41fd848fa0
Some HTML files were importing iframe_api.js automatically by detecting the referrer document. While this was done in a safe way (the map container does not use cookies), it is not a best practice to load a script originating from document.referrer. This PR solves the issue by using PHP to inject the correct domain name in the HTML files.
233 lines
8.9 KiB
YAML
233 lines
8.9 KiB
YAML
version: "3"
|
|
services:
|
|
reverse-proxy:
|
|
image: traefik:v2.0
|
|
command:
|
|
- --api.insecure=true
|
|
- --providers.docker
|
|
- --entryPoints.web.address=:80
|
|
- --entryPoints.websecure.address=:443
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
# The Web UI (enabled by --api.insecure=true)
|
|
- "8080:8080"
|
|
depends_on:
|
|
- back
|
|
- front
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
networks:
|
|
default:
|
|
aliases:
|
|
- 'play.workadventure.localhost'
|
|
- 'pusher.workadventure.localhost'
|
|
- 'maps.workadventure.localhost'
|
|
|
|
front:
|
|
image: thecodingmachine/nodejs:14
|
|
environment:
|
|
DEBUG_MODE: "$DEBUG_MODE"
|
|
JITSI_URL: $JITSI_URL
|
|
JITSI_PRIVATE_MODE: "$JITSI_PRIVATE_MODE"
|
|
HOST: "0.0.0.0"
|
|
NODE_ENV: development
|
|
PUSHER_URL: //pusher.workadventure.localhost
|
|
UPLOADER_URL: //uploader.workadventure.localhost
|
|
ADMIN_URL: //workadventure.localhost
|
|
ICON_URL: //icon.workadventure.localhost
|
|
STARTUP_COMMAND_1: ./templater.sh
|
|
STARTUP_COMMAND_2: yarn install
|
|
STUN_SERVER: "stun:stun.l.google.com:19302"
|
|
TURN_SERVER: "turn:coturn.workadventure.localhost:3478,turns:coturn.workadventure.localhost:5349"
|
|
DISABLE_NOTIFICATIONS: "$DISABLE_NOTIFICATIONS"
|
|
SKIP_RENDER_OPTIMIZATIONS: "$SKIP_RENDER_OPTIMIZATIONS"
|
|
# Use TURN_USER/TURN_PASSWORD if your Coturn server is secured via hard coded credentials.
|
|
# Advice: you should instead use Coturn REST API along the TURN_STATIC_AUTH_SECRET in the Back container
|
|
TURN_USER: ""
|
|
TURN_PASSWORD: ""
|
|
START_ROOM_URL: "$START_ROOM_URL"
|
|
MAX_PER_GROUP: "$MAX_PER_GROUP"
|
|
MAX_USERNAME_LENGTH: "$MAX_USERNAME_LENGTH"
|
|
DISABLE_ANONYMOUS: "$DISABLE_ANONYMOUS"
|
|
OPID_LOGIN_SCREEN_PROVIDER: "$OPID_LOGIN_SCREEN_PROVIDER"
|
|
command: yarn run start
|
|
volumes:
|
|
- ./front:/usr/src/app
|
|
labels:
|
|
- "traefik.http.routers.front.rule=Host(`play.workadventure.localhost`)"
|
|
- "traefik.http.routers.front.entryPoints=web"
|
|
- "traefik.http.services.front.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.front-ssl.rule=Host(`play.workadventure.localhost`)"
|
|
- "traefik.http.routers.front-ssl.entryPoints=websecure"
|
|
- "traefik.http.routers.front-ssl.tls=true"
|
|
- "traefik.http.routers.front-ssl.service=front"
|
|
|
|
pusher:
|
|
image: thecodingmachine/nodejs:14
|
|
command: yarn dev
|
|
environment:
|
|
DEBUG: "socket:*"
|
|
STARTUP_COMMAND_1: yarn install
|
|
# wait for files generated by "messages" container to exists
|
|
STARTUP_COMMAND_2: while [ ! -f /usr/src/app/src/Messages/generated/messages_pb.js ]; do sleep 1; done
|
|
SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
|
|
SECRET_KEY: yourSecretKey
|
|
ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"
|
|
API_URL: back:50051
|
|
JITSI_URL: $JITSI_URL
|
|
JITSI_ISS: $JITSI_ISS
|
|
FRONT_URL: http://play.workadventure.localhost
|
|
OPID_CLIENT_ID: $OPID_CLIENT_ID
|
|
OPID_CLIENT_SECRET: $OPID_CLIENT_SECRET
|
|
OPID_CLIENT_ISSUER: $OPID_CLIENT_ISSUER
|
|
OPID_CLIENT_REDIRECT_URL: $OPID_CLIENT_REDIRECT_URL
|
|
OPID_PROFILE_SCREEN_PROVIDER: $OPID_PROFILE_SCREEN_PROVIDER
|
|
DISABLE_ANONYMOUS: $DISABLE_ANONYMOUS
|
|
volumes:
|
|
- ./pusher:/usr/src/app
|
|
labels:
|
|
- "traefik.http.routers.pusher.rule=Host(`pusher.workadventure.localhost`)"
|
|
- "traefik.http.routers.pusher.entryPoints=web"
|
|
- "traefik.http.services.pusher.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.pusher-ssl.rule=Host(`pusher.workadventure.localhost`)"
|
|
- "traefik.http.routers.pusher-ssl.entryPoints=websecure"
|
|
- "traefik.http.routers.pusher-ssl.tls=true"
|
|
- "traefik.http.routers.pusher-ssl.service=pusher"
|
|
|
|
maps:
|
|
image: thecodingmachine/php:8.1-v4-apache-node12
|
|
environment:
|
|
DEBUG_MODE: "$DEBUG_MODE"
|
|
HOST: "0.0.0.0"
|
|
NODE_ENV: development
|
|
FRONT_URL: http://play.workadventure.localhost
|
|
#APACHE_DOCUMENT_ROOT: dist/
|
|
#APACHE_EXTENSIONS: headers
|
|
#APACHE_EXTENSION_HEADERS: 1
|
|
STARTUP_COMMAND_0: sudo a2enmod headers
|
|
STARTUP_COMMAND_1: yarn install
|
|
STARTUP_COMMAND_2: yarn run dev &
|
|
volumes:
|
|
- ./maps:/var/www/html
|
|
labels:
|
|
- "traefik.http.routers.maps.rule=Host(`maps.workadventure.localhost`)"
|
|
- "traefik.http.routers.maps.entryPoints=web,traefik"
|
|
- "traefik.http.services.maps.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.maps-ssl.rule=Host(`maps.workadventure.localhost`)"
|
|
- "traefik.http.routers.maps-ssl.entryPoints=websecure"
|
|
- "traefik.http.routers.maps-ssl.tls=true"
|
|
- "traefik.http.routers.maps-ssl.service=maps"
|
|
|
|
back:
|
|
image: thecodingmachine/nodejs:12
|
|
command: yarn dev
|
|
#command: yarn run profile
|
|
environment:
|
|
DEBUG: "*"
|
|
STARTUP_COMMAND_1: yarn install
|
|
# wait for files generated by "messages" container to exists
|
|
STARTUP_COMMAND_2: while [ ! -f /usr/src/app/src/Messages/generated/messages_pb.js ]; do sleep 1; done
|
|
SECRET_KEY: yourSecretKey
|
|
SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
|
|
ALLOW_ARTILLERY: "true"
|
|
ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"
|
|
JITSI_URL: $JITSI_URL
|
|
JITSI_ISS: $JITSI_ISS
|
|
TURN_STATIC_AUTH_SECRET: SomeStaticAuthSecret
|
|
MAX_PER_GROUP: "MAX_PER_GROUP"
|
|
REDIS_HOST: redis
|
|
NODE_ENV: development
|
|
STORE_VARIABLES_FOR_LOCAL_MAPS: "true"
|
|
volumes:
|
|
- ./back:/usr/src/app
|
|
labels:
|
|
- "traefik.http.routers.back.rule=Host(`api.workadventure.localhost`)"
|
|
- "traefik.http.routers.back.entryPoints=web"
|
|
- "traefik.http.services.back.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.back-ssl.rule=Host(`api.workadventure.localhost`)"
|
|
- "traefik.http.routers.back-ssl.entryPoints=websecure"
|
|
- "traefik.http.routers.back-ssl.tls=true"
|
|
- "traefik.http.routers.back-ssl.service=back"
|
|
|
|
uploader:
|
|
image: thecodingmachine/nodejs:12
|
|
command: yarn dev
|
|
#command: yarn run profile
|
|
environment:
|
|
DEBUG: "*"
|
|
STARTUP_COMMAND_1: yarn install
|
|
volumes:
|
|
- ./uploader:/usr/src/app
|
|
labels:
|
|
- "traefik.http.routers.uploader.rule=Host(`uploader.workadventure.localhost`)"
|
|
- "traefik.http.routers.uploader.entryPoints=web"
|
|
- "traefik.http.services.uploader.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.uploader-ssl.rule=Host(`uploader.workadventure.localhost`)"
|
|
- "traefik.http.routers.uploader-ssl.entryPoints=websecure"
|
|
- "traefik.http.routers.uploader-ssl.tls=true"
|
|
- "traefik.http.routers.uploader-ssl.service=uploader"
|
|
|
|
messages:
|
|
#image: thecodingmachine/nodejs:14
|
|
image: thecodingmachine/workadventure-back-base:latest
|
|
environment:
|
|
#STARTUP_COMMAND_0: sudo apt-get install -y inotify-tools
|
|
STARTUP_COMMAND_1: yarn install
|
|
STARTUP_COMMAND_2: yarn run proto:watch
|
|
volumes:
|
|
- ./messages:/usr/src/app
|
|
- ./back:/usr/src/back
|
|
- ./front:/usr/src/front
|
|
- ./pusher:/usr/src/pusher
|
|
|
|
redis:
|
|
image: redis:6
|
|
|
|
redisinsight:
|
|
image: redislabs/redisinsight:latest
|
|
labels:
|
|
- "traefik.http.routers.redisinsight.rule=Host(`redis.workadventure.localhost`)"
|
|
- "traefik.http.routers.redisinsight.entryPoints=web"
|
|
- "traefik.http.services.redisinsight.loadbalancer.server.port=8001"
|
|
- "traefik.http.routers.redisinsight-ssl.rule=Host(`redis.workadventure.localhost`)"
|
|
- "traefik.http.routers.redisinsight-ssl.entryPoints=websecure"
|
|
- "traefik.http.routers.redisinsight-ssl.tls=true"
|
|
- "traefik.http.routers.redisinsight-ssl.service=redisinsight"
|
|
|
|
icon:
|
|
image: matthiasluedtke/iconserver:v3.13.0
|
|
labels:
|
|
- "traefik.http.routers.icon.rule=Host(`icon.workadventure.localhost`)"
|
|
- "traefik.http.routers.icon.entryPoints=web"
|
|
- "traefik.http.services.icon.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.icon-ssl.rule=Host(`icon.workadventure.localhost`)"
|
|
- "traefik.http.routers.icon-ssl.entryPoints=websecure"
|
|
- "traefik.http.routers.icon-ssl.tls=true"
|
|
- "traefik.http.routers.icon-ssl.service=icon"
|
|
|
|
# coturn:
|
|
# image: coturn/coturn:4.5.2
|
|
# command:
|
|
# - turnserver
|
|
# #- -c=/etc/coturn/turnserver.conf
|
|
# - --log-file=stdout
|
|
# - --external-ip=$$(detect-external-ip)
|
|
# - --listening-port=3478
|
|
# - --min-port=10000
|
|
# - --max-port=10010
|
|
# - --tls-listening-port=5349
|
|
# - --listening-ip=0.0.0.0
|
|
# - --realm=coturn.workadventure.localhost
|
|
# - --server-name=coturn.workadventure.localhost
|
|
# - --lt-cred-mech
|
|
# # Enable Coturn "REST API" to validate temporary passwords.
|
|
# #- --use-auth-secret
|
|
# #- --static-auth-secret=SomeStaticAuthSecret
|
|
# #- --userdb=/var/lib/turn/turndb
|
|
# - --user=workadventure:WorkAdventure123
|
|
# # use real-valid certificate/privatekey files
|
|
# #- --cert=/root/letsencrypt/fullchain.pem
|
|
# #- --pkey=/root/letsencrypt/privkey.pem
|
|
# network_mode: host
|