8205775dc9
In the new version, a new FRONT_URL environment variable is now compulsory in the Pusher. This is done to setup CORS security in the pusher. This commit adds this environment variable in the sample docker-compose.prod.yml file.
115 lines
4.2 KiB
YAML
115 lines
4.2 KiB
YAML
version: "3.3"
|
|
services:
|
|
reverse-proxy:
|
|
image: traefik:v2.3
|
|
command:
|
|
- --log.level=WARN
|
|
#- --api.insecure=true
|
|
- --providers.docker
|
|
- --entryPoints.web.address=:80
|
|
- --entrypoints.web.http.redirections.entryPoint.to=websecure
|
|
- --entrypoints.web.http.redirections.entryPoint.scheme=https
|
|
- --entryPoints.websecure.address=:443
|
|
- --certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}
|
|
- --certificatesresolvers.myresolver.acme.storage=/acme.json
|
|
# used during the challenge
|
|
- --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
# The Web UI (enabled by --api.insecure=true)
|
|
#- "8080:8080"
|
|
depends_on:
|
|
- pusher
|
|
- front
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- ./acme.json:/acme.json
|
|
restart: unless-stopped
|
|
|
|
|
|
front:
|
|
build:
|
|
context: ../..
|
|
dockerfile: front/Dockerfile
|
|
#image: thecodingmachine/workadventure-front:master
|
|
environment:
|
|
DEBUG_MODE: "$DEBUG_MODE"
|
|
JITSI_URL: $JITSI_URL
|
|
JITSI_PRIVATE_MODE: "$JITSI_PRIVATE_MODE"
|
|
PUSHER_URL: //pusher.${DOMAIN}
|
|
ICON_URL: //icon.${DOMAIN}
|
|
TURN_SERVER: "${TURN_SERVER}"
|
|
TURN_USER: "${TURN_USER}"
|
|
TURN_PASSWORD: "${TURN_PASSWORD}"
|
|
START_ROOM_URL: "${START_ROOM_URL}"
|
|
labels:
|
|
- "traefik.http.routers.front.rule=Host(`play.${DOMAIN}`)"
|
|
- "traefik.http.routers.front.entryPoints=web,traefik"
|
|
- "traefik.http.services.front.loadbalancer.server.port=80"
|
|
- "traefik.http.routers.front-ssl.rule=Host(`play.${DOMAIN}`)"
|
|
- "traefik.http.routers.front-ssl.entryPoints=websecure"
|
|
- "traefik.http.routers.front-ssl.tls=true"
|
|
- "traefik.http.routers.front-ssl.service=front"
|
|
- "traefik.http.routers.front-ssl.tls.certresolver=myresolver"
|
|
restart: unless-stopped
|
|
|
|
pusher:
|
|
build:
|
|
context: ../..
|
|
dockerfile: pusher/Dockerfile
|
|
#image: thecodingmachine/workadventure-pusher:master
|
|
command: yarn run runprod
|
|
environment:
|
|
SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
|
|
SECRET_KEY: yourSecretKey
|
|
API_URL: back:50051
|
|
JITSI_URL: $JITSI_URL
|
|
JITSI_ISS: $JITSI_ISS
|
|
FRONT_URL: https://play.${DOMAIN}
|
|
labels:
|
|
- "traefik.http.routers.pusher.rule=Host(`pusher.${DOMAIN}`)"
|
|
- "traefik.http.routers.pusher.entryPoints=web,traefik"
|
|
- "traefik.http.services.pusher.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.pusher-ssl.rule=Host(`pusher.${DOMAIN}`)"
|
|
- "traefik.http.routers.pusher-ssl.entryPoints=websecure"
|
|
- "traefik.http.routers.pusher-ssl.tls=true"
|
|
- "traefik.http.routers.pusher-ssl.service=pusher"
|
|
- "traefik.http.routers.pusher-ssl.tls.certresolver=myresolver"
|
|
restart: unless-stopped
|
|
|
|
back:
|
|
build:
|
|
context: ../..
|
|
dockerfile: back/Dockerfile
|
|
#image: thecodingmachine/workadventure-back:master
|
|
command: yarn run runprod
|
|
environment:
|
|
SECRET_JITSI_KEY: "$SECRET_JITSI_KEY"
|
|
ADMIN_API_TOKEN: "$ADMIN_API_TOKEN"
|
|
ADMIN_API_URL: "$ADMIN_API_URL"
|
|
JITSI_URL: $JITSI_URL
|
|
JITSI_ISS: $JITSI_ISS
|
|
labels:
|
|
- "traefik.http.routers.back.rule=Host(`api.${DOMAIN}`)"
|
|
- "traefik.http.routers.back.entryPoints=web"
|
|
- "traefik.http.services.back.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.back-ssl.rule=Host(`api.${DOMAIN}`)"
|
|
- "traefik.http.routers.back-ssl.entryPoints=websecure"
|
|
- "traefik.http.routers.back-ssl.tls=true"
|
|
- "traefik.http.routers.back-ssl.service=back"
|
|
- "traefik.http.routers.back-ssl.tls.certresolver=myresolver"
|
|
restart: unless-stopped
|
|
|
|
icon:
|
|
image: matthiasluedtke/iconserver:v3.13.0
|
|
labels:
|
|
- "traefik.http.routers.icon.rule=Host(`icon.${DOMAIN}`)"
|
|
- "traefik.http.routers.icon.entryPoints=web,traefik"
|
|
- "traefik.http.services.icon.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.icon-ssl.rule=Host(`icon.${DOMAIN}`)"
|
|
- "traefik.http.routers.icon-ssl.entryPoints=websecure"
|
|
- "traefik.http.routers.icon-ssl.tls=true"
|
|
- "traefik.http.routers.icon-ssl.service=icon"
|
|
- "traefik.http.routers.icon-ssl.tls.certresolver=myresolver"
|