services: yonote: container_name: yonote image: images.updates.yonote.ru/yonote:${APP_VERSION} env_file: - .env ports: - "3000" depends_on: - postgres - redis - keycloak - s3 command: yarn start:selfhosted environment: BIND_HOST: 0.0.0.0 PORT: 3000 URL: ${YNT_HTTP_PROTOCOL}app.${BASENAME_FOR_SUBDOMAIN} COLLABORATION_URL: ${YNT_WEBSOCKET_PROTOCOL}app.${BASENAME_FOR_SUBDOMAIN} DATABASE_URL: postgres://${YNT_DB_USER}:${YNT_DB_PASSWORD}@postgres:5432/${YNT_DB_NAME} OIDC_CLIENT_ID: yonote OIDC_CLIENT_SECRET: ${KC_CLIENT_SECRET} OIDC_AUTH_URI: ${KC_YNT_URL}/realms/yonote/protocol/openid-connect/auth OIDC_TOKEN_URI: ${KC_YNT_INTERNAL_URL}/realms/yonote/protocol/openid-connect/token OIDC_USERINFO_URI: ${KC_YNT_INTERNAL_URL}/realms/yonote/protocol/openid-connect/userinfo OIDC_LOGOUT_URI: ${KC_YNT_URL}/realms/yonote/protocol/openid-connect/logout AWS_S3_UPLOAD_BUCKET_URL: ${MINIO_YNT_URL} AWS_ACCESS_KEY_ID: ${MINIO_ACCESS_KEY_ID} AWS_SECRET_ACCESS_KEY: ${MINIO_SECRET_ACCESS_KEY} AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket AWS_REGION: xx-xxxx-x TELEGRAM_API_URL: https://api.telegram.org OIDC_DISPLAY_NAME: email OIDC_SCOPES: openid email REDIS_URL: redis://redis:6379 PGSSLMODE: disable USE_LEGACY_LOGOUT: true AWS_S3_FORCE_PATH_STYLE: true AWS_S3_ACL: private NODE_TLS_REJECT_UNAUTHORIZED: 0 SUBDOMAINS_ENABLED: true volumes: - ./License.key:/opt/yonote/License.key networks: - yonote-network external_links: - "nginx:${KC_YNT_HOST}" redis: container_name: redis image: redis:7-alpine restart: unless-stopped user: "redis:redis" networks: - yonote-network postgres: container_name: postgres image: postgres:14 restart: unless-stopped environment: POSTGRES_DB: ${YNT_DB_NAME} POSTGRES_USER: ${YNT_DB_USER} POSTGRES_PASSWORD: ${YNT_DB_PASSWORD} KC_DB_USERNAME: ${KC_DB_USERNAME} KC_DB_PASSWORD: ${KC_DB_PASSWORD} user: "postgres:postgres" volumes: - ./db-data:/var/lib/postgresql/data - ./postgres/init-keycloak-db.sh:/docker-entrypoint-initdb.d/init-keycloak-db.sh networks: - yonote-network s3: container_name: minio image: minio/minio:RELEASE.2022-08-26T19-53-15Z restart: unless-stopped environment: MINIO_ROOT_USER: ${MINIO_ADMIN_USERNAME} MINIO_ROOT_PASSWORD: ${MINIO_ADMIN_PASSWORD} MINIO_BROWSER_REDIRECT_URL: ${MINIO_ADMIN_YNT_URL} command: server --address :9000 --console-address :9001 /data ports: - "9000" - "9001" volumes: - ./s3-data:/data # - minio:/data networks: - yonote-network s3-client: container_name: minio-client image: minio/mc:RELEASE.2022-08-28T20-08-11Z volumes: - ./minio:/tmp/policies environment: MINIO_ACCESS_KEY_ID: ${MINIO_ACCESS_KEY_ID} MINIO_SECRET_ACCESS_KEY: ${MINIO_SECRET_ACCESS_KEY} MINIO_ADMIN_USERNAME: ${MINIO_ADMIN_USERNAME} MINIO_ADMIN_PASSWORD: ${MINIO_ADMIN_PASSWORD} entrypoint: > /bin/sh -c " /usr/bin/mc config host add myminio http://minio:9000 ${MINIO_ADMIN_USERNAME} ${MINIO_ADMIN_PASSWORD}; /usr/bin/mc mb myminio/yonote-bucket; /usr/bin/mc policy set-json /tmp/policies/minio-bucket-policy.json myminio/yonote-bucket; /usr/bin/mc admin user add myminio ${MINIO_ACCESS_KEY_ID} ${MINIO_SECRET_ACCESS_KEY}; /usr/bin/mc admin policy add myminio yonote-policy /tmp/policies/minio-user-policy.json; /usr/bin/mc admin policy set myminio yonote-policy user=${MINIO_ACCESS_KEY_ID}; exit 0; " networks: - yonote-network depends_on: - nginx keycloak: container_name: keycloak image: images.updates.yonote.ru/yonote-keycloak:${AUTH_VERSION} ports: - "8080" environment: KC_HOSTNAME: ${KC_YNT_HOST} KC_HOSTNAME_PORT: ${KC_YNT_EXTERNAL_PORT} OIDC_CLIENT_SECRET: ${KC_CLIENT_SECRET} YNT_HTTP_PROTOCOL: ${YNT_HTTP_PROTOCOL} BASENAME_FOR_SUBDOMAIN: app.${BASENAME_FOR_SUBDOMAIN} KEYCLOAK_ADMIN: ${KC_USERNAME} KEYCLOAK_ADMIN_PASSWORD: ${KC_PASSWORD} KC_DB: postgres KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak KC_DB_USERNAME: ${KC_DB_USERNAME} KC_DB_PASSWORD: ${KC_DB_PASSWORD} KC_PROXY_ADDRESS_FORWARDING: true PROXY_ADDRESS_FORWARDING: true KC_PROXY: edge KC_HOSTNAME_STRICT: false command: start --spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true --import-realm networks: - yonote-network depends_on: - postgres nginx: container_name: nginx image: nginx ports: - 80:80 - 443:443 environment: BASENAME_FOR_SUBDOMAIN: ${BASENAME_FOR_SUBDOMAIN} MINIO_YNT_HOST: ${MINIO_YNT_HOST} MINIO_ADMIN_YNT_HOST: ${MINIO_ADMIN_YNT_HOST} KC_YNT_HOST: ${KC_YNT_HOST} DOLLAR: "$" volumes: - ./nginx/default.conf.tmpl:/etc/nginx/conf.d/default.conf.tmpl - ./nginx/server.crt.pem:/etc/nginx/ssl/server.crt.pem - ./nginx/server.key.pem:/etc/nginx/ssl/server.key.pem networks: yonote-network: depends_on: - postgres - redis - keycloak - s3 - yonote command: /bin/bash -c "envsubst < /etc/nginx/conf.d/default.conf.tmpl > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'" networks: yonote-network: name: yonote-internal-network volumes: db: minio: