.${DOMAIN}`)
- traefik.http.routers.adventure-uploader.entryPoints=web
- traefik.http.services.adventure-uploader.loadbalancer.server.port=8080
- traefik.http.routers.adventure-uploader-ssl.rule=Host(`uploader.${DOMAIN}`)
- traefik.http.routers.adventure-uploader-ssl.entryPoints=websecure
- traefik.http.routers.adventure-uploader-ssl.service=adventure-uploader
- traefik.http.routers.adventure-uploader-ssl.tls=true
- traefik.http.routers.adventure-uploader-ssl.tls.certresolver=le
networks:
adventure_net:
chat:
image: thecodingmachine/workadventure-chat:v1.12.10
environment:
PUSHER_URL: //pusher.${DOMAIN}
UPLOADER_URL: //uploader.${DOMAIN}
# EMBEDLY_KEY: ${EMBEDLY_KEY}
ENABLE_CHAT_UPLOAD: "false"
EJABBERD_DOMAIN: //xmpp.${DOMAIN}
ENABLE_OPENID: 1
labels:
- traefik.enable=true
- traefik.http.routers.adventure-chat.rule=Host(`chat.${DOMAIN}`)
- traefik.http.routers.adventure-chat.entryPoints=web
- traefik.http.services.adventure-chat.loadbalancer.server.port=80
- traefik.http.routers.adventure-chat-ssl.rule=Host(`chat.${DOMAIN}`)
- traefik.http.routers.adventure-chat-ssl.entryPoints=websecure
- traefik.http.routers.adventure-chat-ssl.service=adventure-chat
- traefik.http.routers.adventure-chat-ssl.tls=true
- traefik.http.routers.adventure-chat-ssl.tls.certresolver=le
networks:
adventure_net:
icon:
image: matthiasluedtke/iconserver:v3.13.0
labels:
- traefik.enable=true
- traefik.http.routers.adventure-icon.rule=Host(`icon.${DOMAIN}`)
- traefik.http.routers.adventure-icon.entryPoints=web,traefik
- traefik.http.services.adventure-icon.loadbalancer.server.port=8080
- traefik.http.routers.adventure-icon-ssl.rule=Host(`icon.${DOMAIN}`)
- traefik.http.routers.adventure-icon-ssl.entryPoints=websecure
- traefik.http.routers.adventure-icon-ssl.tls=true
- traefik.http.routers.adventure-icon-ssl.service=adventure-icon
- traefik.http.routers.adventure-icon-ssl.tls.certresolver=le
networks:
adventure_net:
ejabberd:
container_name: adventure-ejabberd
image: ghcr.io/processone/ejabberd:22.05
networks:
adventure_net:
volumes:
- ./ejabberd.yml:/opt/ejabberd/conf/ejabberd.yml
labels:
- traefik.enable=true
- traefik.http.routers.xmpp.rule=Host(`xmpp.${DOMAIN}`)
- traefik.http.routers.xmpp.entryPoints=web
- traefik.http.services.xmpp.loadbalancer.server.port=5380
- traefik.http.routers.xmpp-ssl.rule=Host(`xmpp.${DOMAIN}`)
- traefik.http.routers.xmpp-ssl.entryPoints=websecure
- traefik.http.routers.xmpp-ssl.tls=true
- traefik.http.routers.xmpp-ssl.service=xmpp
redis:
container_name: adventure-redis
image: redis:6
volumes:
- redisdata:/data
networks:
adventure_net:
coturn:
image: coturn/coturn:4.5.2
command:
- turnserver
#- -c=/etc/coturn/turnserver.conf
- --log-file=stdout
# change me
- --external-ip=92.243.20.228
- --realm=turn.${DOMAIN}
- --server-name=turn.${DOMAIN}
- --listening-port=3478
- --min-port=10002
- --max-port=10100
- --tls-listening-port=5349
- --listening-ip=0.0.0.0
- --lt-cred-mech
# Enable Coturn REST API to validate temporary passwords.
#- --use-auth-secret
#- --static-auth-secret=SomeStaticAuthSecret
#- --userdb=/var/lib/turn/turndb
- --user=workadventure:WorkAdventure123
# use real-valid certificate/privatekey files
#- --cert=/root/letsencrypt/fullchain.pem
#- --pkey=/root/letsencrypt/privkey.pem
network_mode: host
networks:
adventure_net:
volumes:
acme:
redisdata:

264
ejabberd.yml
Unescape View File

@ -1,264 +0,0 @@
###
### ejabberd configuration file
###
### The parameters used in this configuration file are explained at
###
### https://docs.ejabberd.im/admin/configuration
###
hosts:
- ejabberd
loglevel: 4
log_rotate_size: 10485760
log_rotate_count: 1
certfiles:
- /opt/ejabberd/conf/server.pem
ca_file: "/opt/ejabberd/conf/cacert.pem"
## When using let's encrypt to generate certificates
##certfiles:
## - /etc/letsencrypt/live/localhost/fullchain.pem
## - /etc/letsencrypt/live/localhost/privkey.pem
##
##ca_file: "/etc/letsencrypt/live/localhost/fullchain.pem"
auth_method:
- anonymous
anonymous_protocol: login_anon
allow_multiple_connections: true
#jwt_jid_field: "identifier"
#jwt_key: "/opt/ejabberd/conf/jwtKey"
listen:
-
port: 5222
ip: "::"
module: ejabberd_c2s
max_stanza_size: 262144
shaper: c2s_shaper
access: c2s
starttls_required: true
-
port: 5269
ip: "::"
module: ejabberd_s2s_in
max_stanza_size: 524288
-
port: 5443
ip: "::"
module: ejabberd_http
#tls: true
request_handlers:
"/admin": ejabberd_web_admin
"/api": mod_http_api
"/bosh": mod_bosh
"/captcha": ejabberd_captcha
"/upload": mod_http_upload
"/ws": ejabberd_http_ws
"/oauth": ejabberd_oauth
-
port: 5280
ip: "::"
module: ejabberd_http
request_handlers:
#"/admin": ejabberd_web_admin
"/api": mod_http_api
"/bosh": mod_bosh
"/captcha": ejabberd_captcha
"/upload": mod_http_upload
"/ws": ejabberd_http_ws
"/oauth": ejabberd_oauth
-
port: 5380
ip: "::"
module: ejabberd_http
request_handlers:
"/": ejabberd_web_admin
-
port: 1883
ip: "::"
module: mod_mqtt
backlog: 1000
s2s_use_starttls: optional
acl:
local:
user_regexp: ""
loopback:
ip:
- 127.0.0.0/8
- ::1/128
- ::FFFF:127.0.0.1/128
admin:
user:
- "admin@ejabberd"
access_rules:
local:
allow: local
c2s:
deny: blocked
allow: all
announce:
allow: all
configure:
allow: all
muc_create:
- allow: all
- deny: blocked
pubsub_createnode:
allow: local
trusted_network:
allow: loopback
api_permissions:
"console commands":
from:
- ejabberd_ctl
who: all
what: "*"
"admin access":
who:
- all
what:
- "*"
- "muc_online_rooms"
- "!stop"
- "!start"
"public commands":
who:
- all
what:
- "status"
- "connected_users_number"
- "muc_online_rooms"
shaper:
normal: 1000
fast: 50000
shaper_rules:
max_user_sessions: 10
max_user_offline_messages:
5000: admin
100: all
c2s_shaper:
none: admin
normal: all
s2s_shaper: fast
max_fsm_queue: 10000
acme:
# CHANGE ME ----------------------------------------
contact: "mailto:contact@nom-de-domain.tld"
ca_url: "https://acme-staging-v02.api.letsencrypt.org/directory"
modules:
mod_adhoc: {}
mod_admin_extra: {}
mod_announce:
access: announce
mod_avatar: {}
mod_blocking: {}
mod_bosh: {}
mod_caps: {}
mod_carboncopy: {}
mod_client_state: {}
mod_configure: {}
mod_disco: {}
mod_fail2ban: {}
mod_http_api: {}
##mod_restful_admin:
## api:
## - path: [ "admin" ]
## module: mod_restful_admin
## params:
## key: "secret"
## allowed_commands: [ register, unregister,status, add_rosteritem, create_room, send_direct_invitation, set_room_affiliation ]
## - path: [ "register" ]
## module: mod_restful_register
## params:
## key: "secret"
mod_http_upload:
put_url: https://@HOST@:5443/upload
mod_last: {}
mod_mam:
## Mnesia is limited to 2GB, better to use an SQL backend
## For small servers SQLite is a good fit and is very easy
## to configure. Uncomment this when you have SQL configured:
## db_type: sql
assume_mam_usage: true
default: never
mod_mqtt: {}
mod_muc:
hosts:
- conference.ejabberd
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
access_mam:
- allow
default_room_options:
allow_subscription: true # enable MucSub
mam: true
persistent: true
anonymous: false
mod_muc_admin: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
mod_privacy: {}
mod_private: {}
mod_proxy65:
access: local
max_connections: 5
mod_pubsub:
access_createnode: pubsub_createnode
plugins:
- flat
- pep
force_node_config:
## Avoid buggy clients to make their bookmarks public
storage:bookmarks:
access_model: whitelist
mod_push: {}
mod_push_keepalive:
resume_timeout: 72
wake_on_start: false
wake_on_timeout: true
mod_register:
## Only accept registration requests from the "trusted"
## network (see access_rules section above).
## Think twice before enabling registration from any
## address. See the Jabber SPAM Manifesto for details:
## https://github.com/ge0rg/jabber-spam-fighting-manifesto
ip_access: trusted_network
mod_roster:
versioning: true
store_current_id: false
mod_sip: {}
mod_s2s_dialback: {}
mod_shared_roster: {}
mod_stream_mgmt:
ack_timeout: infinity
resend_on_timeout: if_offline
resume_timeout: 0
mod_vcard: {}
mod_vcard_xupdate: {}
mod_version:
show_os: false
websocket_ping_interval: 300
websocket_timeout: 900
### Local Variables:
### mode: yaml
### End:
### vim: set filetype=yaml tabstop=8

12
nginx-proxy-manager/docker-compose.yml
Unescape View File

@ -0,0 +1,12 @@
version: '3'
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '80:80'
- '81:81'
- '443:443'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt

82
reverse-proxy.cinf
Unescape View File

@ -0,0 +1,82 @@
#workadventure
upstream workadventure {
server 172.21.0.1:9999;
}
# HTTP
server {
listen 80;
server_name *.workadventure.domain.tld;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_redirect off;
proxy_pass http://workadventure;
}
# Add Headers for proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Accept-Encoding "";
# add_header Access-Control-Allow-Origin *;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
}
server {
listen 443 ssl;
server_name *.workadventure.domain.tld;
# Add Headers for proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Accept-Encoding "";
# add_header Access-Control-Allow-Origin *;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Upload limit and security
client_max_body_size 10000m;
server_tokens off;
# Buffer_size
proxy_buffer_size 512k;
proxy_buffers 4 512k;
proxy_busy_buffers_size 512k;
#fastcgi_buffers 16 32k;
#fastcgi_buffer_size 64k;
#fastcgi_busy_buffers_size 64k;
# SSL parameters
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# logs
access_log /var/log/nginx/workadventure.access.log;
error_log /var/log/nginx/workadventure.error.log;
# Redirect requests to https
location / {
proxy_redirect off;
proxy_pass http://workadventure;
}
ssl_certificate /etc/letsencrypt/live/workadventure.domaine.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/workadventure.domaine.tld/privkey.pem;
}

82
reverse-proxy.conf
Unescape View File

@ -0,0 +1,82 @@
#workadventure
upstream workadventure {
server 172.21.0.1:9999;
}
# HTTP
server {
listen 80;
server_name *.workadventure.domain.tld;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
location / {
proxy_redirect off;
proxy_pass http://workadventure;
}
# Add Headers for proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Accept-Encoding "";
# add_header Access-Control-Allow-Origin *;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
}
server {
listen 443 ssl;
server_name *.workadventure.domain.tld;
# Add Headers for proxy mode
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Accept-Encoding "";
# add_header Access-Control-Allow-Origin *;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Upload limit and security
client_max_body_size 10000m;
server_tokens off;
# Buffer_size
proxy_buffer_size 512k;
proxy_buffers 4 512k;
proxy_busy_buffers_size 512k;
#fastcgi_buffers 16 32k;
#fastcgi_buffer_size 64k;
#fastcgi_busy_buffers_size 64k;
# SSL parameters
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# logs
access_log /var/log/nginx/workadventure.access.log;
error_log /var/log/nginx/workadventure.error.log;
# Redirect requests to https
location / {
proxy_redirect off;
proxy_pass http://workadventure;
}
ssl_certificate /etc/letsencrypt/live/workadventure.domaine.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/workadventure.domaine.tld/privkey.pem;
}

39
workadventure/.env
Unescape View File

@ -0,0 +1,39 @@
# The base domain
DOMAIN=votre-nom-de-domaine.com
DEBUG_MODE=false
JITSI_URL=meet.jit.si
# Domain redirections
FRONT_URL=play.votre-nom-de-domaine.com
PUSHER_HOST=pusher.votre-nom-de-domaine.com
BACK_HOST=api.votre-nom-de-domaine.com
# If your Jitsi environment has authentication set up, you MUST set JITSI_PRIVATE_MODE to>
JITSI_PRIVATE_MODE=false
JITSI_ISS=
SECRET_JITSI_KEY=
# URL of the TURN server (needed to "punch a hole" through some networks for P2P connecti>
#TURN_SERVER=
#TURN_USER=
#TURN_PASSWORD=
# The URL used by default, in the form: "/_/global/map/url.json"
START_ROOM_URL=/_/global/GregLebreton.github.io/adventure-map/map.json
# The email address used by Let's encrypt to send renewal warnings (compulsory)
ACME_EMAIL=
# Set to true to allow using this instance as a target for the apiUrl property
FEDERATE_PUSHER=false
# Server settings
MAX_PER_GROUP=100
MAX_USERNAME_LENGTH=25
DISABLE_NOTIFICATIONS=false
SKIP_RENDER_OPTIMIZATIONS=false
# Secrets
SECRET_KEY=
ADMIN_API_TOKEN=
ADMIN_API_URL=

89
workadventure/docker-compose.yml
Unescape View File

@ -0,0 +1,89 @@
version: "3.3"
services:
reverse-proxy:
image: traefik:v2.5
command:
- --log.level=WARN
- --providers.docker
- --entryPoints.web.address=:80
ports:
- "9999:80"
depends_on:
- pusher
- front
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: unless-stopped
front:
image: thecodingmachine/workadventure-front:master
environment:
DEBUG_MODE: "$DEBUG_MODE"
JITSI_URL: $JITSI_URL
JITSI_PRIVATE_MODE: "$JITSI_PRIVATE_MODE"
PUSHER_URL: /pusher
ADMIN_URL: /admin
TURN_SERVER: "${TURN_SERVER}"
TURN_USER: "${TURN_USER}"
TURN_PASSWORD: "${TURN_PASSWORD}"
MAX_PER_GROUP: "${MAX_PER_GROUP}"
MAX_USERNAME_LENGTH: "${MAX_USERNAME_LENGTH}"
START_ROOM_URL: "${START_ROOM_URL}"
DISABLE_NOTIFICATIONS: "${DISABLE_NOTIFICATIONS}"
SKIP_RENDER_OPTIMIZATIONS: "${SKIP_RENDER_OPTIMIZATIONS}"
labels:
- "traefik.http.routers.front.rule=PathPrefix(`/`)"
- "traefik.http.routers.front.entryPoints=web"
- "traefik.http.services.front.loadbalancer.server.port=80"
- "traefik.http.routers.front.service=front"
restart: unless-stopped
pusher:
image: thecodingmachine/workadventure-pusher:master
environment:
SECRET_JITSI_KEY: "${SECRET_JITSI_KEY}"
SECRET_KEY: ${SECRET_KEY}
API_URL: back:50051
ADMIN_API_URL: "${ADMIN_API_URL}"
ADMIN_API_TOKEN: "${ADMIN_API_TOKEN}"
JITSI_URL: ${JITSI_URL}
JITSI_ISS: ${JITSI_ISS}
FRONT_URL : ${FRONT_URL}
labels:
- "traefik.http.middlewares.strip-pusher-prefix.stripprefix.prefixes=/pusher"
- "traefik.http.routers.pusher.rule=PathPrefix(`/pusher`)"
- "traefik.http.routers.pusher.middlewares=strip-pusher-prefix@docker"
- "traefik.http.routers.pusher.entryPoints=web"
- "traefik.http.services.pusher.loadbalancer.server.port=8080"
- "traefik.http.routers.pusher.service=pusher"
restart: unless-stopped
back:
image: thecodingmachine/workadventure-back:master
environment:
SECRET_KEY: ${SECRET_KEY}
STARTUP_COMMAND_1: yarn install
SECRET_JITSI_KEY: "${SECRET_JITSI_KEY}"
ADMIN_API_TOKEN: "${ADMIN_API_TOKEN}"
ADMIN_API_URL: "${ADMIN_API_URL}"
JITSI_URL: ${JITSI_URL}
JITSI_ISS: ${JITSI_ISS}
MAX_PER_GROUP: ${MAX_PER_GROUP}
TURN_STATIC_AUTH_SECRET: "${TURN_STATIC_AUTH_SECRET}"
REDIS_HOST: redis
labels:
- "traefik.http.middlewares.strip-api-prefix.stripprefix.prefixes=/api"
- "traefik.http.routers.back.rule=PathPrefix(`/api`)"
- "traefik.http.routers.back.middlewares=strip-api-prefix@docker"
- "traefik.http.routers.back.entryPoints=web"
- "traefik.http.services.back.loadbalancer.server.port=8080"
- "traefik.http.routers.back.service=back"
restart: unless-stopped
redis:
image: redis:6
restart: unless-stopped
Write Preview
Loading…
Cancel
Save