Merge pull request #1844 from Lithimlin/develop

Update production templates
This commit is contained in:
David Négrier 2022-02-10 17:34:47 +01:00 committed by GitHub
commit e6e99c1911
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 172 additions and 60 deletions

View File

@ -1,20 +1,118 @@
# Security
#
SECRET_KEY=
ADMIN_API_TOKEN=
#
# Networking
#
# The base domain # The base domain
DOMAIN=workadventure.localhost DOMAIN=workadventure.localhost
DEBUG_MODE=false # Subdomains
# MUST match the DOMAIN variable above
FRONT_HOST=front.workadventure.localhost
PUSHER_HOST=pusher.workadventure.localhost
BACK_HOST=api.workadventure.localhost
MAPS_HOST=maps.workadventure.localhost
ICON_HOST=icon.workadventure.localhost
# SAAS admin panel
ADMIN_API_URL=
#
# Basic configuration
#
# The directory to store data in
DATA_DIR=./wa
# The URL used by default, in the form: "/_/global/map/url.json"
START_ROOM_URL=/_/global/maps.workadventu.re/Floor0/floor0.json
# If you want to have a contact page in your menu,
# you MUST set CONTACT_URL to the URL of the page that you want
CONTACT_URL=
MAX_PER_GROUP=4
MAX_USERNAME_LENGTH=8
DISABLE_ANONYMOUS=false
# The version of the docker image to use
# MUST uncomment "image" keys in the docker-compose file for it to be effective
VERSION=master
TZ=Europe/Paris
#
# Jitsi
#
JITSI_URL=meet.jit.si JITSI_URL=meet.jit.si
# If your Jitsi environment has authentication set up, you MUST set JITSI_PRIVATE_MODE to "true" and you MUST pass a SECRET_JITSI_KEY to generate the JWT secret # If your Jitsi environment has authentication set up,
# you MUST set JITSI_PRIVATE_MODE to "true"
# and you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
JITSI_PRIVATE_MODE=false JITSI_PRIVATE_MODE=false
JITSI_ISS= JITSI_ISS=
SECRET_JITSI_KEY= SECRET_JITSI_KEY=
#
# Turn/Stun
#
# URL of the TURN server (needed to "punch a hole" through some networks for P2P connections) # URL of the TURN server (needed to "punch a hole" through some networks for P2P connections)
TURN_SERVER= TURN_SERVER=
TURN_USER= TURN_USER=
TURN_PASSWORD= TURN_PASSWORD=
# If your Turn server is configured to use the Turn REST API, you MUST put the shared auth secret here.
# If you are using Coturn, this is the value of the "static-auth-secret" parameter in your coturn config file.
# Keep empty if you are sharing hard coded / clear text credentials.
TURN_STATIC_AUTH_SECRET=
# URL of the STUN server
STUN_SERVER=
# The URL used by default, in the form: "/_/global/map/url.json" #
START_ROOM_URL=/_/global/maps.workadventu.re/Floor0/floor0.json # Certificate config
#
# The email address used by Let's encrypt to send renewal warnings (compulsory) # The email address used by Let's encrypt to send renewal warnings (compulsory)
ACME_EMAIL= ACME_EMAIL=
#
# Additional app configs
# Configuration for apps which are not workadventure itself
#
# openID
OPID_CLIENT_ID=
OPID_CLIENT_SECRET=
OPID_CLIENT_ISSUER=
OPID_CLIENT_REDIRECT_URL=
OPID_LOGIN_SCREEN_PROVIDER=http://pusher.workadventure.localhost/login-screen
OPID_PROFILE_SCREEN_PROVIDER=
#
# Advanced configuration
# Generally does not need to be changed
#
# Networking
HTTP_PORT=80
HTTPS_PORT=443
# Workadventure settings
DISABLE_NOTIFICATIONS=false
SKIP_RENDER_OPTIMIZATIONS=false
STORE_VARIABLES_FOR_LOCAL_MAPS=true
# Debugging options
DEBUG_MODE=false
LOG_LEVEL=WARN
# Internal URLs
API_URL=back:50051
RESTART_POLICY=unless-stopped

View File

@ -1,114 +1,128 @@
version: "3.3" version: "3.5"
services: services:
reverse-proxy: reverse-proxy:
image: traefik:v2.3 image: traefik:v2.6
command: command:
- --log.level=WARN - --log.level=${LOG_LEVEL}
#- --api.insecure=true
- --providers.docker - --providers.docker
- --entryPoints.web.address=:80 # Entry points
- --entryPoints.web.address=:${HTTP_PORT}
- --entrypoints.web.http.redirections.entryPoint.to=websecure - --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https - --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entryPoints.websecure.address=:443 - --entryPoints.websecure.address=:${HTTPS_PORT}
# HTTP challenge
- --certificatesresolvers.myresolver.acme.email=${ACME_EMAIL} - --certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}
- --certificatesresolvers.myresolver.acme.storage=/acme.json - --certificatesresolvers.myresolver.acme.storage=/acme.json
# used during the challenge
- --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
# Let's Encrypt's staging server
# uncomment during testing to avoid rate limiting
#- --certificatesresolvers.dnsresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
ports: ports:
- "80:80" - "${HTTP_PORT}:80"
- "443:443" - "${HTTPS_PORT}:443"
# The Web UI (enabled by --api.insecure=true)
#- "8080:8080"
depends_on:
- pusher
- front
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- ./acme.json:/acme.json - ${DATA_DIR}/letsencrypt/acme.json:/acme.json
restart: unless-stopped restart: ${RESTART_POLICY}
front: front:
build: build:
context: ../.. context: ../..
dockerfile: front/Dockerfile dockerfile: front/Dockerfile
#image: thecodingmachine/workadventure-front:master #image: thecodingmachine/workadventure-front:${VERSION}
environment: environment:
DEBUG_MODE: "$DEBUG_MODE" - DEBUG_MODE
JITSI_URL: $JITSI_URL - JITSI_URL
JITSI_PRIVATE_MODE: "$JITSI_PRIVATE_MODE" - JITSI_PRIVATE_MODE
PUSHER_URL: //pusher.${DOMAIN} - PUSHER_URL=//${PUSHER_HOST}
ICON_URL: //icon.${DOMAIN} - ICON_URL=//${ICON_HOST}
TURN_SERVER: "${TURN_SERVER}" - TURN_SERVER
TURN_USER: "${TURN_USER}" - TURN_USER
TURN_PASSWORD: "${TURN_PASSWORD}" - TURN_PASSWORD
START_ROOM_URL: "${START_ROOM_URL}" - TURN_STATIC_AUTH_SECRET
- STUN_SERVER
- START_ROOM_URL
- SKIP_RENDER_OPTIMIZATIONS
- MAX_PER_GROUP
- MAX_USERNAME_LENGTH
- DISABLE_ANONYMOUS
- DISABLE_NOTIFICATIONS
labels: labels:
- "traefik.http.routers.front.rule=Host(`play.${DOMAIN}`)" - "traefik.http.routers.front.rule=Host(`${FRONT_HOST}`)"
- "traefik.http.routers.front.entryPoints=web,traefik" - "traefik.http.routers.front.entryPoints=web"
- "traefik.http.services.front.loadbalancer.server.port=80" - "traefik.http.services.front.loadbalancer.server.port=80"
- "traefik.http.routers.front-ssl.rule=Host(`play.${DOMAIN}`)" - "traefik.http.routers.front-ssl.rule=Host(`${FRONT_HOST}`)"
- "traefik.http.routers.front-ssl.entryPoints=websecure" - "traefik.http.routers.front-ssl.entryPoints=websecure"
- "traefik.http.routers.front-ssl.tls=true"
- "traefik.http.routers.front-ssl.service=front" - "traefik.http.routers.front-ssl.service=front"
- "traefik.http.routers.front-ssl.tls=true"
- "traefik.http.routers.front-ssl.tls.certresolver=myresolver" - "traefik.http.routers.front-ssl.tls.certresolver=myresolver"
restart: unless-stopped restart: ${RESTART_POLICY}
pusher: pusher:
build: build:
context: ../.. context: ../..
dockerfile: pusher/Dockerfile dockerfile: pusher/Dockerfile
#image: thecodingmachine/workadventure-pusher:master #image: thecodingmachine/workadventure-pusher:${VERSION}
command: yarn run runprod command: yarn run runprod
environment: environment:
SECRET_JITSI_KEY: "$SECRET_JITSI_KEY" - SECRET_JITSI_KEY
SECRET_KEY: yourSecretKey - SECRET_KEY
API_URL: back:50051 - API_URL
JITSI_URL: $JITSI_URL - FRONT_URL=https://${FRONT_HOST}
JITSI_ISS: $JITSI_ISS - JITSI_URL
FRONT_URL: https://play.${DOMAIN} - JITSI_ISS
- DISABLE_ANONYMOUS
labels: labels:
- "traefik.http.routers.pusher.rule=Host(`pusher.${DOMAIN}`)" - "traefik.http.routers.pusher.rule=Host(`${PUSHER_HOST}`)"
- "traefik.http.routers.pusher.entryPoints=web,traefik" - "traefik.http.routers.pusher.entryPoints=web"
- "traefik.http.services.pusher.loadbalancer.server.port=8080" - "traefik.http.services.pusher.loadbalancer.server.port=8080"
- "traefik.http.routers.pusher-ssl.rule=Host(`pusher.${DOMAIN}`)" - "traefik.http.routers.pusher-ssl.rule=Host(${PUSHER_HOST}`)"
- "traefik.http.routers.pusher-ssl.entryPoints=websecure" - "traefik.http.routers.pusher-ssl.entryPoints=websecure"
- "traefik.http.routers.pusher-ssl.tls=true"
- "traefik.http.routers.pusher-ssl.service=pusher" - "traefik.http.routers.pusher-ssl.service=pusher"
- "traefik.http.routers.pusher-ssl.tls=true"
- "traefik.http.routers.pusher-ssl.tls.certresolver=myresolver" - "traefik.http.routers.pusher-ssl.tls.certresolver=myresolver"
restart: unless-stopped restart: ${RESTART_POLICY}
back: back:
build: build:
context: ../.. context: ../..
dockerfile: back/Dockerfile dockerfile: back/Dockerfile
#image: thecodingmachine/workadventure-back:master #image: thecodingmachine/workadventure-back:${VERSION}
command: yarn run runprod command: yarn run runprod
environment: environment:
SECRET_JITSI_KEY: "$SECRET_JITSI_KEY" - SECRET_JITSI_KEY
ADMIN_API_TOKEN: "$ADMIN_API_TOKEN" - SECRET_KEY
ADMIN_API_URL: "$ADMIN_API_URL" - ADMIN_API_TOKEN
JITSI_URL: $JITSI_URL - ADMIN_API_URL
JITSI_ISS: $JITSI_ISS - TURN_SERVER
- TURN_USER
- TURN_PASSWORD
- TURN_STATIC_AUTH_SECRET
- STUN_SERVER
- JITSI_URL
- JITSI_ISS
- MAX_PER_GROUP
- STORE_VARIABLES_FOR_LOCAL_MAPS
labels: labels:
- "traefik.http.routers.back.rule=Host(`api.${DOMAIN}`)" - "traefik.http.routers.back.rule=Host(`${BACK_HOST}`)"
- "traefik.http.routers.back.entryPoints=web" - "traefik.http.routers.back.entryPoints=web"
- "traefik.http.services.back.loadbalancer.server.port=8080" - "traefik.http.services.back.loadbalancer.server.port=8080"
- "traefik.http.routers.back-ssl.rule=Host(`api.${DOMAIN}`)" - "traefik.http.routers.back-ssl.rule=Host(`${BACK_HOST}`)"
- "traefik.http.routers.back-ssl.entryPoints=websecure" - "traefik.http.routers.back-ssl.entryPoints=websecure"
- "traefik.http.routers.back-ssl.tls=true"
- "traefik.http.routers.back-ssl.service=back" - "traefik.http.routers.back-ssl.service=back"
- "traefik.http.routers.back-ssl.tls=true"
- "traefik.http.routers.back-ssl.tls.certresolver=myresolver" - "traefik.http.routers.back-ssl.tls.certresolver=myresolver"
restart: unless-stopped restart: ${RESTART_POLICY}
icon: icon:
image: matthiasluedtke/iconserver:v3.13.0 image: matthiasluedtke/iconserver:v3.13.0
labels: labels:
- "traefik.http.routers.icon.rule=Host(`icon.${DOMAIN}`)" - "traefik.http.routers.icon.rule=Host(`${ICON_HOST}`)"
- "traefik.http.routers.icon.entryPoints=web,traefik" - "traefik.http.routers.icon.entryPoints=web,traefik"
- "traefik.http.services.icon.loadbalancer.server.port=8080" - "traefik.http.services.icon.loadbalancer.server.port=8080"
- "traefik.http.routers.icon-ssl.rule=Host(`icon.${DOMAIN}`)" - "traefik.http.routers.icon-ssl.rule=Host(`${ICON_HOST}`)"
- "traefik.http.routers.icon-ssl.entryPoints=websecure" - "traefik.http.routers.icon-ssl.entryPoints=websecure"
- "traefik.http.routers.icon-ssl.tls=true"
- "traefik.http.routers.icon-ssl.service=icon" - "traefik.http.routers.icon-ssl.service=icon"
- "traefik.http.routers.icon-ssl.tls=true"
- "traefik.http.routers.icon-ssl.tls.certresolver=myresolver" - "traefik.http.routers.icon-ssl.tls.certresolver=myresolver"