version: '3.8' services: traefik-ja: image: "traefik:v2.5" command: - "--log.level=DEBUG" - "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--entrypoints.unsecure.address=:80" # Global HTTPS - "--entrypoints.web.address=:443" - "--entrypoints.unsecure.http.redirections.entryPoint.to=web" - "--entrypoints.unsecure.http.redirections.entryPoint.scheme=https" # SSL configuration - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=unsecure" - "--certificatesresolvers.letsencrypt.acme.email=webmaster@odc-master.de" - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" networks: - external restart: unless-stopped ports: - "80:80" - "443:443" volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" - ./data/letsencrypt:/letsencrypt - ./tools/traefik/config.yml:/etc/traefik/dynamic_conf/conf.yml:ro websocket-ja: hostname: websocket-ja image: git.h2-invent.com/meetling/websocket: restart: unless-stopped depends_on: - traefik-ja env_file: - ./.env - ./.env.local - ./.env.custom healthcheck: test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/healthz"] interval: 10s retries: 5 timeout: 10s start_period: 10s labels: - "traefik.enable=true" - "traefik.http.routers.websocket-ja.rule=Host(``) && PathPrefix(`/ws`)" - "traefik.http.routers.websocket-ja.entrypoints=web" - "traefik.http.routers.websocket-ja.tls=true" - "traefik.http.routers.websocket-ja.tls.certresolver=letsencrypt" - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=http" - "traefik.http.routers.app-secure.middlewares=sslheader@docker" networks: - external - internal volumes: - caddy_data:/data - caddy_config:/config #Here is the Jitsi-Admin app app-ja: image: git.h2-invent.com/meetling/application: restart: unless-stopped depends_on: db-ja: condition: service_healthy env_file: - ./.env - ./.env.local - ./.env.custom volumes: - theme_data:/var/www/html/theme - image_upload:/var/www/html/public/uploads/images - theme_assests_data:/var/www/html/public/theme - recording_uploads:/var/www/html/data/recording networks: - external - internal labels: - "traefik.enable=true" - "traefik.http.routers.app-ja.tls=true" - "traefik.http.routers.app-ja.rule=Host(``)" - "traefik.http.routers.app-ja.entrypoints=web" - "traefik.http.routers.app-ja.tls.certresolver=letsencrypt" db-ja: image: mariadb:latest hostname: db-ja healthcheck: test: [ "CMD", "mariadb-admin" ,"ping", "-h", "localhost","-ptest" ] timeout: 20s retries: 10 env_file: - ./.env - ./.env.local - ./.env.custom restart: unless-stopped environment: MARIADB_ROOT_PASSWORD: test volumes: - mariadb:/var/lib/mysql - ./mysql-initdb:/docker-entrypoint-initdb.d networks: - internal keycloak-ja: image: quay.io/keycloak/keycloak:22.0.3 depends_on: app-ja: condition: service_healthy env_file: - ./.env - ./.env.local - ./.env.custom environment: KEYCLOAK_ADMIN: admin KC_DB: mariadb KC_DB_USERNAME: keycloak KC_HTTP_RELATIVE_PATH: /keycloak KC_PROXY: passthrough restart: unless-stopped command: - start-dev - --import-realm labels: - "traefik.enable=true" - "traefik.http.routers.keycloak-ja.tls=true" - "traefik.http.routers.keycloak-ja.rule=Host(``) && PathPrefix(`/keycloak`)" - "traefik.http.routers.keycloak-ja.entrypoints=web" - "traefik.http.routers.keycloak-ja.tls.certresolver=letsencrypt" - "traefik.http.services.keycloak-ja.loadbalancer.server.port=8080" volumes: - ./keycloak/:/opt/keycloak/data/import networks: - external - internal networks: external: internal: volumes: mariadb: caddy_data: caddy_config: image_upload: theme_data: theme_assests_data: recording_uploads: