onprem-deploy/external_ports_https_v2/docker-compose.yml

176 lines
5.5 KiB
YAML

services:
yonote:
container_name: yonote
image: images.updates.yonote.ru/yonote:${APP_VERSION}
env_file:
- .env
ports:
- "3000"
depends_on:
- postgres
- redis
- keycloak
- s3
command: yarn start:selfhosted
environment:
BIND_HOST: 0.0.0.0
PORT: 3000
URL: ${YNT_HTTP_PROTOCOL}app.${BASENAME_FOR_SUBDOMAIN}
COLLABORATION_URL: ${YNT_WEBSOCKET_PROTOCOL}app.${BASENAME_FOR_SUBDOMAIN}
DATABASE_URL: postgres://${YNT_DB_USER}:${YNT_DB_PASSWORD}@postgres:5432/${YNT_DB_NAME}
OIDC_CLIENT_ID: yonote
OIDC_CLIENT_SECRET: ${KC_CLIENT_SECRET}
OIDC_AUTH_URI: ${KC_YNT_URL}/realms/yonote/protocol/openid-connect/auth
OIDC_TOKEN_URI: ${KC_YNT_INTERNAL_URL}/realms/yonote/protocol/openid-connect/token
OIDC_USERINFO_URI: ${KC_YNT_INTERNAL_URL}/realms/yonote/protocol/openid-connect/userinfo
OIDC_LOGOUT_URI: ${KC_YNT_URL}/realms/yonote/protocol/openid-connect/logout
AWS_S3_UPLOAD_BUCKET_URL: ${MINIO_YNT_URL}
AWS_ACCESS_KEY_ID: ${MINIO_ACCESS_KEY_ID}
AWS_SECRET_ACCESS_KEY: ${MINIO_SECRET_ACCESS_KEY}
AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket
AWS_REGION: xx-xxxx-x
TELEGRAM_API_URL: https://api.telegram.org
OIDC_DISPLAY_NAME: email
OIDC_SCOPES: openid email
REDIS_URL: redis://redis:6379
PGSSLMODE: disable
USE_LEGACY_LOGOUT: true
AWS_S3_FORCE_PATH_STYLE: true
AWS_S3_ACL: private
NODE_TLS_REJECT_UNAUTHORIZED: 0
SUBDOMAINS_ENABLED: true
volumes:
- ./License.key:/opt/yonote/License.key
networks:
- yonote-network
external_links:
- "nginx:${KC_YNT_HOST}"
redis:
container_name: redis
image: redis:7-alpine
restart: unless-stopped
user: "redis:redis"
networks:
- yonote-network
postgres:
container_name: postgres
image: postgres:14
restart: unless-stopped
environment:
POSTGRES_DB: ${YNT_DB_NAME}
POSTGRES_USER: ${YNT_DB_USER}
POSTGRES_PASSWORD: ${YNT_DB_PASSWORD}
KC_DB_USERNAME: ${KC_DB_USERNAME}
KC_DB_PASSWORD: ${KC_DB_PASSWORD}
user: "postgres:postgres"
volumes:
- ./db-data:/var/lib/postgresql/data
- ./postgres/init-keycloak-db.sh:/docker-entrypoint-initdb.d/init-keycloak-db.sh
networks:
- yonote-network
s3:
container_name: minio
image: minio/minio:RELEASE.2022-08-26T19-53-15Z
restart: unless-stopped
environment:
MINIO_ROOT_USER: ${MINIO_ADMIN_USERNAME}
MINIO_ROOT_PASSWORD: ${MINIO_ADMIN_PASSWORD}
MINIO_BROWSER_REDIRECT_URL: ${MINIO_ADMIN_YNT_URL}
command: server --address :9000 --console-address :9001 /data
ports:
- "9000"
- "9001"
volumes:
- ./s3-data:/data
# - minio:/data
networks:
- yonote-network
s3-client:
container_name: minio-client
image: minio/mc:RELEASE.2022-08-28T20-08-11Z
volumes:
- ./minio:/tmp/policies
environment:
MINIO_ACCESS_KEY_ID: ${MINIO_ACCESS_KEY_ID}
MINIO_SECRET_ACCESS_KEY: ${MINIO_SECRET_ACCESS_KEY}
MINIO_ADMIN_USERNAME: ${MINIO_ADMIN_USERNAME}
MINIO_ADMIN_PASSWORD: ${MINIO_ADMIN_PASSWORD}
entrypoint: >
/bin/sh -c "
/usr/bin/mc config host add myminio http://minio:9000 ${MINIO_ADMIN_USERNAME} ${MINIO_ADMIN_PASSWORD};
/usr/bin/mc mb myminio/yonote-bucket;
/usr/bin/mc policy set-json /tmp/policies/minio-bucket-policy.json myminio/yonote-bucket;
/usr/bin/mc admin user add myminio ${MINIO_ACCESS_KEY_ID} ${MINIO_SECRET_ACCESS_KEY};
/usr/bin/mc admin policy add myminio yonote-policy /tmp/policies/minio-user-policy.json;
/usr/bin/mc admin policy set myminio yonote-policy user=${MINIO_ACCESS_KEY_ID};
exit 0;
"
networks:
- yonote-network
depends_on:
- nginx
keycloak:
container_name: keycloak
image: images.updates.yonote.ru/yonote-keycloak:${AUTH_VERSION}
ports:
- "8080"
environment:
KC_HOSTNAME: ${KC_YNT_HOST}
KC_HOSTNAME_PORT: ${KC_YNT_EXTERNAL_PORT}
OIDC_CLIENT_SECRET: ${KC_CLIENT_SECRET}
YNT_HTTP_PROTOCOL: ${YNT_HTTP_PROTOCOL}
BASENAME_FOR_SUBDOMAIN: app.${BASENAME_FOR_SUBDOMAIN}
KEYCLOAK_ADMIN: ${KC_USERNAME}
KEYCLOAK_ADMIN_PASSWORD: ${KC_PASSWORD}
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
KC_DB_USERNAME: ${KC_DB_USERNAME}
KC_DB_PASSWORD: ${KC_DB_PASSWORD}
KC_PROXY_ADDRESS_FORWARDING: true
PROXY_ADDRESS_FORWARDING: true
KC_PROXY: edge
KC_HOSTNAME_STRICT: false
command: start --spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true --import-realm
networks:
- yonote-network
depends_on:
- postgres
nginx:
container_name: nginx
image: nginx
ports:
- 80:80
- 443:443
environment:
BASENAME_FOR_SUBDOMAIN: ${BASENAME_FOR_SUBDOMAIN}
MINIO_YNT_HOST: ${MINIO_YNT_HOST}
MINIO_ADMIN_YNT_HOST: ${MINIO_ADMIN_YNT_HOST}
KC_YNT_HOST: ${KC_YNT_HOST}
DOLLAR: "$"
volumes:
- ./nginx/default.conf.tmpl:/etc/nginx/conf.d/default.conf.tmpl
- ./nginx/server.crt.pem:/etc/nginx/ssl/server.crt.pem
- ./nginx/server.key.pem:/etc/nginx/ssl/server.key.pem
networks:
yonote-network:
depends_on:
- postgres
- redis
- keycloak
- s3
- yonote
command: /bin/bash -c "envsubst < /etc/nginx/conf.d/default.conf.tmpl > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
networks:
yonote-network:
name: yonote-internal-network
volumes:
db:
minio: