Merge pull request #1844 from Lithimlin/develop
Update production templates
This commit is contained in:
commit
e6e99c1911
@ -1,20 +1,118 @@
|
||||
# Security
|
||||
#
|
||||
|
||||
SECRET_KEY=
|
||||
ADMIN_API_TOKEN=
|
||||
|
||||
#
|
||||
# Networking
|
||||
#
|
||||
|
||||
# The base domain
|
||||
DOMAIN=workadventure.localhost
|
||||
|
||||
DEBUG_MODE=false
|
||||
# Subdomains
|
||||
# MUST match the DOMAIN variable above
|
||||
FRONT_HOST=front.workadventure.localhost
|
||||
PUSHER_HOST=pusher.workadventure.localhost
|
||||
BACK_HOST=api.workadventure.localhost
|
||||
MAPS_HOST=maps.workadventure.localhost
|
||||
ICON_HOST=icon.workadventure.localhost
|
||||
|
||||
# SAAS admin panel
|
||||
ADMIN_API_URL=
|
||||
|
||||
#
|
||||
# Basic configuration
|
||||
#
|
||||
|
||||
# The directory to store data in
|
||||
DATA_DIR=./wa
|
||||
|
||||
# The URL used by default, in the form: "/_/global/map/url.json"
|
||||
START_ROOM_URL=/_/global/maps.workadventu.re/Floor0/floor0.json
|
||||
|
||||
# If you want to have a contact page in your menu,
|
||||
# you MUST set CONTACT_URL to the URL of the page that you want
|
||||
CONTACT_URL=
|
||||
|
||||
MAX_PER_GROUP=4
|
||||
MAX_USERNAME_LENGTH=8
|
||||
DISABLE_ANONYMOUS=false
|
||||
|
||||
# The version of the docker image to use
|
||||
# MUST uncomment "image" keys in the docker-compose file for it to be effective
|
||||
VERSION=master
|
||||
|
||||
TZ=Europe/Paris
|
||||
|
||||
#
|
||||
# Jitsi
|
||||
#
|
||||
|
||||
JITSI_URL=meet.jit.si
|
||||
# If your Jitsi environment has authentication set up, you MUST set JITSI_PRIVATE_MODE to "true" and you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
|
||||
# If your Jitsi environment has authentication set up,
|
||||
# you MUST set JITSI_PRIVATE_MODE to "true"
|
||||
# and you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
|
||||
JITSI_PRIVATE_MODE=false
|
||||
JITSI_ISS=
|
||||
SECRET_JITSI_KEY=
|
||||
|
||||
#
|
||||
# Turn/Stun
|
||||
#
|
||||
|
||||
# URL of the TURN server (needed to "punch a hole" through some networks for P2P connections)
|
||||
TURN_SERVER=
|
||||
TURN_USER=
|
||||
TURN_PASSWORD=
|
||||
# If your Turn server is configured to use the Turn REST API, you MUST put the shared auth secret here.
|
||||
# If you are using Coturn, this is the value of the "static-auth-secret" parameter in your coturn config file.
|
||||
# Keep empty if you are sharing hard coded / clear text credentials.
|
||||
TURN_STATIC_AUTH_SECRET=
|
||||
# URL of the STUN server
|
||||
STUN_SERVER=
|
||||
|
||||
# The URL used by default, in the form: "/_/global/map/url.json"
|
||||
START_ROOM_URL=/_/global/maps.workadventu.re/Floor0/floor0.json
|
||||
#
|
||||
# Certificate config
|
||||
#
|
||||
|
||||
# The email address used by Let's encrypt to send renewal warnings (compulsory)
|
||||
ACME_EMAIL=
|
||||
|
||||
#
|
||||
# Additional app configs
|
||||
# Configuration for apps which are not workadventure itself
|
||||
#
|
||||
|
||||
# openID
|
||||
OPID_CLIENT_ID=
|
||||
OPID_CLIENT_SECRET=
|
||||
OPID_CLIENT_ISSUER=
|
||||
OPID_CLIENT_REDIRECT_URL=
|
||||
OPID_LOGIN_SCREEN_PROVIDER=http://pusher.workadventure.localhost/login-screen
|
||||
OPID_PROFILE_SCREEN_PROVIDER=
|
||||
|
||||
|
||||
#
|
||||
# Advanced configuration
|
||||
# Generally does not need to be changed
|
||||
#
|
||||
|
||||
# Networking
|
||||
HTTP_PORT=80
|
||||
HTTPS_PORT=443
|
||||
|
||||
# Workadventure settings
|
||||
DISABLE_NOTIFICATIONS=false
|
||||
SKIP_RENDER_OPTIMIZATIONS=false
|
||||
STORE_VARIABLES_FOR_LOCAL_MAPS=true
|
||||
|
||||
# Debugging options
|
||||
DEBUG_MODE=false
|
||||
LOG_LEVEL=WARN
|
||||
|
||||
# Internal URLs
|
||||
API_URL=back:50051
|
||||
|
||||
RESTART_POLICY=unless-stopped
|
||||
|
@ -1,114 +1,128 @@
|
||||
version: "3.3"
|
||||
version: "3.5"
|
||||
services:
|
||||
reverse-proxy:
|
||||
image: traefik:v2.3
|
||||
image: traefik:v2.6
|
||||
command:
|
||||
- --log.level=WARN
|
||||
#- --api.insecure=true
|
||||
- --log.level=${LOG_LEVEL}
|
||||
- --providers.docker
|
||||
- --entryPoints.web.address=:80
|
||||
# Entry points
|
||||
- --entryPoints.web.address=:${HTTP_PORT}
|
||||
- --entrypoints.web.http.redirections.entryPoint.to=websecure
|
||||
- --entrypoints.web.http.redirections.entryPoint.scheme=https
|
||||
- --entryPoints.websecure.address=:443
|
||||
- --entryPoints.websecure.address=:${HTTPS_PORT}
|
||||
# HTTP challenge
|
||||
- --certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}
|
||||
- --certificatesresolvers.myresolver.acme.storage=/acme.json
|
||||
# used during the challenge
|
||||
- --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
|
||||
# Let's Encrypt's staging server
|
||||
# uncomment during testing to avoid rate limiting
|
||||
#- --certificatesresolvers.dnsresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
# The Web UI (enabled by --api.insecure=true)
|
||||
#- "8080:8080"
|
||||
depends_on:
|
||||
- pusher
|
||||
- front
|
||||
- "${HTTP_PORT}:80"
|
||||
- "${HTTPS_PORT}:443"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- ./acme.json:/acme.json
|
||||
restart: unless-stopped
|
||||
- ${DATA_DIR}/letsencrypt/acme.json:/acme.json
|
||||
restart: ${RESTART_POLICY}
|
||||
|
||||
|
||||
front:
|
||||
build:
|
||||
context: ../..
|
||||
dockerfile: front/Dockerfile
|
||||
#image: thecodingmachine/workadventure-front:master
|
||||
#image: thecodingmachine/workadventure-front:${VERSION}
|
||||
environment:
|
||||
DEBUG_MODE: "$DEBUG_MODE"
|
||||
JITSI_URL: $JITSI_URL
|
||||
JITSI_PRIVATE_MODE: "$JITSI_PRIVATE_MODE"
|
||||
PUSHER_URL: //pusher.${DOMAIN}
|
||||
ICON_URL: //icon.${DOMAIN}
|
||||
TURN_SERVER: "${TURN_SERVER}"
|
||||
TURN_USER: "${TURN_USER}"
|
||||
TURN_PASSWORD: "${TURN_PASSWORD}"
|
||||
START_ROOM_URL: "${START_ROOM_URL}"
|
||||
- DEBUG_MODE
|
||||
- JITSI_URL
|
||||
- JITSI_PRIVATE_MODE
|
||||
- PUSHER_URL=//${PUSHER_HOST}
|
||||
- ICON_URL=//${ICON_HOST}
|
||||
- TURN_SERVER
|
||||
- TURN_USER
|
||||
- TURN_PASSWORD
|
||||
- TURN_STATIC_AUTH_SECRET
|
||||
- STUN_SERVER
|
||||
- START_ROOM_URL
|
||||
- SKIP_RENDER_OPTIMIZATIONS
|
||||
- MAX_PER_GROUP
|
||||
- MAX_USERNAME_LENGTH
|
||||
- DISABLE_ANONYMOUS
|
||||
- DISABLE_NOTIFICATIONS
|
||||
labels:
|
||||
- "traefik.http.routers.front.rule=Host(`play.${DOMAIN}`)"
|
||||
- "traefik.http.routers.front.entryPoints=web,traefik"
|
||||
- "traefik.http.routers.front.rule=Host(`${FRONT_HOST}`)"
|
||||
- "traefik.http.routers.front.entryPoints=web"
|
||||
- "traefik.http.services.front.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.front-ssl.rule=Host(`play.${DOMAIN}`)"
|
||||
- "traefik.http.routers.front-ssl.rule=Host(`${FRONT_HOST}`)"
|
||||
- "traefik.http.routers.front-ssl.entryPoints=websecure"
|
||||
- "traefik.http.routers.front-ssl.tls=true"
|
||||
- "traefik.http.routers.front-ssl.service=front"
|
||||
- "traefik.http.routers.front-ssl.tls=true"
|
||||
- "traefik.http.routers.front-ssl.tls.certresolver=myresolver"
|
||||
restart: unless-stopped
|
||||
restart: ${RESTART_POLICY}
|
||||
|
||||
pusher:
|
||||
build:
|
||||
context: ../..
|
||||
dockerfile: pusher/Dockerfile
|
||||
#image: thecodingmachine/workadventure-pusher:master
|
||||
#image: thecodingmachine/workadventure-pusher:${VERSION}
|
||||
command: yarn run runprod
|
||||
environment:
|
||||
SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
|
||||
SECRET_KEY: yourSecretKey
|
||||
API_URL: back:50051
|
||||
JITSI_URL: $JITSI_URL
|
||||
JITSI_ISS: $JITSI_ISS
|
||||
FRONT_URL: https://play.${DOMAIN}
|
||||
- SECRET_JITSI_KEY
|
||||
- SECRET_KEY
|
||||
- API_URL
|
||||
- FRONT_URL=https://${FRONT_HOST}
|
||||
- JITSI_URL
|
||||
- JITSI_ISS
|
||||
- DISABLE_ANONYMOUS
|
||||
labels:
|
||||
- "traefik.http.routers.pusher.rule=Host(`pusher.${DOMAIN}`)"
|
||||
- "traefik.http.routers.pusher.entryPoints=web,traefik"
|
||||
- "traefik.http.routers.pusher.rule=Host(`${PUSHER_HOST}`)"
|
||||
- "traefik.http.routers.pusher.entryPoints=web"
|
||||
- "traefik.http.services.pusher.loadbalancer.server.port=8080"
|
||||
- "traefik.http.routers.pusher-ssl.rule=Host(`pusher.${DOMAIN}`)"
|
||||
- "traefik.http.routers.pusher-ssl.rule=Host(${PUSHER_HOST}`)"
|
||||
- "traefik.http.routers.pusher-ssl.entryPoints=websecure"
|
||||
- "traefik.http.routers.pusher-ssl.tls=true"
|
||||
- "traefik.http.routers.pusher-ssl.service=pusher"
|
||||
- "traefik.http.routers.pusher-ssl.tls=true"
|
||||
- "traefik.http.routers.pusher-ssl.tls.certresolver=myresolver"
|
||||
restart: unless-stopped
|
||||
restart: ${RESTART_POLICY}
|
||||
|
||||
back:
|
||||
build:
|
||||
context: ../..
|
||||
dockerfile: back/Dockerfile
|
||||
#image: thecodingmachine/workadventure-back:master
|
||||
#image: thecodingmachine/workadventure-back:${VERSION}
|
||||
command: yarn run runprod
|
||||
environment:
|
||||
SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
|
||||
ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"
|
||||
ADMIN_API_URL: "$ADMIN_API_URL"
|
||||
JITSI_URL: $JITSI_URL
|
||||
JITSI_ISS: $JITSI_ISS
|
||||
- SECRET_JITSI_KEY
|
||||
- SECRET_KEY
|
||||
- ADMIN_API_TOKEN
|
||||
- ADMIN_API_URL
|
||||
- TURN_SERVER
|
||||
- TURN_USER
|
||||
- TURN_PASSWORD
|
||||
- TURN_STATIC_AUTH_SECRET
|
||||
- STUN_SERVER
|
||||
- JITSI_URL
|
||||
- JITSI_ISS
|
||||
- MAX_PER_GROUP
|
||||
- STORE_VARIABLES_FOR_LOCAL_MAPS
|
||||
labels:
|
||||
- "traefik.http.routers.back.rule=Host(`api.${DOMAIN}`)"
|
||||
- "traefik.http.routers.back.rule=Host(`${BACK_HOST}`)"
|
||||
- "traefik.http.routers.back.entryPoints=web"
|
||||
- "traefik.http.services.back.loadbalancer.server.port=8080"
|
||||
- "traefik.http.routers.back-ssl.rule=Host(`api.${DOMAIN}`)"
|
||||
- "traefik.http.routers.back-ssl.rule=Host(`${BACK_HOST}`)"
|
||||
- "traefik.http.routers.back-ssl.entryPoints=websecure"
|
||||
- "traefik.http.routers.back-ssl.tls=true"
|
||||
- "traefik.http.routers.back-ssl.service=back"
|
||||
- "traefik.http.routers.back-ssl.tls=true"
|
||||
- "traefik.http.routers.back-ssl.tls.certresolver=myresolver"
|
||||
restart: unless-stopped
|
||||
restart: ${RESTART_POLICY}
|
||||
|
||||
icon:
|
||||
image: matthiasluedtke/iconserver:v3.13.0
|
||||
labels:
|
||||
- "traefik.http.routers.icon.rule=Host(`icon.${DOMAIN}`)"
|
||||
- "traefik.http.routers.icon.rule=Host(`${ICON_HOST}`)"
|
||||
- "traefik.http.routers.icon.entryPoints=web,traefik"
|
||||
- "traefik.http.services.icon.loadbalancer.server.port=8080"
|
||||
- "traefik.http.routers.icon-ssl.rule=Host(`icon.${DOMAIN}`)"
|
||||
- "traefik.http.routers.icon-ssl.rule=Host(`${ICON_HOST}`)"
|
||||
- "traefik.http.routers.icon-ssl.entryPoints=websecure"
|
||||
- "traefik.http.routers.icon-ssl.tls=true"
|
||||
- "traefik.http.routers.icon-ssl.service=icon"
|
||||
- "traefik.http.routers.icon-ssl.tls=true"
|
||||
- "traefik.http.routers.icon-ssl.tls.certresolver=myresolver"
|
||||
|
Loading…
Reference in New Issue
Block a user