wilix-infra
/
loop-onprem-charts
5
0
Fork 0
Code Pull Requests Releases Activity

Update docker-compose

This commit is contained in:
artem.drozdov 2024-05-17 14:27:29 +03:00
commit e6beb736d3
2 changed files with 194 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

136
docker-compose.yml Normal file
View File

@ -0,0 +1,136 @@
version: "3.9"
services:
reverse:
container_name: nginx
hostname: nginx
image: nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx:/etc/nginx/conf.d
- ./cert:/etc/nginx/ssl
networks:
- loop-network
depends_on:
- loop
loop:
image: "registry.loop.ru/loop/server:2024-02-05-SNAPSHOT-3"
restart: "unless-stopped"
depends_on:
- "db"
- "s3"
ports:
- "8065"
- "8443:8443/udp"
environment:
MM_CALLS_RTCD_URL: "http://rtcd.loop.ru:33045" #This is the URL for interacting with the RTC (Real-Time Communication) server, which handles calls in real time.
MM_EMAILSETTINGS_PUSHNOTIFICATIONSERVER: "https://push.loop.ru" #This evn indicates the server that sends push notifications.
MM_EMAILSETTINGS_SENDPUSHNOTIFICATIONS: "true" #This env indicates whether push notifications are allowed for email
MM_EXPERIMENTALSETTINGS_ENABLEAPPBAR: "true" #This env indicates whether the application panel is enabled
MM_FEATUREFLAGS_AppsEnabled: "true" #Indicates the availability and ability to use certain applications or functions, for example, access to the gallery to download images
MM_FILESETTINGS_AMAZONS3ACCESSKEYID: "<AWS_ACCESS_KEY_ID>" #Access Key ID to access s3 storage
MM_FILESETTINGS_AMAZONS3BUCKET: "looponprem-bucket" #The name of the S3 bucket where the files are stored
MM_FILESETTINGS_AMAZONS3ENDPOINT: "minio:9000" #The URL of the S3 storage endpoint
MM_FILESETTINGS_AMAZONS3PATHPREFIX: "loop" #This option allows you to specify the path to files on S3
MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY: "<AWS_SECRET_ACCESS_KEY>" #The secret key for accessing S3 storage
MM_FILESETTINGS_AMAZONS3SSE: "false" #Env indicates whether SSL (Server-Side Encryption) is enabled for S3
MM_FILESETTINGS_AMAZONS3SSL: "false" #Env indicates whether the connection to Amazon S3 should take place over SSL
MM_FILESETTINGS_DRIVERNAME: "amazons3" #The name of the driver for working with files
MM_FILESETTINGS_MAXFILESIZE: 1048576000 #The maximum file size to download, specified in bytes.
MM_JOBSETTINGS_RUNJOBS: "false" #Specifies whether job should be performed
MM_JOBSETTINGS_RUNSCHEDULER: "false" #The flag indicates whether the task scheduler should be started
MM_LOGSETTINGS_CONSOLEJSON: "false" #The flag indicates whether the output to the console should be in JSON format
MM_LOGSETTINGS_CONSOLELEVEL: "DEBUG" #Logging level for console output
MM_LOGSETTINGS_FILELEVEL: "DEBUG" #The logging level for writing to a file
MM_PLUGINSETTINGS_AUTOMATICPREPACKAGEDPLUGINS: "true" #The flag indicates whether automatic loading of pre-packaged plugins is allowed
MM_PLUGINSETTINGS_ENABLEUPLOADS: "true" #The flag indicates whether plugin downloads are allowed
MM_SERVICEENVIRONMENT: "production" #The environment in which the application is running (for example, "production")
MM_SERVICESETTINGS_ENABLEBOTACCOUNTCREATION: "true" #The flag indicates whether the creation of bot accounts is allowed
MM_SERVICESETTINGS_ENABLECUSTOMEMOJI: "true" #Responsible for the ability to use custom emojis in the service or application
MM_SERVICESETTINGS_ENABLEDEVELOPER: "true" #The flag indicates whether developer mode is enabled
MM_SERVICESETTINGS_ENABLELINKPREVIEWS: "true" #Responsible for the setting that allows you to activate or deactivate the preview of links in the application or service
MM_SERVICESETTINGS_ENABLEOAUTHSERVICEPROVIDER: "true" #It is used to determine whether the use of third-party OAuth service providers is allowed
MM_SERVICESETTINGS_ENABLETESTING: "true" #The flag indicates whether testing is allowed
MM_SERVICESETTINGS_ENABLEUSERACCESSTOKENS: "true" #The flag indicates whether user access tokens are allowed
MM_SERVICESETTINGS_GIPHYSDKKEY: "<GiphySDKkey>" #Giphy SDK key for integration with Giphy
MM_SERVICESETTINGS_LICENSEFILELOCATION: "/mattermost/config/license.txt" #The path to the license file
MM_SERVICESETTINGS_LISTENADDRESS: ":8065" #The address and port on which the service is listening.
MM_SERVICESETTINGS_SITEURL: "https://loop.example.com" #The public URL of the service.
MM_SQLSETTINGS_DATASOURCE: "postgres://loopuser:<password>@db/loop_db?sslmode=disable\u0026connect_timeout=10" #Data source for connecting to the PostgreSQL database
MM_SQLSETTINGS_DRIVERNAME: "postgres" #Name of the database driver
MM_TEAMSETTINGS_MAXUSERSPERTEAM: 500 #Maximum number of users per team
volumes:
- loop-config:/mattermost/config/:rw
- loop-data:/mattermost/data/:rw
- loop-logs:/mattermost/logs/:rw
- loop-plugins:/mattermost/plugins/:rw
- loop-client-plugins:/mattermost/client/plugins/:rw
networks:
- loop-network
db:
image: "postgres"
restart: "unless-stopped"
environment:
POSTGRES_PASSWORD: "<password>"
POSTGRES_USER: "loopuser"
POSTGRES_DB: "loop_db"
volumes:
- ./db:/var/lib/postgresql/data
networks:
- loop-network
s3:
container_name: minio
image: minio/minio:RELEASE.2022-08-26T19-53-15Z
restart: unless-stopped
environment:
MINIO_ROOT_USER: <MINIO_ROOT_USER>
MINIO_ROOT_PASSWORD: <MINIO_ROOT_PASSWORD>
command: server --address :9000 --console-address :9001 /data
ports:
- "9000"
- "9001"
volumes:
- ./minio:/data
networks:
- loop-network
s3-client:
container_name: minio-client
image: minio/mc:RELEASE.2022-08-28T20-08-11Z
volumes:
- ./minio:/tmp/policies
environment:
AWS_ACCESS_KEY_ID: <AWS_ACCESS_KEY_ID>
AWS_SECRET_ACCESS_KEY: <AWS_SECRET_ACCESS_KEY>
entrypoint: >
/bin/sh -c "
until (/usr/bin/mc config host add loop http://minio:9000 <MINIO_ROOT_USER> <MINIO_ROOT_PASSWORD>) do echo '...waiting...' && sleep 1; done;
/usr/bin/mc mb loop/looponprem-bucket;
/usr/bin/mc admin user add loop <AWS_ACCESS_KEY_ID> <AWS_SECRET_ACCESS_KEY>;
/usr/bin/mc admin policy set loop readwrite user=<AWS_ACCESS_KEY_ID>;
exit 0;
"
networks:
- loop-network
depends_on:
- s3
networks:
loop-network:
volumes:
db:
minio:
loop-config:
loop-data:
loop-logs:
loop-plugins:
loop-client-plugins:

58
nginx/loop-ssl.conf Normal file
View File

@ -0,0 +1,58 @@
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
server {
listen 443 ssl http2;
server_name loop.example.com;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
# Please update the ciphers in this file every 6 months.
# https://ssl-config.mozilla.org/
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_pass http://loop:8065;
}
location / {
gzip on;
proxy_set_header X-Forwarded-Ssl on;
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_pass http://loop:8065;
}
}