Add compose file and .env template for single domain deployment
This commit is contained in:
parent
d8d11cb008
commit
f403bb83cb
1
.gitignore
vendored
1
.gitignore
vendored
@ -7,3 +7,4 @@ docker-compose.override.yaml
|
||||
maps/yarn.lock
|
||||
maps/dist/computer.js
|
||||
maps/dist/computer.js.map
|
||||
contrib/docker/acme
|
||||
|
38
contrib/docker/.env.prod.singledomain.template
Normal file
38
contrib/docker/.env.prod.singledomain.template
Normal file
@ -0,0 +1,38 @@
|
||||
## The single (sub)domain to use
|
||||
BASE_DOMAIN=wa.example.com
|
||||
|
||||
DEBUG_MODE=false
|
||||
|
||||
## JITSI settings
|
||||
JITSI_URL=meet.jit.si
|
||||
# If your Jitsi environment has authentication set up, you MUST set JITSI_PRIVATE_MODE to "true" and you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
|
||||
JITSI_PRIVATE_MODE=false
|
||||
JITSI_ISS=
|
||||
SECRET_JITSI_KEY=
|
||||
|
||||
## ADMIN backend settings
|
||||
ADMIN_API_TOKEN=2342
|
||||
ADMIN_API_URL=
|
||||
|
||||
## TURN server settings
|
||||
# URL of the TURN server (needed to "punch a hole" through some networks for P2P connections)
|
||||
STUN_SERVER=
|
||||
TURN_SERVER=
|
||||
TURN_USER=
|
||||
TURN_PASSWORD=
|
||||
|
||||
## Reverse proxy settings (note: these must also be manually activated in the docker-compose file for now)
|
||||
TRAEFIK_BASICAUTH=testuser:$2y$05$L2t/Wx937mHhKH61mjPL7OvepvjcyUnzVUkpiMo.nKeWSdRd5oyUC
|
||||
TRAEFIK_BASICAUTHFILE=/.htpasswd
|
||||
|
||||
# Maximum allowed number of people per "ring" group
|
||||
MAX_PER_GROUP=5
|
||||
|
||||
# The URL used by default, in the form: "/_/global/map/url.json" or with active admin backend as "/@/org/world/room"
|
||||
START_ROOM_URL=/_/global/maps.workadventu.re/Floor0/floor0.json
|
||||
|
||||
# The email address used by Let's encrypt to send renewal warnings (compulsory)
|
||||
ACME_EMAIL=
|
||||
|
||||
# Set to true to allow using this instance as a target for the apiUrl property
|
||||
FEDERATE_PUSHER=false
|
0
contrib/docker/.htpasswd
Normal file
0
contrib/docker/.htpasswd
Normal file
123
contrib/docker/docker-compose.prod.singledomain.yaml
Normal file
123
contrib/docker/docker-compose.prod.singledomain.yaml
Normal file
@ -0,0 +1,123 @@
|
||||
version: "3"
|
||||
services:
|
||||
reverse-proxy:
|
||||
image: traefik:v2.3.7
|
||||
restart: unless-stopped
|
||||
command:
|
||||
- --providers.docker
|
||||
- --entryPoints.web.address=:80
|
||||
- --entrypoints.web.http.redirections.entryPoint.to=websecure
|
||||
- --entrypoints.web.http.redirections.entryPoint.scheme=https
|
||||
- --entrypoints.web.http.redirections.entrypoint.permanent=true
|
||||
- --entryPoints.websecure.address=:443
|
||||
- --providers.file.directory=/configs/
|
||||
- --certificatesresolvers.myhttpchallenge.acme.tlschallenge=true
|
||||
- --certificatesresolvers.myhttpchallenge.acme.email=$ACME_EMAIL
|
||||
- --certificatesresolvers.myhttpchallenge.acme.storage=/acme/acme.json
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
depends_on:
|
||||
- back
|
||||
- front
|
||||
- up
|
||||
- pusher
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- ./acme:/acme
|
||||
- ./traefik_tls.yaml:/configs/traefik_tls.yml
|
||||
- ./.htpasswd:/.htpasswd
|
||||
|
||||
front:
|
||||
restart: unless-stopped
|
||||
build:
|
||||
context: ../..
|
||||
dockerfile: front/Dockerfile
|
||||
args:
|
||||
BASE_DOMAIN: ${BASE_DOMAIN:-workadventure.localhost}
|
||||
|
||||
# These should fall back to window.location.host
|
||||
API_URL: ""
|
||||
UPLOADER_URL: ""
|
||||
|
||||
START_ROOM_URL: "$START_ROOM_URL"
|
||||
JITSI_PRIVATE_MODE: "$JITSI_PRIVATE_MODE"
|
||||
JITSI_URL: "$JITSI_URL"
|
||||
START_ROOM_URL: "$START_ROOM_URL"
|
||||
STUN_SERVER: "$STUN_SERVER"
|
||||
TURN_PASSWORD: "$TURN_PASSWORD"
|
||||
TURN_SERVER: "$TURN_SERVER"
|
||||
TURN_USER: "$TURN_USER"
|
||||
MAX_PER_GROUP: "$MAX_PER_GROUP"
|
||||
labels:
|
||||
- "traefik.http.routers.front.rule=PathPrefix(`/`)"
|
||||
- "traefik.http.routers.front.rule=Host(`${BASE_DOMAIN}`)"
|
||||
- "traefik.http.routers.front.entryPoints=web"
|
||||
- "traefik.http.services.front.loadbalancer.server.port=8000"
|
||||
- "traefik.http.routers.front-ssl.rule=PathPrefix(`/`)"
|
||||
- "traefik.http.routers.front-ssl.rule=Host(`${BASE_DOMAIN}`)"
|
||||
- "traefik.http.routers.front-ssl.entryPoints=websecure"
|
||||
- "traefik.http.routers.front-ssl.tls=true"
|
||||
- "traefik.http.routers.front-ssl.service=front"
|
||||
- "traefik.http.routers.front-ssl.tls.certresolver=myhttpchallenge"
|
||||
# uncomment to enable user/pass basic auth
|
||||
# - "traefik.http.routers.front.middlewares=auth"
|
||||
# - "traefik.http.routers.front-ssl.middlewares=auth"
|
||||
# - "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_BASICAUTH}"
|
||||
# - "traefik.http.middlewares.auth.basicauth.usersFile=${TRAEFIK_BASICAUTHFILE}"
|
||||
# - "traefik.http.middlewares.auth.basicauth.headerField=X-WebAuth-User"
|
||||
|
||||
|
||||
|
||||
pusher:
|
||||
restart: unless-stopped
|
||||
build:
|
||||
context: ../..
|
||||
dockerfile: pusher/Dockerfile
|
||||
environment:
|
||||
SECRET_KEY: yourSecretKey
|
||||
SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
|
||||
ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"
|
||||
ADMIN_API_URL: "$ADMIN_API_URL"
|
||||
API_URL: back:50051
|
||||
JITSI_URL: $JITSI_URL
|
||||
JITSI_ISS: $JITSI_ISS
|
||||
labels:
|
||||
- "traefik.http.routers.pusher.rule=Path(`/admin/rooms`, `/room`, `/verify`, `/register`, `/anonymLogin`, `/metrics`, `/dump`, `/map`)"
|
||||
- "traefik.http.routers.pusher.entryPoints=web"
|
||||
- "traefik.http.services.pusher.loadbalancer.server.port=8080"
|
||||
- "traefik.http.routers.pusher-ssl.rule=Path(`/admin/rooms`, `/room`, `/verify`, `/register`, `/anonymLogin`, `/metrics`, `/dump`, `/map`)"
|
||||
- "traefik.http.routers.pusher-ssl.entryPoints=websecure"
|
||||
- "traefik.http.routers.pusher-ssl.tls=true"
|
||||
- "traefik.http.routers.pusher-ssl.service=pusher"
|
||||
- "traefik.http.routers.pusher-ssl.tls.certresolver=myhttpchallenge"
|
||||
|
||||
back:
|
||||
restart: unless-stopped
|
||||
build:
|
||||
context: ../..
|
||||
dockerfile: back/Dockerfile
|
||||
environment:
|
||||
SECRET_KEY: yourSecretKey
|
||||
SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
|
||||
ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"
|
||||
ADMIN_API_URL: "$ADMIN_API_URL"
|
||||
JITSI_URL: $JITSI_URL
|
||||
JITSI_ISS: $JITSI_ISS
|
||||
MAX_PER_GROUP: $MAX_PER_GROUP
|
||||
|
||||
up:
|
||||
restart: unless-stopped
|
||||
build:
|
||||
context: ../..
|
||||
dockerfile: uploader/Dockerfile
|
||||
labels:
|
||||
- "traefik.http.routers.up.rule=Path(`/upload-audio-message`, `/download-audio-message`)"
|
||||
- "traefik.http.routers.up.entryPoints=web"
|
||||
- "traefik.http.services.up.loadbalancer.server.port=8080"
|
||||
- "traefik.http.routers.up-ssl.rule=Path(`/upload-audio-message`, `/download-audio-message`)"
|
||||
- "traefik.http.routers.up-ssl.entryPoints=websecure"
|
||||
- "traefik.http.routers.up-ssl.tls=true"
|
||||
- "traefik.http.routers.up-ssl.service=up"
|
||||
- "traefik.http.routers.up-ssl.tls.certresolver=myhttpchallenge"
|
||||
|
13
contrib/docker/traefik_tls.yaml
Normal file
13
contrib/docker/traefik_tls.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
tls:
|
||||
options:
|
||||
default:
|
||||
sniStrict: true
|
||||
minVersion: VersionTLS12
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
|
||||
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
|
||||
|
Loading…
Reference in New Issue
Block a user