version: '3.8'
x-app-common: &jitsi_admin_app
image: h2invent/jitsi-admin-main:latest
# build: .
environment:
APACHE_DOCUMENT_ROOT: "public/"
PHP_EXTENSION_XDEBUG: "1"
PHP_INI_MEMORY_LIMIT: "1G"
PHP_EXTENSION_LDAP: 1
PHP_EXTENSION_INTL: 1
services:
traefik-ja:
image: "traefik:v2.5"
env_file:
- ./.env
- ./.env.local
- ./.env.custom
command:
#- "--log.level=DEBUG"
- "--api.insecure=false"
- "--providers.docker=true"
#- "--api.dashboard=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.unsecure.address=:80"
- "--entrypoints.web.address=:443"
# Global HTTP -> HTTPS
- "--entrypoints.unsecure.http.redirections.entryPoint.to=web"
- "--entrypoints.unsecure.http.redirections.entryPoint.scheme=https"
# SSL configuration
- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=unsecure"
- "--certificatesresolvers.letsencrypt.acme.email=${registerEmailAdress}"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
labels:
- "traefik.enable=true"
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=unsecure"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.traefik-ja.rule=Host(`traefik.${PUBLIC_URL}`)"
- "traefik.http.routers.traefik-ja.entrypoints=web"
- "traefik.http.routers.traefik-ja.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik-ja.service=api@internal"
- "traefik.http.routers.traefik-ja.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/" # test:test
networks:
- external
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- ./data/letsencrypt:/letsencrypt
- ./tools/traefik/config.yml:/etc/traefik/dynamic_conf/conf.yml:ro
#Here is the websocket hub
websocket-ja:
hostname: websocket-ja
image: h2invent/jitsi-admin-websocket:latest
# build: nodejs
restart: unless-stopped
depends_on:
- traefik-ja
env_file:
- ./.env
- ./.env.local
- ./.env.custom
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/healthz"]
interval: 10s
retries: 5
timeout: 10s
start_period: 10s
labels:
- "traefik.enable=true"
- "traefik.http.routers.websocket-ja.rule=Host(`${PUBLIC_URL}`) && PathPrefix(`/ws`)"
- "traefik.http.routers.websocket-ja.entrypoints=web"
- "traefik.http.routers.websocket-ja.tls=true"
- "traefik.http.services.websocket-ja.loadbalancer.server.port=3000"
- "traefik.http.routers.websocket-ja.tls.certresolver=letsencrypt"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=http"
- "traefik.http.routers.app-secure.middlewares=sslheader@docker"
networks:
- external
- internal
volumes:
- caddy_data:/data
- caddy_config:/config
#Here is the Jitsi-Admin app
app-ja:
<<: *jitsi_admin_app
depends_on:
db-ja:
condition: service_healthy
restart: unless-stopped
healthcheck:
test: [ "CMD", "curl", "-s", "-f", "-i", "http://localhost:80/health/check" ]
interval: 20s
timeout: 10s
start_period: 30s
retries: 10
env_file:
- ./.env
- ./.env.local
- ./.env.custom
environment:
APACHE_DOCUMENT_ROOT: "public/"
PHP_EXTENSION_XDEBUG: "1"
PHP_INI_MEMORY_LIMIT: "1G"
PHP_EXTENSION_LDAP: 1
PHP_EXTENSION_INTL: 1
PHP_INI_UPLOAD_MAX_FILESIZE: 8M
PHP_INI_POST_MAX_SIZE: 8M
MAILER_TRANSPORT: smtp
OAUTH_KEYCLOAK_CLIENT_ID: jitsiadmin
OAUTH_KEYCLOAK_REALM: jitsiadmin
input_settings_allow_timezone: 1
allowTimeZoneSwitch: 1
CRON_USER_1: root
CRON_SCHEDULE_1: "* * * * *"
CRON_COMMAND_1: "php /var/www/html/bin/console cron:run"
labels:
- "traefik.enable=true"
- "traefik.http.routers.app-ja.tls=true"
- "traefik.http.routers.app-ja.rule=Host(`${PUBLIC_URL}`)"
- "traefik.http.routers.app-ja.entrypoints=web"
- "traefik.http.services.app-ja.loadbalancer.server.port=80"
- "traefik.http.routers.app-ja.tls.certresolver=letsencrypt"
- "traefik.http.services.app-ja.loadbalancer.sticky=true"
- "traefik.http.services.app-ja.loadbalancer.sticky.cookie.name=jad"
- "traefik.http.services.app-ja.loadbalancer.sticky.cookie.secure=true"
volumes:
- theme_data:/var/www/html/theme
- image_upload:/var/www/html/public/uploads/images
- theme_assests_data:/var/www/html/public/theme
networks:
- external
- internal
app-queu:
<<: *jitsi_admin_app
restart: unless-stopped
deploy:
mode: replicated
replicas: 2
env_file:
- ./.env
- ./.env.local
- ./.env.custom
depends_on:
app-ja:
condition: service_healthy
command: php /var/www/html/bin/console messenger:consume async --memory-limit=126m
volumes:
- theme_data:/var/www/html/theme
networks:
- internal
db-ja:
image: mariadb:latest
hostname: db-ja
healthcheck:
test: [ "CMD", "mariadb-admin" ,"ping", "-h", "localhost","-ptest" ]
timeout: 20s
retries: 10
env_file:
- ./.env
- ./.env.local
- ./.env.custom
restart: unless-stopped
environment:
MARIADB_ROOT_PASSWORD: test
volumes:
- mariadb:/var/lib/mysql
- ./docker/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
networks:
- internal
keycloak-ja:
image: quay.io/keycloak/keycloak:22.0.3
depends_on:
app-ja:
condition: service_healthy
env_file:
- ./.env
- ./.env.local
- ./.env.custom
environment:
KEYCLOAK_ADMIN: admin
KC_DB: mariadb
KC_DB_USERNAME: keycloak
KC_HTTP_RELATIVE_PATH: /keycloak
KC_PROXY: passthrough
restart: unless-stopped
command:
- start-dev
- --import-realm
labels:
- "traefik.enable=true"
- "traefik.http.routers.keycloak-ja.tls=true"
- "traefik.http.routers.keycloak-ja.rule=Host(`${PUBLIC_URL}`) && PathPrefix(`/keycloak`)"
- "traefik.http.routers.keycloak-ja.entrypoints=web"
- "traefik.http.services.keycloak-ja.loadbalancer.server.port=8080"
- "traefik.http.routers.keycloak-ja.tls.certresolver=letsencrypt"
volumes:
- ./docker/keycloak/:/opt/keycloak/data/import
networks:
- external
- internal
networks:
external:
internal:
volumes:
mariadb:
caddy_data:
caddy_config:
image_upload:
theme_data:
theme_assests_data: