onprem-deploy/docker-compose.yml

version: "3"
services:
  yonote:
    container_name: yonote
    image: images.updates.yonote.ru/yonote:${APP_VERSION}
    env_file:
      - .env
    ports:
      - "3000"
    depends_on:
      - postgres
      - redis
      - keycloak
      - s3-client
    command: yarn start:selfhosted
    environment:
      BIND_HOST: 0.0.0.0
      PORT: 3000
      URL: ${YNT_HTTP_PROTOCOL}${BASENAME_FOR_SUBDOMAIN}
      COLLABORATION_URL: ${YNT_WEBSOCKET_PROTOCOL}${BASENAME_FOR_SUBDOMAIN}
      DATABASE_URL: postgres://${YNT_DB_USER}:${YNT_DB_PASSWORD}@postgres:5432/${YNT_DB_NAME}
      OIDC_CLIENT_ID: yonote
      OIDC_CLIENT_SECRET: ${KC_CLIENT_SECRET}
      OIDC_AUTH_URI: ${KC_YNT_URL}/realms/yonote/protocol/openid-connect/auth
      OIDC_TOKEN_URI: ${KC_YNT_URL}/realms/yonote/protocol/openid-connect/token
      OIDC_USERINFO_URI: ${KC_YNT_URL}/realms/yonote/protocol/openid-connect/userinfo
      OIDC_LOGOUT_URI: ${KC_YNT_URL}/realms/yonote/protocol/openid-connect/logout
      AWS_S3_UPLOAD_BUCKET_URL: ${MINIO_YNT_URL}
      AWS_ACCESS_KEY_ID: ${MINIO_ACCESS_KEY_ID}
      AWS_SECRET_ACCESS_KEY: ${MINIO_SECRET_ACCESS_KEY}
      AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket
      AWS_REGION: xx-xxxx-x
      TELEGRAM_API_URL: https://api.telegram.org
      OIDC_DISPLAY_NAME: email
      OIDC_SCOPES: openid email
      REDIS_URL: redis://redis:6379
      PGSSLMODE: disable
      USE_LEGACY_LOGOUT: true
      AWS_S3_FORCE_PATH_STYLE: true
      AWS_S3_ACL: private
    volumes:
      - ./License.key:/opt/yonote/License.key
    networks:
      - yonote-network
    external_links:
     - "nginx:${KC_YNT_HOST}"
     - "nginx:${MINIO_YNT_HOST}"

  redis:
    container_name: redis
    image: redis:7-alpine
    restart: unless-stopped
    user: "redis:redis"
    networks:
      - yonote-network

  postgres:
    container_name: postgres
    image: postgres:14
    restart: unless-stopped
    environment:
      POSTGRES_DB: ${YNT_DB_NAME}
      POSTGRES_USER: ${YNT_DB_USER}
      POSTGRES_PASSWORD: ${YNT_DB_PASSWORD}
      KC_DB_USERNAME: ${KC_DB_USERNAME}
      KC_DB_PASSWORD: ${KC_DB_PASSWORD}
      user: "postgres:postgres"
    volumes:
      - db:/var/lib/postgresql/data
      - ./postgres/init-keycloak-db.sh:/docker-entrypoint-initdb.d/init-keycloak-db.sh
    networks:
      - yonote-network

  s3:
    container_name: minio
    image: minio/minio:RELEASE.2024-03-03T17-50-39Z
    restart: unless-stopped
    environment:
      - MINIO_ROOT_USER=${MINIO_ADMIN_USERNAME}
      - MINIO_ROOT_PASSWORD=${MINIO_ADMIN_PASSWORD}
    command: server --address :9000 --console-address :9001 /data
    ports:
      - "9000"
      - "9001"
    volumes:
      - minio:/data
    networks:
      - yonote-network

  s3-client:
    container_name: minio-client
    image: minio/mc:RELEASE.2022-08-28T20-08-11Z
    volumes:
      - ./minio:/tmp/policies
    environment:
      MINIO_ACCESS_KEY_ID: ${MINIO_ACCESS_KEY_ID}
      MINIO_SECRET_ACCESS_KEY: ${MINIO_SECRET_ACCESS_KEY}
      MINIO_ADMIN_USERNAME: ${MINIO_ADMIN_USERNAME}
      MINIO_ADMIN_PASSWORD: ${MINIO_ADMIN_PASSWORD}
    entrypoint: >
      /bin/sh -c "
      /usr/bin/mc config host add myminio http://minio:9000 ${MINIO_ADMIN_USERNAME} ${MINIO_ADMIN_PASSWORD};
      /usr/bin/mc mb myminio/yonote-bucket;
      /usr/bin/mc policy set-json /tmp/policies/minio-bucket-policy.json myminio/yonote-bucket;
      /usr/bin/mc admin user add myminio ${MINIO_ACCESS_KEY_ID} ${MINIO_SECRET_ACCESS_KEY};
      /usr/bin/mc admin policy add myminio yonote-policy /tmp/policies/minio-user-policy.json;
      /usr/bin/mc admin policy set myminio yonote-policy user=${MINIO_ACCESS_KEY_ID};
      exit 0;
      "
    networks:
      - yonote-network
    depends_on:
      - s3

  keycloak:
    container_name: keycloak
    image: images.updates.yonote.ru/yonote-keycloak:${AUTH_VERSION}
    ports:
      - "8080"
    environment:
      KC_HOSTNAME: ${KC_YNT_HOST}
      OIDC_CLIENT_SECRET: ${KC_CLIENT_SECRET}
      YNT_HTTP_PROTOCOL: ${YNT_HTTP_PROTOCOL}
      BASENAME_FOR_SUBDOMAIN: ${BASENAME_FOR_SUBDOMAIN}
      KEYCLOAK_ADMIN: ${KC_USERNAME}
      KEYCLOAK_ADMIN_PASSWORD: ${KC_PASSWORD}
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
      KC_DB_USERNAME: ${KC_DB_USERNAME}
      KC_DB_PASSWORD: ${KC_DB_PASSWORD}
      PROXY_ADDRESS_FORWARDING: true
      KC_PROXY_ADDRESS_FORWARDING: true
      KC_PROXY: edge
      KC_HOSTNAME_STRICT: false
      KC_HOSTNAME_STRICT_HTTPS: false
      KC_HTTP_ENABLED: true
      # KC_HTTPS_ENABLED: false
      # KC_HOSTNAME_DEBUG: true
    command: start-dev --spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true --import-realm
    networks:
      - yonote-network
    depends_on:
      - postgres

  nginx:
    container_name: nginx
    image: nginx
    ports:
      - 80:80
    environment:
      BASENAME_FOR_SUBDOMAIN: ${BASENAME_FOR_SUBDOMAIN}
      MINIO_YNT_HOST: ${MINIO_YNT_HOST}
      MINIO_ADMIN_YNT_HOST: ${MINIO_ADMIN_YNT_HOST}
      KC_YNT_HOST: ${KC_YNT_HOST}
      DOLLAR: "$"
    volumes:
      - ./nginx/default.conf.tmpl:/etc/nginx/conf.d/default.conf.tmpl
    networks:
      yonote-network:
    depends_on:
      - postgres
      - redis
      - keycloak
      - s3-client
      - yonote
    command: /bin/bash -c "envsubst < /etc/nginx/conf.d/default.conf.tmpl > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"

networks:
  yonote-network:
    name: yonote-internal-network

volumes:
  db:
  minio:
Fixed websocket minio 2024-05-12 19:50:37 +00:00			`version: "3"`
			`services:`
			`yonote:`
			`container_name: yonote`
			`image: images.updates.yonote.ru/yonote:${APP_VERSION}`
			`env_file:`
			`- .env`
			`ports:`
			`- "3000"`
			`depends_on:`
			`- postgres`
			`- redis`
			`- keycloak`
			`- s3-client`
			`command: yarn start:selfhosted`
			`environment:`
			`BIND_HOST: 0.0.0.0`
			`PORT: 3000`
			`URL: ${YNT_HTTP_PROTOCOL}${BASENAME_FOR_SUBDOMAIN}`
			`COLLABORATION_URL: ${YNT_WEBSOCKET_PROTOCOL}${BASENAME_FOR_SUBDOMAIN}`
			`DATABASE_URL: postgres://${YNT_DB_USER}:${YNT_DB_PASSWORD}@postgres:5432/${YNT_DB_NAME}`
			`OIDC_CLIENT_ID: yonote`
			`OIDC_CLIENT_SECRET: ${KC_CLIENT_SECRET}`
			`OIDC_AUTH_URI: ${KC_YNT_URL}/realms/yonote/protocol/openid-connect/auth`
			`OIDC_TOKEN_URI: ${KC_YNT_URL}/realms/yonote/protocol/openid-connect/token`
			`OIDC_USERINFO_URI: ${KC_YNT_URL}/realms/yonote/protocol/openid-connect/userinfo`
			`OIDC_LOGOUT_URI: ${KC_YNT_URL}/realms/yonote/protocol/openid-connect/logout`
			`AWS_S3_UPLOAD_BUCKET_URL: ${MINIO_YNT_URL}`
			`AWS_ACCESS_KEY_ID: ${MINIO_ACCESS_KEY_ID}`
			`AWS_SECRET_ACCESS_KEY: ${MINIO_SECRET_ACCESS_KEY}`
			`AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket`
			`AWS_REGION: xx-xxxx-x`
			`TELEGRAM_API_URL: https://api.telegram.org`
			`OIDC_DISPLAY_NAME: email`
			`OIDC_SCOPES: openid email`
			`REDIS_URL: redis://redis:6379`
			`PGSSLMODE: disable`
			`USE_LEGACY_LOGOUT: true`
			`AWS_S3_FORCE_PATH_STYLE: true`
			`AWS_S3_ACL: private`
			`volumes:`
			`- ./License.key:/opt/yonote/License.key`
			`networks:`
			`- yonote-network`
			`external_links:`
			`- "nginx:${KC_YNT_HOST}"`
			`- "nginx:${MINIO_YNT_HOST}"`

			`redis:`
			`container_name: redis`
			`image: redis:7-alpine`
			`restart: unless-stopped`
			`user: "redis:redis"`
			`networks:`
			`- yonote-network`

			`postgres:`
			`container_name: postgres`
			`image: postgres:14`
			`restart: unless-stopped`
			`environment:`
			`POSTGRES_DB: ${YNT_DB_NAME}`
			`POSTGRES_USER: ${YNT_DB_USER}`
			`POSTGRES_PASSWORD: ${YNT_DB_PASSWORD}`
			`KC_DB_USERNAME: ${KC_DB_USERNAME}`
			`KC_DB_PASSWORD: ${KC_DB_PASSWORD}`
			`user: "postgres:postgres"`
			`volumes:`
			`- db:/var/lib/postgresql/data`
			`- ./postgres/init-keycloak-db.sh:/docker-entrypoint-initdb.d/init-keycloak-db.sh`
			`networks:`
			`- yonote-network`

			`s3:`
			`container_name: minio`
			`image: minio/minio:RELEASE.2024-03-03T17-50-39Z`
			`restart: unless-stopped`
			`environment:`
			`- MINIO_ROOT_USER=${MINIO_ADMIN_USERNAME}`
			`- MINIO_ROOT_PASSWORD=${MINIO_ADMIN_PASSWORD}`
			`command: server --address :9000 --console-address :9001 /data`
			`ports:`
			`- "9000"`
			`- "9001"`
			`volumes:`
			`- minio:/data`
			`networks:`
			`- yonote-network`

			`s3-client:`
			`container_name: minio-client`
			`image: minio/mc:RELEASE.2022-08-28T20-08-11Z`
			`volumes:`
			`- ./minio:/tmp/policies`
			`environment:`
			`MINIO_ACCESS_KEY_ID: ${MINIO_ACCESS_KEY_ID}`
			`MINIO_SECRET_ACCESS_KEY: ${MINIO_SECRET_ACCESS_KEY}`
			`MINIO_ADMIN_USERNAME: ${MINIO_ADMIN_USERNAME}`
			`MINIO_ADMIN_PASSWORD: ${MINIO_ADMIN_PASSWORD}`
			`entrypoint: >`
			`/bin/sh -c "`
			`/usr/bin/mc config host add myminio http://minio:9000 ${MINIO_ADMIN_USERNAME} ${MINIO_ADMIN_PASSWORD};`
			`/usr/bin/mc mb myminio/yonote-bucket;`
			`/usr/bin/mc policy set-json /tmp/policies/minio-bucket-policy.json myminio/yonote-bucket;`
			`/usr/bin/mc admin user add myminio ${MINIO_ACCESS_KEY_ID} ${MINIO_SECRET_ACCESS_KEY};`
			`/usr/bin/mc admin policy add myminio yonote-policy /tmp/policies/minio-user-policy.json;`
			`/usr/bin/mc admin policy set myminio yonote-policy user=${MINIO_ACCESS_KEY_ID};`
			`exit 0;`
			`"`
			`networks:`
			`- yonote-network`
			`depends_on:`
			`- s3`

			`keycloak:`
			`container_name: keycloak`
			`image: images.updates.yonote.ru/yonote-keycloak:${AUTH_VERSION}`
			`ports:`
			`- "8080"`
			`environment:`
			`KC_HOSTNAME: ${KC_YNT_HOST}`
			`OIDC_CLIENT_SECRET: ${KC_CLIENT_SECRET}`
			`YNT_HTTP_PROTOCOL: ${YNT_HTTP_PROTOCOL}`
			`BASENAME_FOR_SUBDOMAIN: ${BASENAME_FOR_SUBDOMAIN}`
			`KEYCLOAK_ADMIN: ${KC_USERNAME}`
			`KEYCLOAK_ADMIN_PASSWORD: ${KC_PASSWORD}`
			`KC_DB: postgres`
			`KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak`
			`KC_DB_USERNAME: ${KC_DB_USERNAME}`
			`KC_DB_PASSWORD: ${KC_DB_PASSWORD}`
			`PROXY_ADDRESS_FORWARDING: true`
			`KC_PROXY_ADDRESS_FORWARDING: true`
			`KC_PROXY: edge`
			`KC_HOSTNAME_STRICT: false`
			`KC_HOSTNAME_STRICT_HTTPS: false`
			`KC_HTTP_ENABLED: true`
			`# KC_HTTPS_ENABLED: false`
			`# KC_HOSTNAME_DEBUG: true`
			`command: start-dev --spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true --import-realm`
			`networks:`
			`- yonote-network`
			`depends_on:`
			`- postgres`

			`nginx:`
			`container_name: nginx`
			`image: nginx`
			`ports:`
			`- 80:80`
			`environment:`
			`BASENAME_FOR_SUBDOMAIN: ${BASENAME_FOR_SUBDOMAIN}`
			`MINIO_YNT_HOST: ${MINIO_YNT_HOST}`
			`MINIO_ADMIN_YNT_HOST: ${MINIO_ADMIN_YNT_HOST}`
			`KC_YNT_HOST: ${KC_YNT_HOST}`
			`DOLLAR: "$"`
			`volumes:`
			`- ./nginx/default.conf.tmpl:/etc/nginx/conf.d/default.conf.tmpl`
			`networks:`
			`yonote-network:`
			`depends_on:`
			`- postgres`
			`- redis`
			`- keycloak`
			`- s3-client`
			`- yonote`
			`command: /bin/bash -c "envsubst < /etc/nginx/conf.d/default.conf.tmpl > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"`

			`networks:`
			`yonote-network:`
			`name: yonote-internal-network`

			`volumes:`
			`db:`
			`minio:`