# Copyright (c) Abstract Machines # SPDX-License-Identifier: Apache-2.0 name: "supermq" networks: supermq-base-net: driver: bridge volumes: supermq-users-db-volume: supermq-groups-db-volume: supermq-clients-db-volume: supermq-channels-db-volume: supermq-clients-redis-volume: supermq-broker-volume: supermq-spicedb-db-volume: supermq-auth-db-volume: supermq-pat-db-volume: supermq-domains-db-volume: supermq-domains-redis-volume: supermq-ui-db-volume: services: spicedb: image: "authzed/spicedb:v1.37.0" container_name: supermq-spicedb command: "serve" restart: "always" networks: - supermq-base-net ports: - "8080:8080" - "9091:9090" - "50051:50051" environment: SPICEDB_GRPC_PRESHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY} SPICEDB_DATASTORE_ENGINE: ${SMQ_SPICEDB_DATASTORE_ENGINE} SPICEDB_DATASTORE_CONN_URI: "${SMQ_SPICEDB_DATASTORE_ENGINE}://${SMQ_SPICEDB_DB_USER}:${SMQ_SPICEDB_DB_PASS}@spicedb-db:${SMQ_SPICEDB_DB_PORT}/${SMQ_SPICEDB_DB_NAME}?sslmode=disable" depends_on: - spicedb-migrate spicedb-migrate: image: "authzed/spicedb:v1.37.0" container_name: supermq-spicedb-migrate command: "migrate head" restart: "on-failure" networks: - supermq-base-net environment: SPICEDB_DATASTORE_ENGINE: ${SMQ_SPICEDB_DATASTORE_ENGINE} SPICEDB_DATASTORE_CONN_URI: "${SMQ_SPICEDB_DATASTORE_ENGINE}://${SMQ_SPICEDB_DB_USER}:${SMQ_SPICEDB_DB_PASS}@spicedb-db:${SMQ_SPICEDB_DB_PORT}/${SMQ_SPICEDB_DB_NAME}?sslmode=disable" depends_on: - spicedb-db spicedb-db: image: "postgres:16.2-alpine" container_name: supermq-spicedb-db networks: - supermq-base-net ports: - "6010:5432" environment: POSTGRES_USER: ${SMQ_SPICEDB_DB_USER} POSTGRES_PASSWORD: ${SMQ_SPICEDB_DB_PASS} POSTGRES_DB: ${SMQ_SPICEDB_DB_NAME} volumes: - supermq-spicedb-db-volume:/var/lib/postgresql/data command: ["postgres", "-c", "track_commit_timestamp=on"] auth-db: image: postgres:16.2-alpine container_name: supermq-auth-db restart: on-failure ports: - 6001:5432 environment: POSTGRES_USER: ${SMQ_AUTH_DB_USER} POSTGRES_PASSWORD: ${SMQ_AUTH_DB_PASS} POSTGRES_DB: ${SMQ_AUTH_DB_NAME} networks: - supermq-base-net volumes: - supermq-auth-db-volume:/var/lib/postgresql/data auth: image: supermq/auth:${SMQ_RELEASE_TAG} container_name: supermq-auth depends_on: - auth-db - spicedb expose: - ${SMQ_AUTH_GRPC_PORT} restart: on-failure environment: SMQ_AUTH_LOG_LEVEL: ${SMQ_AUTH_LOG_LEVEL} SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE} SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY} SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST} SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT} SMQ_AUTH_ACCESS_TOKEN_DURATION: ${SMQ_AUTH_ACCESS_TOKEN_DURATION} SMQ_AUTH_REFRESH_TOKEN_DURATION: ${SMQ_AUTH_REFRESH_TOKEN_DURATION} SMQ_AUTH_INVITATION_DURATION: ${SMQ_AUTH_INVITATION_DURATION} SMQ_AUTH_SECRET_KEY: ${SMQ_AUTH_SECRET_KEY} SMQ_AUTH_HTTP_HOST: ${SMQ_AUTH_HTTP_HOST} SMQ_AUTH_HTTP_PORT: ${SMQ_AUTH_HTTP_PORT} SMQ_AUTH_HTTP_SERVER_CERT: ${SMQ_AUTH_HTTP_SERVER_CERT} SMQ_AUTH_HTTP_SERVER_KEY: ${SMQ_AUTH_HTTP_SERVER_KEY} SMQ_AUTH_GRPC_HOST: ${SMQ_AUTH_GRPC_HOST} SMQ_AUTH_GRPC_PORT: ${SMQ_AUTH_GRPC_PORT} ## Compose supports parameter expansion in environment, ## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty ## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default SMQ_AUTH_GRPC_SERVER_CERT: ${SMQ_AUTH_GRPC_SERVER_CERT:+/auth-grpc-server.crt} SMQ_AUTH_GRPC_SERVER_KEY: ${SMQ_AUTH_GRPC_SERVER_KEY:+/auth-grpc-server.key} SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} SMQ_AUTH_GRPC_CLIENT_CA_CERTS: ${SMQ_AUTH_GRPC_CLIENT_CA_CERTS:+/auth-grpc-client-ca.crt} SMQ_AUTH_DB_HOST: ${SMQ_AUTH_DB_HOST} SMQ_AUTH_DB_PORT: ${SMQ_AUTH_DB_PORT} SMQ_AUTH_DB_USER: ${SMQ_AUTH_DB_USER} SMQ_AUTH_DB_PASS: ${SMQ_AUTH_DB_PASS} SMQ_AUTH_DB_NAME: ${SMQ_AUTH_DB_NAME} SMQ_AUTH_DB_SSL_MODE: ${SMQ_AUTH_DB_SSL_MODE} SMQ_AUTH_DB_SSL_CERT: ${SMQ_AUTH_DB_SSL_CERT} SMQ_AUTH_DB_SSL_KEY: ${SMQ_AUTH_DB_SSL_KEY} SMQ_AUTH_DB_SSL_ROOT_CERT: ${SMQ_AUTH_DB_SSL_ROOT_CERT} SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} SMQ_AUTH_ADAPTER_INSTANCE_ID: ${SMQ_AUTH_ADAPTER_INSTANCE_ID} SMQ_ES_URL: ${SMQ_ES_URL} ports: - ${SMQ_AUTH_HTTP_PORT}:${SMQ_AUTH_HTTP_PORT} - ${SMQ_AUTH_GRPC_PORT}:${SMQ_AUTH_GRPC_PORT} networks: - supermq-base-net volumes: - ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE} - supermq-pat-db-volume:/supermq-data # Auth gRPC mTLS server certificates - type: bind source: ${SMQ_AUTH_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert} target: /auth-grpc-server${SMQ_AUTH_GRPC_SERVER_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key} target: /auth-grpc-server${SMQ_AUTH_GRPC_SERVER_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs} target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs} target: /auth-grpc-client-ca${SMQ_AUTH_GRPC_CLIENT_CA_CERTS:+.crt} bind: create_host_path: true domains-db: image: postgres:16.2-alpine container_name: supermq-domains-db restart: on-failure ports: - 6003:5432 environment: POSTGRES_USER: ${SMQ_DOMAINS_DB_USER} POSTGRES_PASSWORD: ${SMQ_DOMAINS_DB_PASS} POSTGRES_DB: ${SMQ_DOMAINS_DB_NAME} networks: - supermq-base-net volumes: - supermq-domains-db-volume:/var/lib/postgresql/data domains-redis: image: redis:7.2.4-alpine container_name: supermq-domains-redis restart: on-failure networks: - supermq-base-net volumes: - supermq-domains-redis-volume:/data domains: image: supermq/domains:${SMQ_RELEASE_TAG} container_name: supermq-domains depends_on: - domains-db - spicedb expose: - ${SMQ_DOMAINS_GRPC_PORT} restart: on-failure environment: SMQ_DOMAINS_LOG_LEVEL: ${SMQ_DOMAINS_LOG_LEVEL} SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY} SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST} SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT} SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE} SMQ_DOMAINS_HTTP_HOST: ${SMQ_DOMAINS_HTTP_HOST} SMQ_DOMAINS_HTTP_PORT: ${SMQ_DOMAINS_HTTP_PORT} SMQ_DOMAINS_HTTP_SERVER_CERT: ${SMQ_DOMAINS_HTTP_SERVER_CERT} SMQ_DOMAINS_HTTP_SERVER_KEY: ${SMQ_DOMAINS_HTTP_SERVER_KEY} SMQ_DOMAINS_GRPC_HOST: ${SMQ_DOMAINS_GRPC_HOST} SMQ_DOMAINS_GRPC_PORT: ${SMQ_DOMAINS_GRPC_PORT} ## Compose supports parameter expansion in environment, ## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty ## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default SMQ_DOMAINS_GRPC_SERVER_CERT: ${SMQ_DOMAINS_GRPC_SERVER_CERT:+/auth-grpc-server.crt} SMQ_DOMAINS_GRPC_SERVER_KEY: ${SMQ_DOMAINS_GRPC_SERVER_KEY:+/auth-grpc-server.key} SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS: ${SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS:+/auth-grpc-client-ca.crt} SMQ_DOMAINS_DB_HOST: ${SMQ_DOMAINS_DB_HOST} SMQ_DOMAINS_DB_PORT: ${SMQ_DOMAINS_DB_PORT} SMQ_DOMAINS_DB_USER: ${SMQ_DOMAINS_DB_USER} SMQ_DOMAINS_DB_PASS: ${SMQ_DOMAINS_DB_PASS} SMQ_DOMAINS_DB_NAME: ${SMQ_DOMAINS_DB_NAME} SMQ_DOMAINS_DB_SSL_MODE: ${SMQ_DOMAINS_DB_SSL_MODE} SMQ_DOMAINS_DB_SSL_CERT: ${SMQ_DOMAINS_DB_SSL_CERT} SMQ_DOMAINS_DB_SSL_KEY: ${SMQ_DOMAINS_DB_SSL_KEY} SMQ_DOMAINS_DB_SSL_ROOT_CERT: ${SMQ_DOMAINS_DB_SSL_ROOT_CERT} SMQ_DOMAINS_INSTANCE_ID: ${SMQ_DOMAINS_INSTANCE_ID} SMQ_ES_URL: ${SMQ_ES_URL} SMQ_DOMAINS_CACHE_URL: ${SMQ_DOMAINS_CACHE_URL} SMQ_DOMAINS_CACHE_KEY_DURATION: ${SMQ_DOMAINS_CACHE_KEY_DURATION} SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL} SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT} SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} SMQ_GROUPS_GRPC_URL: ${SMQ_GROUPS_GRPC_URL} SMQ_GROUPS_GRPC_TIMEOUT: ${SMQ_GROUPS_GRPC_TIMEOUT} SMQ_GROUPS_GRPC_CLIENT_CERT: ${SMQ_GROUPS_GRPC_CLIENT_CERT:+/groups-grpc-client.crt} SMQ_GROUPS_GRPC_CLIENT_KEY: ${SMQ_GROUPS_GRPC_CLIENT_KEY:+/groups-grpc-client.key} SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt} SMQ_CHANNELS_URL: ${SMQ_CHANNELS_URL} SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL} SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT} SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt} SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key} SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL} SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT} SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt} SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key} SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} ports: - ${SMQ_DOMAINS_HTTP_PORT}:${SMQ_DOMAINS_HTTP_PORT} - ${SMQ_DOMAINS_GRPC_PORT}:${SMQ_DOMAINS_GRPC_PORT} networks: - supermq-base-net volumes: - ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE} # Auth gRPC mTLS server certificates - type: bind source: ${SMQ_DOMAINS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert} target: /auth-grpc-server${SMQ_DOMAINS_GRPC_SERVER_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_DOMAINS_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key} target: /auth-grpc-server${SMQ_DOMAINS_GRPC_SERVER_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs} target: /auth-grpc-server-ca${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs} target: /auth-grpc-client-ca${SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true nginx: image: nginx:1.25.4-alpine container_name: supermq-nginx restart: on-failure volumes: - ./nginx/nginx-${AUTH-key}.conf:/etc/nginx/nginx.conf.template - ./nginx/entrypoint.sh:/docker-entrypoint.d/entrypoint.sh - ./nginx/snippets:/etc/nginx/snippets - ./ssl/authorization.js:/etc/nginx/authorization.js - type: bind source: ${SMQ_NGINX_SERVER_CERT:-./ssl/certs/supermq-server.crt} target: /etc/ssl/certs/supermq-server.crt - type: bind source: ${SMQ_NGINX_SERVER_KEY:-./ssl/certs/supermq-server.key} target: /etc/ssl/private/supermq-server.key - type: bind source: ${SMQ_NGINX_SERVER_CLIENT_CA:-./ssl/certs/ca.crt} target: /etc/ssl/certs/ca.crt - type: bind source: ${SMQ_NGINX_SERVER_DHPARAM:-./ssl/dhparam.pem} target: /etc/ssl/certs/dhparam.pem ports: - ${SMQ_NGINX_HTTP_PORT}:${SMQ_NGINX_HTTP_PORT} - ${SMQ_NGINX_SSL_PORT}:${SMQ_NGINX_SSL_PORT} - ${SMQ_NGINX_MQTT_PORT}:${SMQ_NGINX_MQTT_PORT} - ${SMQ_NGINX_MQTTS_PORT}:${SMQ_NGINX_MQTTS_PORT} networks: - supermq-base-net env_file: - .env depends_on: - auth - clients - users - mqtt-adapter - http-adapter - ws-adapter - coap-adapter clients-db: image: postgres:16.2-alpine container_name: supermq-clients-db restart: on-failure command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}" environment: POSTGRES_USER: ${SMQ_CLIENTS_DB_USER} POSTGRES_PASSWORD: ${SMQ_CLIENTS_DB_PASS} POSTGRES_DB: ${SMQ_CLIENTS_DB_NAME} SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS} networks: - supermq-base-net ports: - 6006:5432 volumes: - supermq-clients-db-volume:/var/lib/postgresql/data clients-redis: image: redis:7.2.4-alpine container_name: supermq-clients-redis restart: on-failure networks: - supermq-base-net volumes: - supermq-clients-redis-volume:/data clients: image: supermq/clients:${SMQ_RELEASE_TAG} container_name: supermq-clients depends_on: - clients-db - users - auth - nats restart: on-failure environment: SMQ_CLIENTS_LOG_LEVEL: ${SMQ_CLIENTS_LOG_LEVEL} SMQ_CLIENTS_STANDALONE_ID: ${SMQ_CLIENTS_STANDALONE_ID} SMQ_CLIENTS_STANDALONE_TOKEN: ${SMQ_CLIENTS_STANDALONE_TOKEN} SMQ_CLIENTS_CACHE_KEY_DURATION: ${SMQ_CLIENTS_CACHE_KEY_DURATION} SMQ_CLIENTS_HTTP_HOST: ${SMQ_CLIENTS_HTTP_HOST} SMQ_CLIENTS_HTTP_PORT: ${SMQ_CLIENTS_HTTP_PORT} SMQ_CLIENTS_AUTH_GRPC_HOST: ${SMQ_CLIENTS_AUTH_GRPC_HOST} SMQ_CLIENTS_AUTH_GRPC_PORT: ${SMQ_CLIENTS_AUTH_GRPC_PORT} ## Compose supports parameter expansion in environment, ## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty ## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT:+/clients-grpc-server.crt} SMQ_CLIENTS_AUTH_GRPC_SERVER_KEY: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_KEY:+/clients-grpc-server.key} SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} SMQ_CLIENTS_AUTH_GRPC_CLIENT_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CA_CERTS:+/clients-grpc-client-ca.crt} SMQ_ES_URL: ${SMQ_ES_URL} SMQ_CLIENTS_CACHE_URL: ${SMQ_CLIENTS_CACHE_URL} SMQ_CLIENTS_DB_HOST: ${SMQ_CLIENTS_DB_HOST} SMQ_CLIENTS_DB_PORT: ${SMQ_CLIENTS_DB_PORT} SMQ_CLIENTS_DB_USER: ${SMQ_CLIENTS_DB_USER} SMQ_CLIENTS_DB_PASS: ${SMQ_CLIENTS_DB_PASS} SMQ_CLIENTS_DB_NAME: ${SMQ_CLIENTS_DB_NAME} SMQ_CLIENTS_DB_SSL_MODE: ${SMQ_CLIENTS_DB_SSL_MODE} SMQ_CLIENTS_DB_SSL_CERT: ${SMQ_CLIENTS_DB_SSL_CERT} SMQ_CLIENTS_DB_SSL_KEY: ${SMQ_CLIENTS_DB_SSL_KEY} SMQ_CLIENTS_DB_SSL_ROOT_CERT: ${SMQ_CLIENTS_DB_SSL_ROOT_CERT} SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL} SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT} SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} SMQ_CHANNELS_URL: ${SMQ_CHANNELS_URL} SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL} SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT} SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt} SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key} SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} SMQ_GROUPS_URL: ${SMQ_GROUPS_URL} SMQ_GROUPS_GRPC_URL: ${SMQ_GROUPS_GRPC_URL} SMQ_GROUPS_GRPC_TIMEOUT: ${SMQ_GROUPS_GRPC_TIMEOUT} SMQ_GROUPS_GRPC_CLIENT_CERT: ${SMQ_GROUPS_GRPC_CLIENT_CERT:+/groups-grpc-client.crt} SMQ_GROUPS_GRPC_CLIENT_KEY: ${SMQ_GROUPS_GRPC_CLIENT_KEY:+/groups-grpc-client.key} SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt} SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL} SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT} SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt} SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key} SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt} SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY} SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST} SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT} SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE} ports: - ${SMQ_CLIENTS_HTTP_PORT}:${SMQ_CLIENTS_HTTP_PORT} - ${SMQ_CLIENTS_AUTH_GRPC_PORT}:${SMQ_CLIENTS_AUTH_GRPC_PORT} networks: - supermq-base-net volumes: - ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE} # Clients gRPC server certificates - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert} target: /clients-grpc-server${SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key} target: /clients-grpc-server${SMQ_CLIENTS_AUTH_GRPC_SERVER_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs} target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs} target: /clients-grpc-client-ca${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CA_CERTS:+.crt} bind: create_host_path: true # Auth gRPC client certificates - type: bind source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true # Channel gRPC client certificates - type: bind source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true # Group gRPC client certificates - type: bind source: ${SMQ_GROUPS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /groups-grpc-client${SMQ_GROUPS_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_GROUPS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /groups-grpc-client${SMQ_GROUPS_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_GROUPS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_ca} target: /groups-grpc-server-ca${SMQ_GROUPS_GRPC_SERVER_CERT:+.crt} bind: create_host_path: true channels-db: image: postgres:16.2-alpine container_name: supermq-channels-db restart: on-failure command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}" environment: POSTGRES_USER: ${SMQ_CHANNELS_DB_USER} POSTGRES_PASSWORD: ${SMQ_CHANNELS_DB_PASS} POSTGRES_DB: ${SMQ_CHANNELS_DB_NAME} SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS} networks: - supermq-base-net ports: - 6005:5432 volumes: - supermq-channels-db-volume:/var/lib/postgresql/data channels: image: supermq/channels:${SMQ_RELEASE_TAG} container_name: supermq-channels depends_on: - channels-db - users - auth - nats restart: on-failure environment: SMQ_CHANNELS_LOG_LEVEL: ${SMQ_CHANNELS_LOG_LEVEL} SMQ_CHANNELS_INSTANCE_ID: ${SMQ_CHANNELS_INSTANCE_ID} SMQ_CHANNELS_HTTP_HOST: ${SMQ_CHANNELS_HTTP_HOST} SMQ_CHANNELS_HTTP_PORT: ${SMQ_CHANNELS_HTTP_PORT} SMQ_CHANNELS_GRPC_HOST: ${SMQ_CHANNELS_GRPC_HOST} SMQ_CHANNELS_GRPC_PORT: ${SMQ_CHANNELS_GRPC_PORT} ## Compose supports parameter expansion in environment, ## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty ## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default SMQ_CHANNELS_GRPC_SERVER_CERT: ${SMQ_CHANNELS_GRPC_SERVER_CERT:+/channels-grpc-server.crt} SMQ_CHANNELS_GRPC_SERVER_KEY: ${SMQ_CHANNELS_GRPC_SERVER_KEY:+/channels-grpc-server.key} SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS: ${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:+/channels-grpc-client-ca.crt} SMQ_CHANNELS_DB_HOST: ${SMQ_CHANNELS_DB_HOST} SMQ_CHANNELS_DB_PORT: ${SMQ_CHANNELS_DB_PORT} SMQ_CHANNELS_DB_USER: ${SMQ_CHANNELS_DB_USER} SMQ_CHANNELS_DB_PASS: ${SMQ_CHANNELS_DB_PASS} SMQ_CHANNELS_DB_NAME: ${SMQ_CHANNELS_DB_NAME} SMQ_CHANNELS_DB_SSL_MODE: ${SMQ_CHANNELS_DB_SSL_MODE} SMQ_CHANNELS_DB_SSL_CERT: ${SMQ_CHANNELS_DB_SSL_CERT} SMQ_CHANNELS_DB_SSL_KEY: ${SMQ_CHANNELS_DB_SSL_KEY} SMQ_CHANNELS_DB_SSL_ROOT_CERT: ${SMQ_CHANNELS_DB_SSL_ROOT_CERT} SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL} SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT} SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL} SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT} SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt} SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key} SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} SMQ_GROUPS_GRPC_URL: ${SMQ_GROUPS_GRPC_URL} SMQ_GROUPS_GRPC_TIMEOUT: ${SMQ_GROUPS_GRPC_TIMEOUT} SMQ_GROUPS_GRPC_CLIENT_CERT: ${SMQ_GROUPS_GRPC_CLIENT_CERT:+/groups-grpc-client.crt} SMQ_GROUPS_GRPC_CLIENT_KEY: ${SMQ_GROUPS_GRPC_CLIENT_KEY:+/groups-grpc-client.key} SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt} SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL} SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT} SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt} SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key} SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt} SMQ_ES_URL: ${SMQ_ES_URL} SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY} SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST} SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT} SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE} ports: - ${SMQ_CHANNELS_HTTP_PORT}:${SMQ_CHANNELS_HTTP_PORT} - ${SMQ_CHANNELS_GRPC_PORT}:${SMQ_CHANNELS_GRPC_PORT} networks: - supermq-base-net volumes: - ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE} # Auth gRPC client certificates - type: bind source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT:-ssl/certs/dummy/server_ca} target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_GROUPS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /groups-grpc-client${SMQ_GROUPS_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_GROUPS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /groups-grpc-client${SMQ_GROUPS_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_GROUPS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_ca} target: /groups-grpc-server-ca${SMQ_GROUPS_GRPC_SERVER_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_ca} target: /channels-grpc-server${SMQ_CHANNELS_GRPC_SERVER_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key} target: /channels-grpc-server${SMQ_CHANNELS_GRPC_SERVER_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca} target: /channels-grpc-client-ca${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:+.crt} bind: create_host_path: true users-db: image: postgres:16.2-alpine container_name: supermq-users-db restart: on-failure command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}" environment: POSTGRES_USER: ${SMQ_USERS_DB_USER} POSTGRES_PASSWORD: ${SMQ_USERS_DB_PASS} POSTGRES_DB: ${SMQ_USERS_DB_NAME} SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS} ports: - 6002:5432 networks: - supermq-base-net volumes: - supermq-users-db-volume:/var/lib/postgresql/data users: image: supermq/users:${SMQ_RELEASE_TAG} container_name: supermq-users depends_on: - users-db - auth - nats restart: on-failure environment: SMQ_USERS_LOG_LEVEL: ${SMQ_USERS_LOG_LEVEL} SMQ_USERS_SECRET_KEY: ${SMQ_USERS_SECRET_KEY} SMQ_USERS_ADMIN_EMAIL: ${SMQ_USERS_ADMIN_EMAIL} SMQ_USERS_ADMIN_PASSWORD: ${SMQ_USERS_ADMIN_PASSWORD} SMQ_USERS_ADMIN_USERNAME: ${SMQ_USERS_ADMIN_USERNAME} SMQ_USERS_ADMIN_FIRST_NAME: ${SMQ_USERS_ADMIN_FIRST_NAME} SMQ_USERS_ADMIN_LAST_NAME: ${SMQ_USERS_ADMIN_LAST_NAME} SMQ_USERS_PASS_REGEX: ${SMQ_USERS_PASS_REGEX} SMQ_USERS_ACCESS_TOKEN_DURATION: ${SMQ_USERS_ACCESS_TOKEN_DURATION} SMQ_USERS_REFRESH_TOKEN_DURATION: ${SMQ_USERS_REFRESH_TOKEN_DURATION} SMQ_TOKEN_RESET_ENDPOINT: ${SMQ_TOKEN_RESET_ENDPOINT} SMQ_USERS_HTTP_HOST: ${SMQ_USERS_HTTP_HOST} SMQ_USERS_HTTP_PORT: ${SMQ_USERS_HTTP_PORT} SMQ_USERS_HTTP_SERVER_CERT: ${SMQ_USERS_HTTP_SERVER_CERT} SMQ_USERS_HTTP_SERVER_KEY: ${SMQ_USERS_HTTP_SERVER_KEY} SMQ_USERS_DB_HOST: ${SMQ_USERS_DB_HOST} SMQ_USERS_DB_PORT: ${SMQ_USERS_DB_PORT} SMQ_USERS_DB_USER: ${SMQ_USERS_DB_USER} SMQ_USERS_DB_PASS: ${SMQ_USERS_DB_PASS} SMQ_USERS_DB_NAME: ${SMQ_USERS_DB_NAME} SMQ_USERS_DB_SSL_MODE: ${SMQ_USERS_DB_SSL_MODE} SMQ_USERS_DB_SSL_CERT: ${SMQ_USERS_DB_SSL_CERT} SMQ_USERS_DB_SSL_KEY: ${SMQ_USERS_DB_SSL_KEY} SMQ_USERS_DB_SSL_ROOT_CERT: ${SMQ_USERS_DB_SSL_ROOT_CERT} SMQ_USERS_ALLOW_SELF_REGISTER: ${SMQ_USERS_ALLOW_SELF_REGISTER} SMQ_EMAIL_HOST: ${SMQ_EMAIL_HOST} SMQ_EMAIL_PORT: ${SMQ_EMAIL_PORT} SMQ_EMAIL_USERNAME: ${SMQ_EMAIL_USERNAME} SMQ_EMAIL_PASSWORD: ${SMQ_EMAIL_PASSWORD} SMQ_EMAIL_FROM_ADDRESS: ${SMQ_EMAIL_FROM_ADDRESS} SMQ_EMAIL_FROM_NAME: ${SMQ_EMAIL_FROM_NAME} SMQ_EMAIL_TEMPLATE: ${SMQ_EMAIL_TEMPLATE} SMQ_ES_URL: ${SMQ_ES_URL} SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL} SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT} SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL} SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT} SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt} SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key} SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt} SMQ_GOOGLE_CLIENT_ID: ${SMQ_GOOGLE_CLIENT_ID} SMQ_GOOGLE_CLIENT_SECRET: ${SMQ_GOOGLE_CLIENT_SECRET} SMQ_GOOGLE_REDIRECT_URL: ${SMQ_GOOGLE_REDIRECT_URL} SMQ_GOOGLE_STATE: ${SMQ_GOOGLE_STATE} SMQ_OAUTH_UI_REDIRECT_URL: ${SMQ_OAUTH_UI_REDIRECT_URL} SMQ_OAUTH_UI_ERROR_URL: ${SMQ_OAUTH_UI_ERROR_URL} SMQ_USERS_DELETE_INTERVAL: ${SMQ_USERS_DELETE_INTERVAL} SMQ_USERS_DELETE_AFTER: ${SMQ_USERS_DELETE_AFTER} SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY} SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST} SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT} ports: - ${SMQ_USERS_HTTP_PORT}:${SMQ_USERS_HTTP_PORT} networks: - supermq-base-net volumes: - ./templates/${SMQ_USERS_RESET_PWD_TEMPLATE}:/email.tmpl # Auth gRPC client certificates - type: bind source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true groups-db: image: postgres:16.2-alpine container_name: supermq-groups-db restart: on-failure command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}" environment: POSTGRES_USER: ${SMQ_GROUPS_DB_USER} POSTGRES_PASSWORD: ${SMQ_GROUPS_DB_PASS} POSTGRES_DB: ${SMQ_GROUPS_DB_NAME} SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS} ports: - 6004:5432 networks: - supermq-base-net volumes: - supermq-groups-db-volume:/var/lib/postgresql/data groups: image: supermq/groups:${SMQ_RELEASE_TAG} container_name: supermq-groups depends_on: - groups-db - auth - nats restart: on-failure environment: SMQ_GROUPS_LOG_LEVEL: ${SMQ_GROUPS_LOG_LEVEL} SMQ_GROUPS_HTTP_HOST: ${SMQ_GROUPS_HTTP_HOST} SMQ_GROUPS_HTTP_PORT: ${SMQ_GROUPS_HTTP_PORT} SMQ_GROUPS_HTTP_SERVER_CERT: ${SMQ_GROUPS_HTTP_SERVER_CERT} SMQ_GROUPS_HTTP_SERVER_KEY: ${SMQ_GROUPS_HTTP_SERVER_KEY} SMQ_GROUPS_GRPC_HOST: ${SMQ_GROUPS_GRPC_HOST} SMQ_GROUPS_GRPC_PORT: ${SMQ_GROUPS_GRPC_PORT} ## Compose supports parameter expansion in environment, ## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty ## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default SMQ_GROUPS_GRPC_SERVER_CERT: ${SMQ_GROUPS_GRPC_SERVER_CERT:+/groups-grpc-server.crt} SMQ_GROUPS_GRPC_SERVER_KEY: ${SMQ_GROUPS_GRPC_SERVER_KEY:+/groups-grpc-server.key} SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt} SMQ_GROUPS_GRPC_CLIENT_CA_CERTS: ${SMQ_GROUPS_GRPC_CLIENT_CA_CERTS:+/groups-grpc-client-ca.crt} SMQ_GROUPS_DB_HOST: ${SMQ_GROUPS_DB_HOST} SMQ_GROUPS_DB_PORT: ${SMQ_GROUPS_DB_PORT} SMQ_GROUPS_DB_USER: ${SMQ_GROUPS_DB_USER} SMQ_GROUPS_DB_PASS: ${SMQ_GROUPS_DB_PASS} SMQ_GROUPS_DB_NAME: ${SMQ_GROUPS_DB_NAME} SMQ_GROUPS_DB_SSL_MODE: ${SMQ_GROUPS_DB_SSL_MODE} SMQ_GROUPS_DB_SSL_CERT: ${SMQ_GROUPS_DB_SSL_CERT} SMQ_GROUPS_DB_SSL_KEY: ${SMQ_GROUPS_DB_SSL_KEY} SMQ_GROUPS_DB_SSL_ROOT_CERT: ${SMQ_GROUPS_DB_SSL_ROOT_CERT} SMQ_CHANNELS_URL: ${SMQ_CHANNELS_URL} SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL} SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT} SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt} SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key} SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL} SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT} SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt} SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key} SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL} SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT} SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt} SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key} SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt} SMQ_ES_URL: ${SMQ_ES_URL} SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL} SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT} SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY} SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST} SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT} SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE} ports: - ${SMQ_GROUPS_HTTP_PORT}:${SMQ_GROUPS_HTTP_PORT} - ${SMQ_GROUPS_GRPC_PORT}:${SMQ_GROUPS_GRPC_PORT} networks: - supermq-base-net volumes: - ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE} # Auth gRPC client certificates - type: bind source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true jaeger: image: jaegertracing/all-in-one:1.60 container_name: supermq-jaeger environment: COLLECTOR_OTLP_ENABLED: ${SMQ_JAEGER_COLLECTOR_OTLP_ENABLED} command: --memory.max-traces ${SMQ_JAEGER_MEMORY_MAX_TRACES} ports: - ${SMQ_JAEGER_FRONTEND}:${SMQ_JAEGER_FRONTEND} - ${SMQ_JAEGER_OLTP_HTTP}:${SMQ_JAEGER_OLTP_HTTP} networks: - supermq-base-net mqtt-adapter: image: supermq/mqtt:${SMQ_RELEASE_TAG} container_name: supermq-mqtt depends_on: - clients - nats restart: on-failure environment: SMQ_MQTT_ADAPTER_LOG_LEVEL: ${SMQ_MQTT_ADAPTER_LOG_LEVEL} SMQ_MQTT_ADAPTER_MQTT_PORT: ${SMQ_MQTT_ADAPTER_MQTT_PORT} SMQ_MQTT_ADAPTER_MQTT_TARGET_HOST: ${SMQ_MQTT_ADAPTER_MQTT_TARGET_HOST} SMQ_MQTT_ADAPTER_MQTT_TARGET_PORT: ${SMQ_MQTT_ADAPTER_MQTT_TARGET_PORT} SMQ_MQTT_ADAPTER_MQTT_TARGET_HEALTH_CHECK: ${SMQ_MQTT_ADAPTER_MQTT_TARGET_HEALTH_CHECK} SMQ_MQTT_ADAPTER_WS_PORT: ${SMQ_MQTT_ADAPTER_WS_PORT} SMQ_MQTT_ADAPTER_INSTANCE_ID: ${SMQ_MQTT_ADAPTER_INSTANCE_ID} SMQ_MQTT_ADAPTER_WS_TARGET_HOST: ${SMQ_MQTT_ADAPTER_WS_TARGET_HOST} SMQ_MQTT_ADAPTER_WS_TARGET_PORT: ${SMQ_MQTT_ADAPTER_WS_TARGET_PORT} SMQ_MQTT_ADAPTER_INSTANCE: ${SMQ_MQTT_ADAPTER_INSTANCE} SMQ_ES_URL: ${SMQ_ES_URL} SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL} SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT} SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt} SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key} SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL} SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT} SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt} SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key} SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} SMQ_MESSAGE_BROKER_URL: ${SMQ_MESSAGE_BROKER_URL} SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} networks: - supermq-base-net volumes: # Clients gRPC mTLS client certificates - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true # Channels gRPC mTLS client certificates - type: bind source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true http-adapter: image: supermq/http:${SMQ_RELEASE_TAG} container_name: supermq-http depends_on: - clients - nats restart: on-failure environment: SMQ_HTTP_ADAPTER_LOG_LEVEL: ${SMQ_HTTP_ADAPTER_LOG_LEVEL} SMQ_HTTP_ADAPTER_HOST: ${SMQ_HTTP_ADAPTER_HOST} SMQ_HTTP_ADAPTER_PORT: ${SMQ_HTTP_ADAPTER_PORT} SMQ_HTTP_ADAPTER_SERVER_CERT: ${SMQ_HTTP_ADAPTER_SERVER_CERT} SMQ_HTTP_ADAPTER_SERVER_KEY: ${SMQ_HTTP_ADAPTER_SERVER_KEY} SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL} SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT} SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt} SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key} SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL} SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT} SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt} SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key} SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL} SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT} SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} SMQ_MESSAGE_BROKER_URL: ${SMQ_MESSAGE_BROKER_URL} SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} SMQ_HTTP_ADAPTER_INSTANCE_ID: ${SMQ_HTTP_ADAPTER_INSTANCE_ID} SMQ_ES_URL: ${SMQ_ES_URL} ports: - ${SMQ_HTTP_ADAPTER_PORT}:${SMQ_HTTP_ADAPTER_PORT} networks: - supermq-base-net volumes: # Clients gRPC mTLS client certificates - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true # Channels gRPC mTLS client certificates - type: bind source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true # Auth gRPC mTLS client certificates - type: bind source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true coap-adapter: image: supermq/coap:${SMQ_RELEASE_TAG} container_name: supermq-coap depends_on: - clients - nats restart: on-failure environment: SMQ_COAP_ADAPTER_LOG_LEVEL: ${SMQ_COAP_ADAPTER_LOG_LEVEL} SMQ_COAP_ADAPTER_HOST: ${SMQ_COAP_ADAPTER_HOST} SMQ_COAP_ADAPTER_PORT: ${SMQ_COAP_ADAPTER_PORT} SMQ_COAP_ADAPTER_SERVER_CERT: ${SMQ_COAP_ADAPTER_SERVER_CERT} SMQ_COAP_ADAPTER_SERVER_KEY: ${SMQ_COAP_ADAPTER_SERVER_KEY} SMQ_COAP_ADAPTER_HTTP_HOST: ${SMQ_COAP_ADAPTER_HTTP_HOST} SMQ_COAP_ADAPTER_HTTP_PORT: ${SMQ_COAP_ADAPTER_HTTP_PORT} SMQ_COAP_ADAPTER_HTTP_SERVER_CERT: ${SMQ_COAP_ADAPTER_HTTP_SERVER_CERT} SMQ_COAP_ADAPTER_HTTP_SERVER_KEY: ${SMQ_COAP_ADAPTER_HTTP_SERVER_KEY} SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL} SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT} SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt} SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key} SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL} SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT} SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt} SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key} SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} SMQ_MESSAGE_BROKER_URL: ${SMQ_MESSAGE_BROKER_URL} SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} SMQ_COAP_ADAPTER_INSTANCE_ID: ${SMQ_COAP_ADAPTER_INSTANCE_ID} SMQ_ES_URL: ${SMQ_ES_URL} ports: - ${SMQ_COAP_ADAPTER_PORT}:${SMQ_COAP_ADAPTER_PORT}/udp - ${SMQ_COAP_ADAPTER_HTTP_PORT}:${SMQ_COAP_ADAPTER_HTTP_PORT}/tcp networks: - supermq-base-net volumes: # Clients gRPC mTLS client certificates - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true # Channels gRPC mTLS client certificates - type: bind source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca} target: /channels-grpc-client-ca${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:+.crt} bind: create_host_path: true ws-adapter: image: supermq/ws:${SMQ_RELEASE_TAG} container_name: supermq-ws depends_on: - clients - nats restart: on-failure environment: SMQ_WS_ADAPTER_LOG_LEVEL: ${SMQ_WS_ADAPTER_LOG_LEVEL} SMQ_WS_ADAPTER_HTTP_HOST: ${SMQ_WS_ADAPTER_HTTP_HOST} SMQ_WS_ADAPTER_HTTP_PORT: ${SMQ_WS_ADAPTER_HTTP_PORT} SMQ_WS_ADAPTER_HTTP_SERVER_CERT: ${SMQ_WS_ADAPTER_HTTP_SERVER_CERT} SMQ_WS_ADAPTER_HTTP_SERVER_KEY: ${SMQ_WS_ADAPTER_HTTP_SERVER_KEY} SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL} SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT} SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt} SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key} SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt} SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL} SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT} SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt} SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key} SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt} SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL} SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT} SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt} SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key} SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt} SMQ_MESSAGE_BROKER_URL: ${SMQ_MESSAGE_BROKER_URL} SMQ_JAEGER_URL: ${SMQ_JAEGER_URL} SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO} SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY} SMQ_WS_ADAPTER_INSTANCE_ID: ${SMQ_WS_ADAPTER_INSTANCE_ID} SMQ_ES_URL: ${SMQ_ES_URL} ports: - ${SMQ_WS_ADAPTER_HTTP_PORT}:${SMQ_WS_ADAPTER_HTTP_PORT} networks: - supermq-base-net volumes: # Clients gRPC mTLS client certificates - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true # Channels gRPC mTLS client certificates - type: bind source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true # Auth gRPC mTLS client certificates - type: bind source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert} target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key} target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key} bind: create_host_path: true - type: bind source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca} target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt} bind: create_host_path: true nats: image: nats:2.10.9-alpine container_name: supermq-nats restart: on-failure command: "--config=/etc/nats/nats.conf" environment: - SMQ_NATS_PORT=${SMQ_NATS_PORT} - SMQ_NATS_HTTP_PORT=${SMQ_NATS_HTTP_PORT} - SMQ_NATS_JETSTREAM_KEY=${SMQ_NATS_JETSTREAM_KEY} ports: - ${SMQ_NATS_PORT}:${SMQ_NATS_PORT} - ${SMQ_NATS_HTTP_PORT}:${SMQ_NATS_HTTP_PORT} volumes: - supermq-broker-volume:/data - ./nats:/etc/nats networks: - supermq-base-net