Merge pull request #1844 from Lithimlin/develop
Update production templates
This commit is contained in:
commit
e6e99c1911
@ -1,20 +1,118 @@
|
|||||||
|
# Security
|
||||||
|
#
|
||||||
|
|
||||||
|
SECRET_KEY=
|
||||||
|
ADMIN_API_TOKEN=
|
||||||
|
|
||||||
|
#
|
||||||
|
# Networking
|
||||||
|
#
|
||||||
|
|
||||||
# The base domain
|
# The base domain
|
||||||
DOMAIN=workadventure.localhost
|
DOMAIN=workadventure.localhost
|
||||||
|
|
||||||
DEBUG_MODE=false
|
# Subdomains
|
||||||
|
# MUST match the DOMAIN variable above
|
||||||
|
FRONT_HOST=front.workadventure.localhost
|
||||||
|
PUSHER_HOST=pusher.workadventure.localhost
|
||||||
|
BACK_HOST=api.workadventure.localhost
|
||||||
|
MAPS_HOST=maps.workadventure.localhost
|
||||||
|
ICON_HOST=icon.workadventure.localhost
|
||||||
|
|
||||||
|
# SAAS admin panel
|
||||||
|
ADMIN_API_URL=
|
||||||
|
|
||||||
|
#
|
||||||
|
# Basic configuration
|
||||||
|
#
|
||||||
|
|
||||||
|
# The directory to store data in
|
||||||
|
DATA_DIR=./wa
|
||||||
|
|
||||||
|
# The URL used by default, in the form: "/_/global/map/url.json"
|
||||||
|
START_ROOM_URL=/_/global/maps.workadventu.re/Floor0/floor0.json
|
||||||
|
|
||||||
|
# If you want to have a contact page in your menu,
|
||||||
|
# you MUST set CONTACT_URL to the URL of the page that you want
|
||||||
|
CONTACT_URL=
|
||||||
|
|
||||||
|
MAX_PER_GROUP=4
|
||||||
|
MAX_USERNAME_LENGTH=8
|
||||||
|
DISABLE_ANONYMOUS=false
|
||||||
|
|
||||||
|
# The version of the docker image to use
|
||||||
|
# MUST uncomment "image" keys in the docker-compose file for it to be effective
|
||||||
|
VERSION=master
|
||||||
|
|
||||||
|
TZ=Europe/Paris
|
||||||
|
|
||||||
|
#
|
||||||
|
# Jitsi
|
||||||
|
#
|
||||||
|
|
||||||
JITSI_URL=meet.jit.si
|
JITSI_URL=meet.jit.si
|
||||||
# If your Jitsi environment has authentication set up, you MUST set JITSI_PRIVATE_MODE to "true" and you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
|
# If your Jitsi environment has authentication set up,
|
||||||
|
# you MUST set JITSI_PRIVATE_MODE to "true"
|
||||||
|
# and you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
|
||||||
JITSI_PRIVATE_MODE=false
|
JITSI_PRIVATE_MODE=false
|
||||||
JITSI_ISS=
|
JITSI_ISS=
|
||||||
SECRET_JITSI_KEY=
|
SECRET_JITSI_KEY=
|
||||||
|
|
||||||
|
#
|
||||||
|
# Turn/Stun
|
||||||
|
#
|
||||||
|
|
||||||
# URL of the TURN server (needed to "punch a hole" through some networks for P2P connections)
|
# URL of the TURN server (needed to "punch a hole" through some networks for P2P connections)
|
||||||
TURN_SERVER=
|
TURN_SERVER=
|
||||||
TURN_USER=
|
TURN_USER=
|
||||||
TURN_PASSWORD=
|
TURN_PASSWORD=
|
||||||
|
# If your Turn server is configured to use the Turn REST API, you MUST put the shared auth secret here.
|
||||||
|
# If you are using Coturn, this is the value of the "static-auth-secret" parameter in your coturn config file.
|
||||||
|
# Keep empty if you are sharing hard coded / clear text credentials.
|
||||||
|
TURN_STATIC_AUTH_SECRET=
|
||||||
|
# URL of the STUN server
|
||||||
|
STUN_SERVER=
|
||||||
|
|
||||||
# The URL used by default, in the form: "/_/global/map/url.json"
|
#
|
||||||
START_ROOM_URL=/_/global/maps.workadventu.re/Floor0/floor0.json
|
# Certificate config
|
||||||
|
#
|
||||||
|
|
||||||
# The email address used by Let's encrypt to send renewal warnings (compulsory)
|
# The email address used by Let's encrypt to send renewal warnings (compulsory)
|
||||||
ACME_EMAIL=
|
ACME_EMAIL=
|
||||||
|
|
||||||
|
#
|
||||||
|
# Additional app configs
|
||||||
|
# Configuration for apps which are not workadventure itself
|
||||||
|
#
|
||||||
|
|
||||||
|
# openID
|
||||||
|
OPID_CLIENT_ID=
|
||||||
|
OPID_CLIENT_SECRET=
|
||||||
|
OPID_CLIENT_ISSUER=
|
||||||
|
OPID_CLIENT_REDIRECT_URL=
|
||||||
|
OPID_LOGIN_SCREEN_PROVIDER=http://pusher.workadventure.localhost/login-screen
|
||||||
|
OPID_PROFILE_SCREEN_PROVIDER=
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Advanced configuration
|
||||||
|
# Generally does not need to be changed
|
||||||
|
#
|
||||||
|
|
||||||
|
# Networking
|
||||||
|
HTTP_PORT=80
|
||||||
|
HTTPS_PORT=443
|
||||||
|
|
||||||
|
# Workadventure settings
|
||||||
|
DISABLE_NOTIFICATIONS=false
|
||||||
|
SKIP_RENDER_OPTIMIZATIONS=false
|
||||||
|
STORE_VARIABLES_FOR_LOCAL_MAPS=true
|
||||||
|
|
||||||
|
# Debugging options
|
||||||
|
DEBUG_MODE=false
|
||||||
|
LOG_LEVEL=WARN
|
||||||
|
|
||||||
|
# Internal URLs
|
||||||
|
API_URL=back:50051
|
||||||
|
|
||||||
|
RESTART_POLICY=unless-stopped
|
||||||
|
@ -1,114 +1,128 @@
|
|||||||
version: "3.3"
|
version: "3.5"
|
||||||
services:
|
services:
|
||||||
reverse-proxy:
|
reverse-proxy:
|
||||||
image: traefik:v2.3
|
image: traefik:v2.6
|
||||||
command:
|
command:
|
||||||
- --log.level=WARN
|
- --log.level=${LOG_LEVEL}
|
||||||
#- --api.insecure=true
|
|
||||||
- --providers.docker
|
- --providers.docker
|
||||||
- --entryPoints.web.address=:80
|
# Entry points
|
||||||
|
- --entryPoints.web.address=:${HTTP_PORT}
|
||||||
- --entrypoints.web.http.redirections.entryPoint.to=websecure
|
- --entrypoints.web.http.redirections.entryPoint.to=websecure
|
||||||
- --entrypoints.web.http.redirections.entryPoint.scheme=https
|
- --entrypoints.web.http.redirections.entryPoint.scheme=https
|
||||||
- --entryPoints.websecure.address=:443
|
- --entryPoints.websecure.address=:${HTTPS_PORT}
|
||||||
|
# HTTP challenge
|
||||||
- --certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}
|
- --certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}
|
||||||
- --certificatesresolvers.myresolver.acme.storage=/acme.json
|
- --certificatesresolvers.myresolver.acme.storage=/acme.json
|
||||||
# used during the challenge
|
|
||||||
- --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
|
- --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
|
||||||
|
# Let's Encrypt's staging server
|
||||||
|
# uncomment during testing to avoid rate limiting
|
||||||
|
#- --certificatesresolvers.dnsresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
ports:
|
ports:
|
||||||
- "80:80"
|
- "${HTTP_PORT}:80"
|
||||||
- "443:443"
|
- "${HTTPS_PORT}:443"
|
||||||
# The Web UI (enabled by --api.insecure=true)
|
|
||||||
#- "8080:8080"
|
|
||||||
depends_on:
|
|
||||||
- pusher
|
|
||||||
- front
|
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
- ./acme.json:/acme.json
|
- ${DATA_DIR}/letsencrypt/acme.json:/acme.json
|
||||||
restart: unless-stopped
|
restart: ${RESTART_POLICY}
|
||||||
|
|
||||||
|
|
||||||
front:
|
front:
|
||||||
build:
|
build:
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: front/Dockerfile
|
dockerfile: front/Dockerfile
|
||||||
#image: thecodingmachine/workadventure-front:master
|
#image: thecodingmachine/workadventure-front:${VERSION}
|
||||||
environment:
|
environment:
|
||||||
DEBUG_MODE: "$DEBUG_MODE"
|
- DEBUG_MODE
|
||||||
JITSI_URL: $JITSI_URL
|
- JITSI_URL
|
||||||
JITSI_PRIVATE_MODE: "$JITSI_PRIVATE_MODE"
|
- JITSI_PRIVATE_MODE
|
||||||
PUSHER_URL: //pusher.${DOMAIN}
|
- PUSHER_URL=//${PUSHER_HOST}
|
||||||
ICON_URL: //icon.${DOMAIN}
|
- ICON_URL=//${ICON_HOST}
|
||||||
TURN_SERVER: "${TURN_SERVER}"
|
- TURN_SERVER
|
||||||
TURN_USER: "${TURN_USER}"
|
- TURN_USER
|
||||||
TURN_PASSWORD: "${TURN_PASSWORD}"
|
- TURN_PASSWORD
|
||||||
START_ROOM_URL: "${START_ROOM_URL}"
|
- TURN_STATIC_AUTH_SECRET
|
||||||
|
- STUN_SERVER
|
||||||
|
- START_ROOM_URL
|
||||||
|
- SKIP_RENDER_OPTIMIZATIONS
|
||||||
|
- MAX_PER_GROUP
|
||||||
|
- MAX_USERNAME_LENGTH
|
||||||
|
- DISABLE_ANONYMOUS
|
||||||
|
- DISABLE_NOTIFICATIONS
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.routers.front.rule=Host(`play.${DOMAIN}`)"
|
- "traefik.http.routers.front.rule=Host(`${FRONT_HOST}`)"
|
||||||
- "traefik.http.routers.front.entryPoints=web,traefik"
|
- "traefik.http.routers.front.entryPoints=web"
|
||||||
- "traefik.http.services.front.loadbalancer.server.port=80"
|
- "traefik.http.services.front.loadbalancer.server.port=80"
|
||||||
- "traefik.http.routers.front-ssl.rule=Host(`play.${DOMAIN}`)"
|
- "traefik.http.routers.front-ssl.rule=Host(`${FRONT_HOST}`)"
|
||||||
- "traefik.http.routers.front-ssl.entryPoints=websecure"
|
- "traefik.http.routers.front-ssl.entryPoints=websecure"
|
||||||
- "traefik.http.routers.front-ssl.tls=true"
|
|
||||||
- "traefik.http.routers.front-ssl.service=front"
|
- "traefik.http.routers.front-ssl.service=front"
|
||||||
|
- "traefik.http.routers.front-ssl.tls=true"
|
||||||
- "traefik.http.routers.front-ssl.tls.certresolver=myresolver"
|
- "traefik.http.routers.front-ssl.tls.certresolver=myresolver"
|
||||||
restart: unless-stopped
|
restart: ${RESTART_POLICY}
|
||||||
|
|
||||||
pusher:
|
pusher:
|
||||||
build:
|
build:
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: pusher/Dockerfile
|
dockerfile: pusher/Dockerfile
|
||||||
#image: thecodingmachine/workadventure-pusher:master
|
#image: thecodingmachine/workadventure-pusher:${VERSION}
|
||||||
command: yarn run runprod
|
command: yarn run runprod
|
||||||
environment:
|
environment:
|
||||||
SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
|
- SECRET_JITSI_KEY
|
||||||
SECRET_KEY: yourSecretKey
|
- SECRET_KEY
|
||||||
API_URL: back:50051
|
- API_URL
|
||||||
JITSI_URL: $JITSI_URL
|
- FRONT_URL=https://${FRONT_HOST}
|
||||||
JITSI_ISS: $JITSI_ISS
|
- JITSI_URL
|
||||||
FRONT_URL: https://play.${DOMAIN}
|
- JITSI_ISS
|
||||||
|
- DISABLE_ANONYMOUS
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.routers.pusher.rule=Host(`pusher.${DOMAIN}`)"
|
- "traefik.http.routers.pusher.rule=Host(`${PUSHER_HOST}`)"
|
||||||
- "traefik.http.routers.pusher.entryPoints=web,traefik"
|
- "traefik.http.routers.pusher.entryPoints=web"
|
||||||
- "traefik.http.services.pusher.loadbalancer.server.port=8080"
|
- "traefik.http.services.pusher.loadbalancer.server.port=8080"
|
||||||
- "traefik.http.routers.pusher-ssl.rule=Host(`pusher.${DOMAIN}`)"
|
- "traefik.http.routers.pusher-ssl.rule=Host(${PUSHER_HOST}`)"
|
||||||
- "traefik.http.routers.pusher-ssl.entryPoints=websecure"
|
- "traefik.http.routers.pusher-ssl.entryPoints=websecure"
|
||||||
- "traefik.http.routers.pusher-ssl.tls=true"
|
|
||||||
- "traefik.http.routers.pusher-ssl.service=pusher"
|
- "traefik.http.routers.pusher-ssl.service=pusher"
|
||||||
|
- "traefik.http.routers.pusher-ssl.tls=true"
|
||||||
- "traefik.http.routers.pusher-ssl.tls.certresolver=myresolver"
|
- "traefik.http.routers.pusher-ssl.tls.certresolver=myresolver"
|
||||||
restart: unless-stopped
|
restart: ${RESTART_POLICY}
|
||||||
|
|
||||||
back:
|
back:
|
||||||
build:
|
build:
|
||||||
context: ../..
|
context: ../..
|
||||||
dockerfile: back/Dockerfile
|
dockerfile: back/Dockerfile
|
||||||
#image: thecodingmachine/workadventure-back:master
|
#image: thecodingmachine/workadventure-back:${VERSION}
|
||||||
command: yarn run runprod
|
command: yarn run runprod
|
||||||
environment:
|
environment:
|
||||||
SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
|
- SECRET_JITSI_KEY
|
||||||
ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"
|
- SECRET_KEY
|
||||||
ADMIN_API_URL: "$ADMIN_API_URL"
|
- ADMIN_API_TOKEN
|
||||||
JITSI_URL: $JITSI_URL
|
- ADMIN_API_URL
|
||||||
JITSI_ISS: $JITSI_ISS
|
- TURN_SERVER
|
||||||
|
- TURN_USER
|
||||||
|
- TURN_PASSWORD
|
||||||
|
- TURN_STATIC_AUTH_SECRET
|
||||||
|
- STUN_SERVER
|
||||||
|
- JITSI_URL
|
||||||
|
- JITSI_ISS
|
||||||
|
- MAX_PER_GROUP
|
||||||
|
- STORE_VARIABLES_FOR_LOCAL_MAPS
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.routers.back.rule=Host(`api.${DOMAIN}`)"
|
- "traefik.http.routers.back.rule=Host(`${BACK_HOST}`)"
|
||||||
- "traefik.http.routers.back.entryPoints=web"
|
- "traefik.http.routers.back.entryPoints=web"
|
||||||
- "traefik.http.services.back.loadbalancer.server.port=8080"
|
- "traefik.http.services.back.loadbalancer.server.port=8080"
|
||||||
- "traefik.http.routers.back-ssl.rule=Host(`api.${DOMAIN}`)"
|
- "traefik.http.routers.back-ssl.rule=Host(`${BACK_HOST}`)"
|
||||||
- "traefik.http.routers.back-ssl.entryPoints=websecure"
|
- "traefik.http.routers.back-ssl.entryPoints=websecure"
|
||||||
- "traefik.http.routers.back-ssl.tls=true"
|
|
||||||
- "traefik.http.routers.back-ssl.service=back"
|
- "traefik.http.routers.back-ssl.service=back"
|
||||||
|
- "traefik.http.routers.back-ssl.tls=true"
|
||||||
- "traefik.http.routers.back-ssl.tls.certresolver=myresolver"
|
- "traefik.http.routers.back-ssl.tls.certresolver=myresolver"
|
||||||
restart: unless-stopped
|
restart: ${RESTART_POLICY}
|
||||||
|
|
||||||
icon:
|
icon:
|
||||||
image: matthiasluedtke/iconserver:v3.13.0
|
image: matthiasluedtke/iconserver:v3.13.0
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.routers.icon.rule=Host(`icon.${DOMAIN}`)"
|
- "traefik.http.routers.icon.rule=Host(`${ICON_HOST}`)"
|
||||||
- "traefik.http.routers.icon.entryPoints=web,traefik"
|
- "traefik.http.routers.icon.entryPoints=web,traefik"
|
||||||
- "traefik.http.services.icon.loadbalancer.server.port=8080"
|
- "traefik.http.services.icon.loadbalancer.server.port=8080"
|
||||||
- "traefik.http.routers.icon-ssl.rule=Host(`icon.${DOMAIN}`)"
|
- "traefik.http.routers.icon-ssl.rule=Host(`${ICON_HOST}`)"
|
||||||
- "traefik.http.routers.icon-ssl.entryPoints=websecure"
|
- "traefik.http.routers.icon-ssl.entryPoints=websecure"
|
||||||
- "traefik.http.routers.icon-ssl.tls=true"
|
|
||||||
- "traefik.http.routers.icon-ssl.service=icon"
|
- "traefik.http.routers.icon-ssl.service=icon"
|
||||||
|
- "traefik.http.routers.icon-ssl.tls=true"
|
||||||
- "traefik.http.routers.icon-ssl.tls.certresolver=myresolver"
|
- "traefik.http.routers.icon-ssl.tls.certresolver=myresolver"
|
||||||
|
Loading…
Reference in New Issue
Block a user