workadventure/contrib/docker/docker-compose.prod.singledomain.yaml

version: "3"
services:
  reverse-proxy:
    image: traefik:v2.3.7
    restart: unless-stopped
    command:
      - --providers.docker
      - --entryPoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entrypoints.web.http.redirections.entrypoint.permanent=true
      - --entryPoints.websecure.address=:443
      - --providers.file.directory=/configs/
      - --certificatesresolvers.myhttpchallenge.acme.tlschallenge=true
      - --certificatesresolvers.myhttpchallenge.acme.email=$ACME_EMAIL
      - --certificatesresolvers.myhttpchallenge.acme.storage=/acme/acme.json
    ports:
      - "80:80"
      - "443:443"
    depends_on:
      - back
      - front
      - up
      - pusher
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./acme:/acme
      - ./traefik_tls.yaml:/configs/traefik_tls.yml
      - ./.htpasswd:/.htpasswd  

  front:
    restart: unless-stopped
    build:
      context: ../..
      dockerfile: front/Dockerfile
      args:
        BASE_DOMAIN: ${BASE_DOMAIN:-workadventure.localhost}

        # These should fall back to window.location.host
        API_URL: ""
        UPLOADER_URL: ""

        START_ROOM_URL: "$START_ROOM_URL"
        JITSI_PRIVATE_MODE: "$JITSI_PRIVATE_MODE"
        JITSI_URL: "$JITSI_URL"
        START_ROOM_URL: "$START_ROOM_URL"
        STUN_SERVER: "$STUN_SERVER"
        TURN_PASSWORD: "$TURN_PASSWORD"
        TURN_SERVER: "$TURN_SERVER"
        TURN_USER: "$TURN_USER"
        MAX_PER_GROUP: "$MAX_PER_GROUP"
    labels:
      - "traefik.http.routers.front.rule=PathPrefix(`/`)"
      - "traefik.http.routers.front.rule=Host(`${BASE_DOMAIN}`)"
      - "traefik.http.routers.front.entryPoints=web"
      - "traefik.http.services.front.loadbalancer.server.port=8000"
      - "traefik.http.routers.front-ssl.rule=PathPrefix(`/`)"
      - "traefik.http.routers.front-ssl.rule=Host(`${BASE_DOMAIN}`)"
      - "traefik.http.routers.front-ssl.entryPoints=websecure"
      - "traefik.http.routers.front-ssl.tls=true"
      - "traefik.http.routers.front-ssl.service=front"
      - "traefik.http.routers.front-ssl.tls.certresolver=myhttpchallenge"
# uncomment to enable user/pass basic auth        
#      - "traefik.http.routers.front.middlewares=auth"
#      - "traefik.http.routers.front-ssl.middlewares=auth"
#      - "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_BASICAUTH}"
#      - "traefik.http.middlewares.auth.basicauth.usersFile=${TRAEFIK_BASICAUTHFILE}"
#      - "traefik.http.middlewares.auth.basicauth.headerField=X-WebAuth-User"



  pusher:
    restart: unless-stopped
    build:
      context: ../..
      dockerfile: pusher/Dockerfile
    environment:
      SECRET_KEY: yourSecretKey
      SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
      ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"
      ADMIN_API_URL: "$ADMIN_API_URL"
      API_URL: back:50051
      JITSI_URL: $JITSI_URL
      JITSI_ISS: $JITSI_ISS
    labels:
      - "traefik.http.routers.pusher.rule=Path(`/admin/rooms`, `/room`, `/verify`, `/register`, `/anonymLogin`, `/metrics`, `/dump`, `/map`)"
      - "traefik.http.routers.pusher.entryPoints=web"
      - "traefik.http.services.pusher.loadbalancer.server.port=8080"
      - "traefik.http.routers.pusher-ssl.rule=Path(`/admin/rooms`, `/room`, `/verify`, `/register`, `/anonymLogin`, `/metrics`, `/dump`, `/map`)"
      - "traefik.http.routers.pusher-ssl.entryPoints=websecure"
      - "traefik.http.routers.pusher-ssl.tls=true"
      - "traefik.http.routers.pusher-ssl.service=pusher"
      - "traefik.http.routers.pusher-ssl.tls.certresolver=myhttpchallenge"

  back:
    restart: unless-stopped
    build:
      context: ../..
      dockerfile: back/Dockerfile
    environment:
      SECRET_KEY: yourSecretKey
      SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
      ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"
      ADMIN_API_URL: "$ADMIN_API_URL"
      JITSI_URL: $JITSI_URL
      JITSI_ISS: $JITSI_ISS
      MAX_PER_GROUP: $MAX_PER_GROUP

  up:
    restart: unless-stopped
    build:
      context: ../..
      dockerfile: uploader/Dockerfile
    labels:
      - "traefik.http.routers.up.rule=Path(`/upload-audio-message`, `/download-audio-message`)"
      - "traefik.http.routers.up.entryPoints=web"
      - "traefik.http.services.up.loadbalancer.server.port=8080"
      - "traefik.http.routers.up-ssl.rule=Path(`/upload-audio-message`, `/download-audio-message`)"
      - "traefik.http.routers.up-ssl.entryPoints=websecure"
      - "traefik.http.routers.up-ssl.tls=true"
      - "traefik.http.routers.up-ssl.service=up"
      - "traefik.http.routers.up-ssl.tls.certresolver=myhttpchallenge"