workadventure/contrib/docker/docker-compose.prod.singledomain.yaml

version: "3"
services:
  reverse-proxy:
    image: traefik:v2.3.7
    restart: unless-stopped
    command:
      - --providers.docker
      - --entryPoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.web.http.redirections.entrypoint.permanent=true
      - --entryPoints.websecure.address=:443
      - --providers.file.directory=/configs/
      - --certificatesresolvers.myhttpchallenge.acme.tlschallenge=true
      - --certificatesresolvers.myhttpchallenge.acme.email=$ACME_EMAIL
      - --certificatesresolvers.myhttpchallenge.acme.storage=/acme/acme.json
    ports:
      - "80:80"
      - "443:443"
    depends_on:
      - back
      - front
      - up
      - pusher
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./acme:/acme
      - ./traefik_tls.yaml:/configs/traefik_tls.yml
      - ./.htpasswd:/.htpasswd  

  front:
    restart: unless-stopped
    build:
      context: ../..
      dockerfile: front/Dockerfile
      args:
        BASE_DOMAIN: ${BASE_DOMAIN:-workadventure.localhost}

        # These should fall back to window.location.host
        API_URL: ""
        UPLOADER_URL: ""

        START_ROOM_URL: "$START_ROOM_URL"
        JITSI_PRIVATE_MODE: "$JITSI_PRIVATE_MODE"
        JITSI_URL: "$JITSI_URL"
        START_ROOM_URL: "$START_ROOM_URL"
        STUN_SERVER: "$STUN_SERVER"
        TURN_PASSWORD: "$TURN_PASSWORD"
        TURN_SERVER: "$TURN_SERVER"
        TURN_USER: "$TURN_USER"
        MAX_PER_GROUP: "$MAX_PER_GROUP"
    labels:
      - "traefik.http.routers.front.rule=PathPrefix(`/`)"
      - "traefik.http.routers.front.rule=Host(`${BASE_DOMAIN}`)"
      - "traefik.http.routers.front.entryPoints=web"
      - "traefik.http.services.front.loadbalancer.server.port=8000"
      - "traefik.http.routers.front-ssl.rule=PathPrefix(`/`)"
      - "traefik.http.routers.front-ssl.rule=Host(`${BASE_DOMAIN}`)"
      - "traefik.http.routers.front-ssl.entryPoints=websecure"
      - "traefik.http.routers.front-ssl.tls=true"
      - "traefik.http.routers.front-ssl.service=front"
      - "traefik.http.routers.front-ssl.tls.certresolver=myhttpchallenge"
# uncomment to enable user/pass basic auth        
#      - "traefik.http.routers.front.middlewares=auth"
#      - "traefik.http.routers.front-ssl.middlewares=auth"
#      - "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_BASICAUTH}"
#      - "traefik.http.middlewares.auth.basicauth.usersFile=${TRAEFIK_BASICAUTHFILE}"
#      - "traefik.http.middlewares.auth.basicauth.headerField=X-WebAuth-User"


  pusher:
    restart: unless-stopped
    build:
      context: ../..
      dockerfile: pusher/Dockerfile
    environment:
      SECRET_KEY: yourSecretKey
      SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
      ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"
      ADMIN_API_URL: "$ADMIN_API_URL"
      API_URL: back:50051
      JITSI_URL: $JITSI_URL
      JITSI_ISS: $JITSI_ISS
    labels:
      - "traefik.http.routers.pusher.rule=Path(`/admin/rooms`, `/room`, `/verify`, `/register`, `/anonymLogin`, `/metrics`, `/dump`, `/map`)"
      - "traefik.http.routers.pusher.entryPoints=web"
      - "traefik.http.services.pusher.loadbalancer.server.port=8080"
      - "traefik.http.routers.pusher-ssl.rule=Path(`/admin/rooms`, `/room`, `/verify`, `/register`, `/anonymLogin`, `/metrics`, `/dump`, `/map`)"
      - "traefik.http.routers.pusher-ssl.entryPoints=websecure"
      - "traefik.http.routers.pusher-ssl.tls=true"
      - "traefik.http.routers.pusher-ssl.service=pusher"
      - "traefik.http.routers.pusher-ssl.tls.certresolver=myhttpchallenge"

  back:
    restart: unless-stopped
    build:
      context: ../..
      dockerfile: back/Dockerfile
    environment:
      SECRET_KEY: yourSecretKey
      SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
      ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"
      ADMIN_API_URL: "$ADMIN_API_URL"
      JITSI_URL: $JITSI_URL
      JITSI_ISS: $JITSI_ISS
      MAX_PER_GROUP: $MAX_PER_GROUP

  up:
    restart: unless-stopped
    build:
      context: ../..
      dockerfile: uploader/Dockerfile
    labels:
      - "traefik.http.routers.up.rule=Path(`/upload-audio-message`, `/download-audio-message`)"
      - "traefik.http.routers.up.entryPoints=web"
      - "traefik.http.services.up.loadbalancer.server.port=8080"
      - "traefik.http.routers.up-ssl.rule=Path(`/upload-audio-message`, `/download-audio-message`)"
      - "traefik.http.routers.up-ssl.entryPoints=websecure"
      - "traefik.http.routers.up-ssl.tls=true"
      - "traefik.http.routers.up-ssl.service=up"
      - "traefik.http.routers.up-ssl.tls.certresolver=myhttpchallenge"
$¯\_(ツ)_/¯$ Add compose file and .env template for single domain deployment 2021-03-23 09:35:36 +01:00			`version: "3"`
			`services:`
			`reverse-proxy:`
			`image: traefik:v2.3.7`
			`restart: unless-stopped`
			`command:`
			`- --providers.docker`
			`- --entryPoints.web.address=:80`
			`- --entrypoints.web.http.redirections.entryPoint.to=websecure`
			`- --entrypoints.web.http.redirections.entryPoint.scheme=https`
			`- --entrypoints.web.http.redirections.entrypoint.permanent=true`
			`- --entryPoints.websecure.address=:443`
			`- --providers.file.directory=/configs/`
			`- --certificatesresolvers.myhttpchallenge.acme.tlschallenge=true`
			`- --certificatesresolvers.myhttpchallenge.acme.email=$ACME_EMAIL`
			`- --certificatesresolvers.myhttpchallenge.acme.storage=/acme/acme.json`
			`ports:`
			`- "80:80"`
			`- "443:443"`
			`depends_on:`
			`- back`
			`- front`
			`- up`
			`- pusher`
			`volumes:`
			`- /var/run/docker.sock:/var/run/docker.sock`
			`- ./acme:/acme`
			`- ./traefik_tls.yaml:/configs/traefik_tls.yml`
			`- ./.htpasswd:/.htpasswd`

			`front:`
			`restart: unless-stopped`
			`build:`
			`context: ../..`
			`dockerfile: front/Dockerfile`
			`args:`
			`BASE_DOMAIN: ${BASE_DOMAIN:-workadventure.localhost}`

			`# These should fall back to window.location.host`
			`API_URL: ""`
			`UPLOADER_URL: ""`

			`START_ROOM_URL: "$START_ROOM_URL"`
			`JITSI_PRIVATE_MODE: "$JITSI_PRIVATE_MODE"`
			`JITSI_URL: "$JITSI_URL"`
			`START_ROOM_URL: "$START_ROOM_URL"`
			`STUN_SERVER: "$STUN_SERVER"`
			`TURN_PASSWORD: "$TURN_PASSWORD"`
			`TURN_SERVER: "$TURN_SERVER"`
			`TURN_USER: "$TURN_USER"`
			`MAX_PER_GROUP: "$MAX_PER_GROUP"`
			`labels:`
			- "traefik.http.routers.front.rule=PathPrefix(`/`)"
			- "traefik.http.routers.front.rule=Host(`${BASE_DOMAIN}`)"
			`- "traefik.http.routers.front.entryPoints=web"`
			`- "traefik.http.services.front.loadbalancer.server.port=8000"`
			- "traefik.http.routers.front-ssl.rule=PathPrefix(`/`)"
			- "traefik.http.routers.front-ssl.rule=Host(`${BASE_DOMAIN}`)"
			`- "traefik.http.routers.front-ssl.entryPoints=websecure"`
			`- "traefik.http.routers.front-ssl.tls=true"`
			`- "traefik.http.routers.front-ssl.service=front"`
			`- "traefik.http.routers.front-ssl.tls.certresolver=myhttpchallenge"`
			`# uncomment to enable user/pass basic auth`
			`# - "traefik.http.routers.front.middlewares=auth"`
			`# - "traefik.http.routers.front-ssl.middlewares=auth"`
			`# - "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_BASICAUTH}"`
			`# - "traefik.http.middlewares.auth.basicauth.usersFile=${TRAEFIK_BASICAUTHFILE}"`
			`# - "traefik.http.middlewares.auth.basicauth.headerField=X-WebAuth-User"`



			`pusher:`
			`restart: unless-stopped`
			`build:`
			`context: ../..`
			`dockerfile: pusher/Dockerfile`
			`environment:`
			`SECRET_KEY: yourSecretKey`
			`SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"`
			`ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"`
			`ADMIN_API_URL: "$ADMIN_API_URL"`
			`API_URL: back:50051`
			`JITSI_URL: $JITSI_URL`
			`JITSI_ISS: $JITSI_ISS`
			`labels:`
			- "traefik.http.routers.pusher.rule=Path(`/admin/rooms`, `/room`, `/verify`, `/register`, `/anonymLogin`, `/metrics`, `/dump`, `/map`)"
			`- "traefik.http.routers.pusher.entryPoints=web"`
			`- "traefik.http.services.pusher.loadbalancer.server.port=8080"`
			- "traefik.http.routers.pusher-ssl.rule=Path(`/admin/rooms`, `/room`, `/verify`, `/register`, `/anonymLogin`, `/metrics`, `/dump`, `/map`)"
			`- "traefik.http.routers.pusher-ssl.entryPoints=websecure"`
			`- "traefik.http.routers.pusher-ssl.tls=true"`
			`- "traefik.http.routers.pusher-ssl.service=pusher"`
			`- "traefik.http.routers.pusher-ssl.tls.certresolver=myhttpchallenge"`

			`back:`
			`restart: unless-stopped`
			`build:`
			`context: ../..`
			`dockerfile: back/Dockerfile`
			`environment:`
			`SECRET_KEY: yourSecretKey`
			`SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"`
			`ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"`
			`ADMIN_API_URL: "$ADMIN_API_URL"`
			`JITSI_URL: $JITSI_URL`
			`JITSI_ISS: $JITSI_ISS`
			`MAX_PER_GROUP: $MAX_PER_GROUP`

			`up:`
			`restart: unless-stopped`
			`build:`
			`context: ../..`
			`dockerfile: uploader/Dockerfile`
			`labels:`
			- "traefik.http.routers.up.rule=Path(`/upload-audio-message`, `/download-audio-message`)"
			`- "traefik.http.routers.up.entryPoints=web"`
			`- "traefik.http.services.up.loadbalancer.server.port=8080"`
			- "traefik.http.routers.up-ssl.rule=Path(`/upload-audio-message`, `/download-audio-message`)"
			`- "traefik.http.routers.up-ssl.entryPoints=websecure"`
			`- "traefik.http.routers.up-ssl.tls=true"`
			`- "traefik.http.routers.up-ssl.service=up"`
			`- "traefik.http.routers.up-ssl.tls.certresolver=myhttpchallenge"`