workadventure/contrib/docker/docker-compose.prod.yaml

version: "3.5"
services:
  reverse-proxy:
    image: traefik:v2.6
    command:
      - --log.level=${LOG_LEVEL}
      - --providers.docker
      # Entry points
      - --entryPoints.web.address=:${HTTP_PORT}
      - --entrypoints.web.http.redirections.entryPoint.to=websecure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entryPoints.websecure.address=:${HTTPS_PORT}
      # HTTP challenge
      - --certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}
      - --certificatesresolvers.myresolver.acme.storage=/acme.json
      - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
      # Let's Encrypt's staging server
      # uncomment during testing to avoid rate limiting
      #- --certificatesresolvers.dnsresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
    ports:
      - "${HTTP_PORT}:80"
      - "${HTTPS_PORT}:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${DATA_DIR}/letsencrypt/acme.json:/acme.json
    restart: ${RESTART_POLICY}


  front:
    build:
      context: ../..
      dockerfile: front/Dockerfile
    #image: thecodingmachine/workadventure-front:${VERSION}
    environment:
      - DEBUG_MODE
      - JITSI_URL
      - JITSI_PRIVATE_MODE
      - PUSHER_URL=//${PUSHER_HOST}
      - ICON_URL=//${ICON_HOST}
      - TURN_SERVER
      - TURN_USER
      - TURN_PASSWORD
      - TURN_STATIC_AUTH_SECRET
      - STUN_SERVER
      - START_ROOM_URL
      - SKIP_RENDER_OPTIMIZATIONS
      - MAX_PER_GROUP
      - MAX_USERNAME_LENGTH
      - DISABLE_ANONYMOUS
      - DISABLE_NOTIFICATIONS
    labels:
      - "traefik.http.routers.front.rule=Host(`${FRONT_HOST}`)"
      - "traefik.http.routers.front.entryPoints=web"
      - "traefik.http.services.front.loadbalancer.server.port=80"
      - "traefik.http.routers.front-ssl.rule=Host(`${FRONT_HOST}`)"
      - "traefik.http.routers.front-ssl.entryPoints=websecure"
      - "traefik.http.routers.front-ssl.service=front"
      - "traefik.http.routers.front-ssl.tls=true"
      - "traefik.http.routers.front-ssl.tls.certresolver=myresolver"
    restart: ${RESTART_POLICY}

  pusher:
    build:
      context: ../..
      dockerfile: pusher/Dockerfile
    #image: thecodingmachine/workadventure-pusher:${VERSION}
    command: yarn run runprod
    environment:
      - SECRET_JITSI_KEY
      - SECRET_KEY
      - API_URL
      - FRONT_URL=https://${FRONT_HOST}
      - JITSI_URL
      - JITSI_ISS
      - DISABLE_ANONYMOUS
    labels:
      - "traefik.http.routers.pusher.rule=Host(`${PUSHER_HOST}`)"
      - "traefik.http.routers.pusher.entryPoints=web"
      - "traefik.http.services.pusher.loadbalancer.server.port=8080"
      - "traefik.http.routers.pusher-ssl.rule=Host(${PUSHER_HOST}`)"
      - "traefik.http.routers.pusher-ssl.entryPoints=websecure"
      - "traefik.http.routers.pusher-ssl.service=pusher"
      - "traefik.http.routers.pusher-ssl.tls=true"
      - "traefik.http.routers.pusher-ssl.tls.certresolver=myresolver"
    restart: ${RESTART_POLICY}

  back:
    build:
      context: ../..
      dockerfile: back/Dockerfile
    #image: thecodingmachine/workadventure-back:${VERSION}
    command: yarn run runprod
    environment:
      - SECRET_JITSI_KEY
      - SECRET_KEY
      - ADMIN_API_TOKEN
      - ADMIN_API_URL
      - TURN_SERVER
      - TURN_USER
      - TURN_PASSWORD
      - TURN_STATIC_AUTH_SECRET
      - STUN_SERVER
      - JITSI_URL
      - JITSI_ISS
      - MAX_PER_GROUP
      - STORE_VARIABLES_FOR_LOCAL_MAPS
    labels:
      - "traefik.http.routers.back.rule=Host(`${BACK_HOST}`)"
      - "traefik.http.routers.back.entryPoints=web"
      - "traefik.http.services.back.loadbalancer.server.port=8080"
      - "traefik.http.routers.back-ssl.rule=Host(`${BACK_HOST}`)"
      - "traefik.http.routers.back-ssl.entryPoints=websecure"
      - "traefik.http.routers.back-ssl.service=back"
      - "traefik.http.routers.back-ssl.tls=true"
      - "traefik.http.routers.back-ssl.tls.certresolver=myresolver"
    restart: ${RESTART_POLICY}

  icon:
    image: matthiasluedtke/iconserver:v3.13.0
    labels:
      - "traefik.http.routers.icon.rule=Host(`${ICON_HOST}`)"
      - "traefik.http.routers.icon.entryPoints=web,traefik"
      - "traefik.http.services.icon.loadbalancer.server.port=8080"
      - "traefik.http.routers.icon-ssl.rule=Host(`${ICON_HOST}`)"
      - "traefik.http.routers.icon-ssl.entryPoints=websecure"
      - "traefik.http.routers.icon-ssl.service=icon"
      - "traefik.http.routers.icon-ssl.tls=true"
      - "traefik.http.routers.icon-ssl.tls.certresolver=myresolver"