services: postgres: image: postgres:16 environment: POSTGRES_PASSWORD: example POSTGRES_DB: snoop POSTGRES_USER: snoop ports: - "5432:5432" volumes: - pgdata:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"] interval: 10s timeout: 5s retries: 10 networks: - snoopBack minio: image: minio/minio:latest command: server /data --console-address ":9001" environment: MINIO_ROOT_USER: minioadmin MINIO_ROOT_PASSWORD: minioadmin healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/ready"] interval: 5s timeout: 3s retries: 5 volumes: - miniodata:/data ports: # console :9001 is handy during dev - "9000:9000" - "9001:9001" networks: - snoopBack snoop-api: restart: unless-stopped build: context: ./server dockerfile: Dockerfile args: APP_DIR: ${API_APP_DIR:-./cmd/api} environment: VAULT_ADDR: "http://host.docker.internal:8200" VAULT_TOKEN: "hvs.tZ4eh9P18sCZ5c1PZIz59EmH" # VAULT_KV_PATH: "kv/data/snoop" MINIO_ENDPOINT: "http://minio:9000" JWT_SECRET: ${JWT_SECRET} env_file: - .env depends_on: postgres: condition: service_healthy minio: condition: service_healthy networks: - snoopBack - proxy web: restart: unless-stopped build: context: ./management-ui dockerfile: Dockerfile environment: VITE_API_URL: /api networks: - proxy nginx: image: nginx:1.27-alpine depends_on: - web - snoop-api ports: - "80:80" - "443:443" volumes: - ./nginx/dev.conf:/etc/nginx/conf.d/default.conf:ro,Z # - ./nginx/nginx_ssl/fullchain.pem:/etc/nginx/ssl/certs/fullchain.pem # - ./nginx/nginx_ssl/privkey.pem:/etc/nginx/ssl/certs/privkey.pem - ./nginx/nginx_ssl:/etc/nginx/ssl/certs/:ro,Z - ./nginx/nginx_ssl/iot_int_cert.pem:/etc/nginx/ssl/iot_int_cert.pem:ro,Z - ./nginx/nginx_ssl/iot.crl:/etc/nginx/ssl/iot.crl:ro,Z networks: - proxy mediamtx: build: context: ./mediamtx dockerfile: Dockerfile restart: unless-stopped ports: - "8554:8554" # RTSP - "1935:1935" # RTMP - "8888:8888" # HLS / LL-HLS (HTTP) - "8889:8889" # WebRTC HTTP (WHIP/WHEP/pages) - "8189:8189/udp" # WebRTC ICE UDP - "8890:8890/udp" # SRT - "9997:9997" # Control API (enabled in config below; map if you want to access from host) volumes: - ./mediamtx/mediamtx.yml:/mediamtx.yml:ro,Z - mediamtx-recordings:/recordings environment: RCLONE_CONFIG_MINIO_TYPE: s3 RCLONE_CONFIG_MINIO_PROVIDER: Minio RCLONE_CONFIG_MINIO_ENDPOINT: http://minio:9000 RCLONE_CONFIG_MINIO_ACCESS_KEY_ID: minioadmin RCLONE_CONFIG_MINIO_SECRET_ACCESS_KEY: minioadmin RCLONE_CONFIG_MINIO_REGION: us-east-1 RCLONE_CONFIG_MINIO_FORCE_PATH_STYLE: "true" networks: - proxy - snoopBack # NEW: EMQX MQTT broker emqx: image: emqx/emqx:latest # EMQX 5.x restart: unless-stopped environment: # set a fixed node name (nice when you later add clustering) EMQX_NODE__NAME: emqx@node1 # set dashboard admin user/pass (change these in prod!) EMQX_DASHBOARD__DEFAULT_USERNAME: admin EMQX_DASHBOARD__DEFAULT_PASSWORD: changeme123 # optional: enable WebSocket listener on 8083 (on by default in 5.x) # EMQX_LISTENERS__WS__DEFAULT__ENABLE: "true" volumes: - emqx-data:/opt/emqx/data - emqx-log:/opt/emqx/log ports: - "1883:1883" # MQTT (TCP) - "8083:8083" # MQTT over WebSocket (WS) # - "8883:8883" # MQTT over TLS (uncomment when you add certs) # - "8084:8084" # WSS (uncomment with TLS) - "18083:18083" # Dashboard networks: - snoopBack - proxy # so Nginx can reverse-proxy WS at /mqtt/ws volumes: pgdata: miniodata: mediamtx-recordings: emqx-data: emqx-log: networks: proxy: external: true snoopBack: