admin/NewSmoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ee210e847e1f1fef4f43dcd45f71047bc1e40d51
NewSmoop/docker-compose.yaml
tdv 269b098f0d added mtls for device endpoints
2025-10-03 13:22:47 +03:00

165 lines
4.5 KiB
YAML
Raw Blame History

services:
postgres:
image: postgres:16
environment:
POSTGRES_PASSWORD: example
POSTGRES_DB: snoop
POSTGRES_USER: snoop
ports:
- "5432:5432"
volumes:
- pgdata:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
interval: 10s
timeout: 5s
retries: 10
networks:
- snoopBack
minio:
image: minio/minio:latest
command: server /data --console-address ":9001"
environment:
MINIO_ROOT_USER: minioadmin
MINIO_ROOT_PASSWORD: minioadmin
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/ready"]
interval: 5s
timeout: 3s
retries: 5
volumes:
- miniodata:/data
ports: # console :9001 is handy during dev
- "9000:9000"
- "9001:9001"
networks:
- snoopBack
snoop-api:
restart: unless-stopped
build:
context: ./server
dockerfile: Dockerfile
args:
APP_DIR: ${API_APP_DIR:-./cmd/api}
environment:
VAULT_ADDR: "http://vault:8200"
VAULT_TOKEN: "root"
VAULT_KV_PATH: "kv/data/snoop"
MINIO_ENDPOINT: "http://minio:9000"
JWT_SECRET: ${JWT_SECRET}
env_file:
- .env
depends_on:
postgres:
condition: service_healthy
minio:
condition: service_healthy
networks:
- snoopBack
- proxy
web:
restart: unless-stopped
build:
context: ./management-ui
dockerfile: Dockerfile
environment:
VITE_API_URL: /api
networks:
- proxy
nginx:
image: nginx:1.27-alpine
depends_on:
- web
- snoop-api
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/dev.conf:/etc/nginx/conf.d/default.conf:ro,Z
# - ./nginx/nginx_ssl/fullchain.pem:/etc/nginx/ssl/certs/fullchain.pem
# - ./nginx/nginx_ssl/privkey.pem:/etc/nginx/ssl/certs/privkey.pem
- ./nginx/nginx_ssl:/etc/nginx/ssl/certs/:ro,Z
- ./nginx/nginx_ssl/iot_int_cert.pem:/etc/nginx/ssl/iot_int_cert.pem:ro,Z
- ./nginx/nginx_ssl/iot.crl:/etc/nginx/ssl/iot.crl:ro,Z
networks:
- proxy
mediamtx:
image: bluenviron/mediamtx:latest
# restart: unless-stopped
# Expose default listeners for all common protocols
ports:
- "8554:8554" # RTSP
- "1935:1935" # RTMP
- "8888:8888" # HLS / LL-HLS (HTTP)
- "8889:8889" # WebRTC HTTP (WHIP/WHEP/pages)
- "8189:8189/udp" # WebRTC ICE UDP
- "8890:8890/udp" # SRT
- "9997:9997" # Control API (enabled in config below; map if you want to access from host)
volumes:
- ./mediamtx/mediamtx.yml:/mediamtx.yml:ro,Z
- mediamtx-recordings:/recordings
networks:
- proxy
- snoopBack
rclone:
image: rclone/rclone:latest
command: rcd --rc-addr=:5572 --rc-no-auth
environment:
RCLONE_CONFIG_MINIO_TYPE: s3
RCLONE_CONFIG_MINIO_PROVIDER: Minio
RCLONE_CONFIG_MINIO_ENDPOINT: http://minio:9000
RCLONE_CONFIG_MINIO_ACCESS_KEY_ID: minioadmin
RCLONE_CONFIG_MINIO_SECRET_ACCESS_KEY: minioadmin
RCLONE_CONFIG_MINIO_REGION: us-east-1
RCLONE_CONFIG_MINIO_FORCE_PATH_STYLE: "true"
volumes:
- mediamtx-recordings:/recordings
networks:
- snoopBack
- proxy
# NEW: EMQX MQTT broker
emqx:
image: emqx/emqx:latest # EMQX 5.x
restart: unless-stopped
environment:
# set a fixed node name (nice when you later add clustering)
EMQX_NODE__NAME: emqx@node1
# set dashboard admin user/pass (change these in prod!)
EMQX_DASHBOARD__DEFAULT_USERNAME: admin
EMQX_DASHBOARD__DEFAULT_PASSWORD: changeme123
# optional: enable WebSocket listener on 8083 (on by default in 5.x)
# EMQX_LISTENERS__WS__DEFAULT__ENABLE: "true"
volumes:
- emqx-data:/opt/emqx/data
- emqx-log:/opt/emqx/log
ports:
- "1883:1883" # MQTT (TCP)
- "8083:8083" # MQTT over WebSocket (WS)
# - "8883:8883" # MQTT over TLS (uncomment when you add certs)
# - "8084:8084" # WSS (uncomment with TLS)
- "18083:18083" # Dashboard
networks:
- snoopBack
- proxy # so Nginx can reverse-proxy WS at /mqtt/ws
volumes:
pgdata:
miniodata:
mediamtx-recordings:
emqx-data:
emqx-log:
networks:
proxy:
external: true
snoopBack:
Reference in New Issue View Git Blame Copy Permalink