You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
268 lines
9.8 KiB
268 lines
9.8 KiB
version: "3.8"
|
|
|
|
services:
|
|
|
|
reverse-proxy:
|
|
image: traefik:v2.5.6
|
|
container_name: adventure_traefik
|
|
command:
|
|
# for web ui traefik
|
|
- "--api.insecure=true"
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.swarmmode=false"
|
|
- "--log.level=DEBUG"
|
|
- "--providers.docker.exposedByDefault=false"
|
|
- "--entryPoints.web.address=:80"
|
|
- "--entryPoints.websecure.address=:443"
|
|
- "--certificatesResolvers.le.acme.email=${ACME_EMAIL}"
|
|
- "--certificatesResolvers.le.acme.storage=/acme/acme.json"
|
|
- "--certificatesResolvers.le.acme.httpChallenge=true"
|
|
- "--certificatesResolvers.le.acme.httpChallenge.entryPoint=web"
|
|
- "--certificatesresolvers.le.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
|
|
ports:
|
|
- "443:443"
|
|
- "80:80"
|
|
# The Web UI (enabled by --api.insecure=true)
|
|
- "8082:8080"
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- acme:/acme
|
|
networks:
|
|
adventure_net:
|
|
|
|
front:
|
|
image: thecodingmachine/workadventure-front:v1.12.10
|
|
environment:
|
|
DEBUG_MODE: "false"
|
|
JITSI_URL: "meet.jit.si"
|
|
JITSI_PRIVATE_MODE: "false"
|
|
PUSHER_URL: https://${PUSHER_URL}
|
|
CHAT_URL: https://${CHAT_URL}
|
|
ICON_URL: https://${ICON_URL}
|
|
# CHANGE ME -----------------------------------------------------
|
|
TURN_SERVER: ${TURN_SERVER}
|
|
TURN_USER: ${TURN_USER}
|
|
TURN_PASSWORD: ${TURN_PASSWORD}
|
|
MAX_PER_GROUP: 4
|
|
MAX_USERNAME_LENGTH: 15
|
|
START_ROOM_URL: ${START_ROOM_URL}
|
|
ENABLE_OPENID: ${ENABLE_OPENID}
|
|
DISABLE_ANONYMOUS: ${DISABLE_ANONYMOUS}
|
|
ENABLE_CHAT: ${ENABLE_CHAT}
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.adventure-front.rule=Host(`play.${DOMAIN}`)
|
|
- traefik.http.routers.adventure-front.entryPoints=web
|
|
- traefik.http.services.adventure-front.loadbalancer.server.port=80
|
|
- traefik.http.routers.adventure-front.middlewares=https_redirect
|
|
|
|
- traefik.http.routers.adventure-front-ssl.rule=Host(`play.${DOMAIN}`)
|
|
- traefik.http.routers.adventure-front-ssl.entryPoints=websecure
|
|
- traefik.http.routers.adventure-front-ssl.tls=true
|
|
- traefik.http.routers.adventure-front-ssl.service=adventure-front
|
|
- traefik.http.routers.adventure-front-ssl.tls.certresolver=le
|
|
- traefik.http.routers.adventure-front-ssl.middlewares=redir
|
|
# middlewares
|
|
- traefik.http.middlewares.redir.redirectregex.regex=^https://www\.(.+)
|
|
- traefik.http.middlewares.redir.redirectregex.replacement=https://$${1}
|
|
- traefik.http.middlewares.redir.redirectregex.permanent=true
|
|
- traefik.http.middlewares.https_redirect.redirectscheme.scheme=https
|
|
- traefik.http.middlewares.https_redirect.redirectscheme.permanent=true
|
|
restart: unless-stopped
|
|
networks:
|
|
adventure_net:
|
|
|
|
pusher:
|
|
image: thecodingmachine/workadventure-pusher:v1.12.10
|
|
environment:
|
|
# SECRET_JITSI_KEY: "${SECRET_JITSI_KEY}"
|
|
SECRET_KEY: yourSecretKey
|
|
API_URL: back:50051
|
|
# ADMIN_API_URL: "${ADMIN_API_URL}"
|
|
# ADMIN_API_TOKEN: "${ADMIN_API_TOKEN}"
|
|
JITSI_URL: ${JITSI_URL}
|
|
# JITSI_ISS: ${JITSI_ISS}
|
|
FRONT_URL : ${FRONT_URL}
|
|
ENABLE_CHAT: ${ENABLE_CHAT}
|
|
OPID_CLIENT_ID: ${OPID_CLIENT_ID}
|
|
OPID_CLIENT_SECRET: ${OPID_CLIENT_SECRET}
|
|
OPID_CLIENT_ISSUER: ${OPID_CLIENT_ISSUER}
|
|
OPID_CLIENT_REDIRECT_URL: ${OPID_CLIENT_REDIRECT_URL}
|
|
OPID_PROFILE_SCREEN_PROVIDER: ${OPID_PROFILE_SCREEN_PROVIDER}
|
|
DISABLE_ANONYMOUS: ${DISABLE_ANONYMOUS}
|
|
# OPID_USERNAME_CLAIM: ${OPID_USERNAME_CLAIM}
|
|
EJABBERD_API_URI: http://ejabberd:5443/api
|
|
EJABBERD_DOMAIN: ejabberd
|
|
EJABBERD_WS_URI: ws://ejabberd:5443/ws
|
|
EJABBERD_JWT_SECRET: mySecretJwtToken
|
|
START_ROOM_URL: "/_/global/garagenum.github.io/garage-wa-map/map.json"
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.adventure-pusher.rule=Host(`pusher.${DOMAIN}`)
|
|
- traefik.http.routers.adventure-pusher.entryPoints=web
|
|
- traefik.http.services.adventure-pusher.loadbalancer.server.port=8080
|
|
- traefik.http.routers.adventure-pusher-ssl.rule=Host(`pusher.${DOMAIN}`)
|
|
- traefik.http.routers.adventure-pusher-ssl.entryPoints=websecure
|
|
- traefik.http.routers.adventure-pusher-ssl.tls=true
|
|
- traefik.http.routers.adventure-pusher-ssl.service=adventure-pusher
|
|
- traefik.http.routers.adventure-pusher-ssl.tls.certresolver=le
|
|
restart: unless-stopped
|
|
networks:
|
|
adventure_net:
|
|
|
|
back:
|
|
image: thecodingmachine/workadventure-back:v1.12.10
|
|
command: yarn run runprod
|
|
environment:
|
|
# SECRET_KEY: ${SECRET_KEY}
|
|
# SECRET_JITSI_KEY: "${SECRET_JITSI_KEY}"
|
|
ADMIN_API_TOKEN: "${ADMIN_API_TOKEN}"
|
|
ADMIN_API_URL: "${ADMIN_API_URL}"
|
|
JITSI_URL: ${JITSI_URL}
|
|
JITSI_ISS: ""
|
|
MAX_PER_GROUP: 4
|
|
# TURN_STATIC_AUTH_SECRET: "${TURN_STATIC_AUTH_SECRET}"
|
|
REDIS_HOST: redis
|
|
ENABLE_CHAT: ${ENABLE_CHAT}
|
|
EJABBERD_API_URI: http://ejabberd:5443/api
|
|
EJABBERD_DOMAIN: //xmpp.${DOMAIN}
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.adventure-back.rule=Host(`api.${DOMAIN}`)
|
|
- traefik.http.routers.adventure-back.entryPoints=web
|
|
- traefik.http.services.adventure-back.loadbalancer.server.port=8080
|
|
- traefik.http.routers.adventure-back-ssl.rule=Host(`api.${DOMAIN}`)
|
|
- traefik.http.routers.adventure-back-ssl.entryPoints=websecure
|
|
- traefik.http.routers.adventure-back-ssl.tls=true
|
|
- traefik.http.routers.adventure-back-ssl.service=adventure-back
|
|
- traefik.http.routers.adventure-back-ssl.tls.certresolver=le
|
|
restart: unless-stopped
|
|
networks:
|
|
adventure_net:
|
|
|
|
# wont work for now
|
|
uploader:
|
|
image: thecodingmachine/workadventure-uploader:v1.12.10
|
|
environment:
|
|
UPLOADER_URL: //uploader
|
|
#REDIS
|
|
REDIS_HOST: redis
|
|
REDIS_PORT: 6379
|
|
UPLOADER_REDIS_DB_NUMBER: 0
|
|
#CHAT
|
|
ADMIN_API_URL:
|
|
ENABLE_CHAT_UPLOAD: "false"
|
|
UPLOAD_MAX_FILESIZE: 10485760
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.adventure-uploader.rule=Host(`uploader.${DOMAIN}`)
|
|
- traefik.http.routers.adventure-uploader.entryPoints=web
|
|
- traefik.http.services.adventure-uploader.loadbalancer.server.port=8080
|
|
- traefik.http.routers.adventure-uploader-ssl.rule=Host(`uploader.${DOMAIN}`)
|
|
- traefik.http.routers.adventure-uploader-ssl.entryPoints=websecure
|
|
- traefik.http.routers.adventure-uploader-ssl.service=adventure-uploader
|
|
- traefik.http.routers.adventure-uploader-ssl.tls=true
|
|
- traefik.http.routers.adventure-uploader-ssl.tls.certresolver=le
|
|
networks:
|
|
adventure_net:
|
|
|
|
chat:
|
|
image: thecodingmachine/workadventure-chat:v1.12.10
|
|
environment:
|
|
PUSHER_URL: //pusher.${DOMAIN}
|
|
UPLOADER_URL: //uploader.${DOMAIN}
|
|
# EMBEDLY_KEY: ${EMBEDLY_KEY}
|
|
ENABLE_CHAT_UPLOAD: "false"
|
|
EJABBERD_DOMAIN: //xmpp.${DOMAIN}
|
|
ENABLE_OPENID: 1
|
|
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.adventure-chat.rule=Host(`chat.${DOMAIN}`)
|
|
- traefik.http.routers.adventure-chat.entryPoints=web
|
|
- traefik.http.services.adventure-chat.loadbalancer.server.port=80
|
|
- traefik.http.routers.adventure-chat-ssl.rule=Host(`chat.${DOMAIN}`)
|
|
- traefik.http.routers.adventure-chat-ssl.entryPoints=websecure
|
|
- traefik.http.routers.adventure-chat-ssl.service=adventure-chat
|
|
- traefik.http.routers.adventure-chat-ssl.tls=true
|
|
- traefik.http.routers.adventure-chat-ssl.tls.certresolver=le
|
|
networks:
|
|
adventure_net:
|
|
|
|
icon:
|
|
image: matthiasluedtke/iconserver:v3.13.0
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.adventure-icon.rule=Host(`icon.${DOMAIN}`)
|
|
- traefik.http.routers.adventure-icon.entryPoints=web,traefik
|
|
- traefik.http.services.adventure-icon.loadbalancer.server.port=8080
|
|
- traefik.http.routers.adventure-icon-ssl.rule=Host(`icon.${DOMAIN}`)
|
|
- traefik.http.routers.adventure-icon-ssl.entryPoints=websecure
|
|
- traefik.http.routers.adventure-icon-ssl.tls=true
|
|
- traefik.http.routers.adventure-icon-ssl.service=adventure-icon
|
|
- traefik.http.routers.adventure-icon-ssl.tls.certresolver=le
|
|
networks:
|
|
adventure_net:
|
|
|
|
ejabberd:
|
|
container_name: adventure-ejabberd
|
|
image: ghcr.io/processone/ejabberd:22.05
|
|
networks:
|
|
adventure_net:
|
|
volumes:
|
|
- ./ejabberd.yml:/opt/ejabberd/conf/ejabberd.yml
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.xmpp.rule=Host(`xmpp.${DOMAIN}`)
|
|
- traefik.http.routers.xmpp.entryPoints=web
|
|
- traefik.http.services.xmpp.loadbalancer.server.port=5380
|
|
- traefik.http.routers.xmpp-ssl.rule=Host(`xmpp.${DOMAIN}`)
|
|
- traefik.http.routers.xmpp-ssl.entryPoints=websecure
|
|
- traefik.http.routers.xmpp-ssl.tls=true
|
|
- traefik.http.routers.xmpp-ssl.service=xmpp
|
|
|
|
|
|
redis:
|
|
container_name: adventure-redis
|
|
image: redis:6
|
|
volumes:
|
|
- redisdata:/data
|
|
networks:
|
|
adventure_net:
|
|
|
|
|
|
coturn:
|
|
image: coturn/coturn:4.5.2
|
|
command:
|
|
- turnserver
|
|
#- -c=/etc/coturn/turnserver.conf
|
|
- --log-file=stdout
|
|
|
|
# change me
|
|
- --external-ip=92.243.20.228
|
|
- --realm=turn.${DOMAIN}
|
|
- --server-name=turn.${DOMAIN}
|
|
|
|
- --listening-port=3478
|
|
- --min-port=10002
|
|
- --max-port=10100
|
|
- --tls-listening-port=5349
|
|
- --listening-ip=0.0.0.0
|
|
- --lt-cred-mech
|
|
# Enable Coturn REST API to validate temporary passwords.
|
|
#- --use-auth-secret
|
|
#- --static-auth-secret=SomeStaticAuthSecret
|
|
#- --userdb=/var/lib/turn/turndb
|
|
- --user=workadventure:WorkAdventure123
|
|
# use real-valid certificate/privatekey files
|
|
#- --cert=/root/letsencrypt/fullchain.pem
|
|
#- --pkey=/root/letsencrypt/privkey.pem
|
|
network_mode: host
|
|
|
|
|
|
networks:
|
|
adventure_net:
|
|
|
|
volumes:
|
|
acme:
|
|
redisdata: |