mirror of
https://github.com/absmach/magistrala.git
synced 2026-06-23 04:10:28 +00:00
JeffMboya
12180707d2
Continuous Delivery / lint-and-build (push) Has been cancelled
Continuous Delivery / Build and Push Docker Images (push) Has been cancelled
Deploy GitHub Pages / swagger-ui (push) Has been cancelled
CI Pipeline / Lint Proto (push) Has been cancelled
CI Pipeline / lint-and-build (push) Has been cancelled
CI Pipeline / Detect Changes (push) Has been cancelled
CI Pipeline / Test ${{ matrix.module }} (push) Has been cancelled
CI Pipeline / Upload Coverage (push) Has been cancelled
Signed-off-by: JeffMboya <jangina.mboya@gmail.com> Signed-off-by: nyagamunene <stevenyaga2014@gmail.com> Co-authored-by: nyagamunene <stevenyaga2014@gmail.com>
2382 lines
99 KiB
YAML
2382 lines
99 KiB
YAML
# Copyright (c) Abstract Machines
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
name: "magistrala"
|
|
|
|
networks:
|
|
magistrala-base-net:
|
|
driver: bridge
|
|
name: magistrala-base-net
|
|
ipam:
|
|
config:
|
|
- subnet: 172.30.0.0/24
|
|
|
|
volumes:
|
|
magistrala-users-db-volume:
|
|
magistrala-groups-db-volume:
|
|
magistrala-clients-db-volume:
|
|
magistrala-channels-db-volume:
|
|
magistrala-channels-redis-volume:
|
|
magistrala-clients-redis-volume:
|
|
magistrala-spicedb-db-volume:
|
|
magistrala-auth-db-volume:
|
|
magistrala-pat-db-volume:
|
|
magistrala-domains-db-volume:
|
|
magistrala-domains-redis-volume:
|
|
magistrala-auth-redis-volume:
|
|
magistrala-auth-keys-volume:
|
|
magistrala-ui-backend-db-volume:
|
|
magistrala-journal-volume:
|
|
magistrala-re-db-volume:
|
|
magistrala-alarms-db-volume:
|
|
magistrala-reports-db-volume:
|
|
magistrala-certs-db-volume:
|
|
magistrala-openbao-data:
|
|
magistrala-timescale-writer-volume:
|
|
magistrala-fluxmq-node1-volume:
|
|
magistrala-fluxmq-node2-volume:
|
|
magistrala-fluxmq-node3-volume:
|
|
|
|
services:
|
|
spicedb:
|
|
image: docker.io/authzed/spicedb:v1.50.0
|
|
container_name: magistrala-spicedb
|
|
command: "serve"
|
|
restart: "always"
|
|
networks:
|
|
- magistrala-base-net
|
|
ports:
|
|
- "8080:8080"
|
|
- "9091:9090"
|
|
- "50051:50051"
|
|
environment:
|
|
SPICEDB_GRPC_PRESHARED_KEY: ${MG_SPICEDB_PRE_SHARED_KEY}
|
|
SPICEDB_DATASTORE_ENGINE: ${MG_SPICEDB_DATASTORE_ENGINE}
|
|
SPICEDB_DATASTORE_CONN_URI: "${MG_SPICEDB_DATASTORE_ENGINE}://${MG_SPICEDB_DB_USER}:${MG_SPICEDB_DB_PASS}@spicedb-db:${MG_SPICEDB_DB_PORT}/${MG_SPICEDB_DB_NAME}?sslmode=disable"
|
|
depends_on:
|
|
- spicedb-migrate
|
|
|
|
spicedb-migrate:
|
|
image: docker.io/authzed/spicedb:v1.50.0
|
|
container_name: magistrala-spicedb-migrate
|
|
command: "migrate head"
|
|
restart: "on-failure"
|
|
networks:
|
|
- magistrala-base-net
|
|
environment:
|
|
SPICEDB_DATASTORE_ENGINE: ${MG_SPICEDB_DATASTORE_ENGINE}
|
|
SPICEDB_DATASTORE_CONN_URI: "${MG_SPICEDB_DATASTORE_ENGINE}://${MG_SPICEDB_DB_USER}:${MG_SPICEDB_DB_PASS}@spicedb-db:${MG_SPICEDB_DB_PORT}/${MG_SPICEDB_DB_NAME}?sslmode=disable"
|
|
depends_on:
|
|
- spicedb-db
|
|
|
|
spicedb-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: magistrala-spicedb-db
|
|
networks:
|
|
- magistrala-base-net
|
|
ports:
|
|
- "6010:5432"
|
|
environment:
|
|
POSTGRES_USER: ${MG_SPICEDB_DB_USER}
|
|
POSTGRES_PASSWORD: ${MG_SPICEDB_DB_PASS}
|
|
POSTGRES_DB: ${MG_SPICEDB_DB_NAME}
|
|
volumes:
|
|
- magistrala-spicedb-db-volume:/var/lib/postgresql/data
|
|
command: ["postgres", "-c", "track_commit_timestamp=on"]
|
|
|
|
auth-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: magistrala-auth-db
|
|
restart: on-failure
|
|
ports:
|
|
- 6001:5432
|
|
environment:
|
|
POSTGRES_USER: ${MG_AUTH_DB_USER}
|
|
POSTGRES_PASSWORD: ${MG_AUTH_DB_PASS}
|
|
POSTGRES_DB: ${MG_AUTH_DB_NAME}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-auth-db-volume:/var/lib/postgresql/data
|
|
|
|
auth-redis:
|
|
image: docker.io/redis:8.2.2-alpine3.22
|
|
container_name: magistrala-auth-redis
|
|
restart: on-failure
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-auth-redis-volume:/data
|
|
- ./redis/redis.conf:/etc/redis/redis.conf:ro
|
|
command: ["redis-server", "/etc/redis/redis.conf"]
|
|
|
|
auth:
|
|
image: ghcr.io/absmach/magistrala/auth:${MG_RELEASE_TAG}
|
|
container_name: magistrala-auth
|
|
depends_on:
|
|
- auth-db
|
|
- spicedb
|
|
- nginx
|
|
expose:
|
|
- ${MG_AUTH_GRPC_PORT}
|
|
restart: on-failure
|
|
environment:
|
|
MG_AUTH_LOG_LEVEL: ${MG_AUTH_LOG_LEVEL}
|
|
MG_SPICEDB_SCHEMA_FILE: ${MG_SPICEDB_SCHEMA_FILE}
|
|
MG_SPICEDB_PRE_SHARED_KEY: ${MG_SPICEDB_PRE_SHARED_KEY}
|
|
MG_SPICEDB_HOST: ${MG_SPICEDB_HOST}
|
|
MG_SPICEDB_PORT: ${MG_SPICEDB_PORT}
|
|
MG_AUTH_INVITATION_DURATION: ${MG_AUTH_INVITATION_DURATION}
|
|
MG_AUTH_HTTP_HOST: ${MG_AUTH_HTTP_HOST}
|
|
MG_AUTH_HTTP_PORT: ${MG_AUTH_HTTP_PORT}
|
|
MG_AUTH_HTTP_SERVER_CERT: ${MG_AUTH_HTTP_SERVER_CERT}
|
|
MG_AUTH_HTTP_SERVER_KEY: ${MG_AUTH_HTTP_SERVER_KEY}
|
|
MG_AUTH_GRPC_HOST: ${MG_AUTH_GRPC_HOST}
|
|
MG_AUTH_GRPC_PORT: ${MG_AUTH_GRPC_PORT}
|
|
MG_AUTH_ACCESS_TOKEN_DURATION: ${MG_AUTH_ACCESS_TOKEN_DURATION}
|
|
MG_AUTH_REFRESH_TOKEN_DURATION: ${MG_AUTH_REFRESH_TOKEN_DURATION}
|
|
MG_AUTH_KEYS_ALGORITHM: ${MG_AUTH_KEYS_ALGORITHM}
|
|
MG_AUTH_KEYS_ACTIVE_KEY_PATH: ${MG_AUTH_KEYS_ACTIVE_KEY_PATH:+/keys/active.key}
|
|
MG_AUTH_KEYS_RETIRING_KEY_PATH: ${MG_AUTH_KEYS_RETIRING_KEY_PATH:+/keys/retiring.key}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
MG_AUTH_GRPC_SERVER_CERT: ${MG_AUTH_GRPC_SERVER_CERT:+/auth-grpc-server.crt}
|
|
MG_AUTH_GRPC_SERVER_KEY: ${MG_AUTH_GRPC_SERVER_KEY:+/auth-grpc-server.key}
|
|
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
MG_AUTH_GRPC_CLIENT_CA_CERTS: ${MG_AUTH_GRPC_CLIENT_CA_CERTS:+/auth-grpc-client-ca.crt}
|
|
MG_AUTH_DB_HOST: ${MG_AUTH_DB_HOST}
|
|
MG_AUTH_DB_PORT: ${MG_AUTH_DB_PORT}
|
|
MG_AUTH_DB_USER: ${MG_AUTH_DB_USER}
|
|
MG_AUTH_DB_PASS: ${MG_AUTH_DB_PASS}
|
|
MG_AUTH_DB_NAME: ${MG_AUTH_DB_NAME}
|
|
MG_AUTH_DB_SSL_MODE: ${MG_AUTH_DB_SSL_MODE}
|
|
MG_AUTH_DB_SSL_CERT: ${MG_AUTH_DB_SSL_CERT}
|
|
MG_AUTH_DB_SSL_KEY: ${MG_AUTH_DB_SSL_KEY}
|
|
MG_AUTH_DB_SSL_ROOT_CERT: ${MG_AUTH_DB_SSL_ROOT_CERT}
|
|
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
|
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
|
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
|
MG_AUTH_ADAPTER_INSTANCE_ID: ${MG_AUTH_ADAPTER_INSTANCE_ID}
|
|
MG_ES_URL: ${MG_ES_URL}
|
|
MG_AUTH_CACHE_URL: ${MG_AUTH_CACHE_URL}
|
|
ports:
|
|
- ${MG_AUTH_HTTP_PORT}:${MG_AUTH_HTTP_PORT}
|
|
- ${MG_AUTH_GRPC_PORT}:${MG_AUTH_GRPC_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./spicedb/schema.zed:${MG_SPICEDB_SCHEMA_FILE}
|
|
- magistrala-pat-db-volume:/magistrala-data
|
|
# Auth active private key file
|
|
- type: bind
|
|
source: ${MG_AUTH_KEYS_ACTIVE_KEY_PATH}
|
|
target: /keys/active.key
|
|
read_only: true
|
|
# Auth retiring private key file (optional, for key rotation)
|
|
- type: bind
|
|
source: ${MG_AUTH_KEYS_RETIRING_KEY_PATH:-./ssl/placeholder}
|
|
target: /keys/retiring.key
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
# Auth gRPC mTLS server certificates
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_SERVER_CERT:-./ssl/placeholder}
|
|
target: /auth-grpc-server.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_SERVER_KEY:-./ssl/placeholder}
|
|
target: /auth-grpc-server.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_CA_CERTS:-./ssl/placeholder}
|
|
target: /auth-grpc-client-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Auth Callout Client Certificates
|
|
- type: bind
|
|
source: ${MG_AUTH_CALLOUT_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /auth-callout-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_CALLOUT_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /auth-callout-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_CALLOUT_CLIENT_CA_CERTS:-./ssl/placeholder}
|
|
target: /auth-callout-client-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
domains-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: magistrala-domains-db
|
|
restart: on-failure
|
|
ports:
|
|
- 6003:5432
|
|
environment:
|
|
POSTGRES_USER: ${MG_DOMAINS_DB_USER}
|
|
POSTGRES_PASSWORD: ${MG_DOMAINS_DB_PASS}
|
|
POSTGRES_DB: ${MG_DOMAINS_DB_NAME}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-domains-db-volume:/var/lib/postgresql/data
|
|
|
|
domains-redis:
|
|
image: docker.io/redis:8.2.2-alpine3.22
|
|
container_name: magistrala-domains-redis
|
|
restart: on-failure
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-domains-redis-volume:/data
|
|
|
|
domains:
|
|
image: ghcr.io/absmach/magistrala/domains:${MG_RELEASE_TAG}
|
|
container_name: magistrala-domains
|
|
depends_on:
|
|
- domains-db
|
|
- spicedb
|
|
- nginx
|
|
expose:
|
|
- ${MG_DOMAINS_GRPC_PORT}
|
|
restart: on-failure
|
|
environment:
|
|
MG_DOMAINS_LOG_LEVEL: ${MG_DOMAINS_LOG_LEVEL}
|
|
MG_SPICEDB_PRE_SHARED_KEY: ${MG_SPICEDB_PRE_SHARED_KEY}
|
|
MG_SPICEDB_HOST: ${MG_SPICEDB_HOST}
|
|
MG_SPICEDB_PORT: ${MG_SPICEDB_PORT}
|
|
MG_SPICEDB_SCHEMA_FILE: ${MG_SPICEDB_SCHEMA_FILE}
|
|
MG_DOMAINS_HTTP_HOST: ${MG_DOMAINS_HTTP_HOST}
|
|
MG_DOMAINS_HTTP_PORT: ${MG_DOMAINS_HTTP_PORT}
|
|
MG_DOMAINS_HTTP_SERVER_CERT: ${MG_DOMAINS_HTTP_SERVER_CERT}
|
|
MG_DOMAINS_HTTP_SERVER_KEY: ${MG_DOMAINS_HTTP_SERVER_KEY}
|
|
MG_DOMAINS_GRPC_HOST: ${MG_DOMAINS_GRPC_HOST}
|
|
MG_DOMAINS_GRPC_PORT: ${MG_DOMAINS_GRPC_PORT}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
MG_DOMAINS_GRPC_SERVER_CERT: ${MG_DOMAINS_GRPC_SERVER_CERT:+/domains-grpc-server.crt}
|
|
MG_DOMAINS_GRPC_SERVER_KEY: ${MG_DOMAINS_GRPC_SERVER_KEY:+/domains-grpc-server.key}
|
|
MG_DOMAINS_GRPC_SERVER_CA_CERTS: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
MG_DOMAINS_GRPC_CLIENT_CA_CERTS: ${MG_DOMAINS_GRPC_CLIENT_CA_CERTS:+/domains-grpc-client-ca.crt}
|
|
MG_DOMAINS_DB_HOST: ${MG_DOMAINS_DB_HOST}
|
|
MG_DOMAINS_DB_PORT: ${MG_DOMAINS_DB_PORT}
|
|
MG_DOMAINS_DB_USER: ${MG_DOMAINS_DB_USER}
|
|
MG_DOMAINS_DB_PASS: ${MG_DOMAINS_DB_PASS}
|
|
MG_DOMAINS_DB_NAME: ${MG_DOMAINS_DB_NAME}
|
|
MG_DOMAINS_DB_SSL_MODE: ${MG_DOMAINS_DB_SSL_MODE}
|
|
MG_DOMAINS_DB_SSL_CERT: ${MG_DOMAINS_DB_SSL_CERT}
|
|
MG_DOMAINS_DB_SSL_KEY: ${MG_DOMAINS_DB_SSL_KEY}
|
|
MG_DOMAINS_DB_SSL_ROOT_CERT: ${MG_DOMAINS_DB_SSL_ROOT_CERT}
|
|
MG_DOMAINS_INSTANCE_ID: ${MG_DOMAINS_INSTANCE_ID}
|
|
MG_ES_URL: ${MG_ES_URL}
|
|
MG_DOMAINS_CACHE_URL: ${MG_DOMAINS_CACHE_URL}
|
|
MG_DOMAINS_CACHE_KEY_DURATION: ${MG_DOMAINS_CACHE_KEY_DURATION}
|
|
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
|
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
|
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
MG_AUTH_KEYS_ALGORITHM: ${MG_AUTH_KEYS_ALGORITHM}
|
|
MG_GROUPS_GRPC_URL: ${MG_GROUPS_GRPC_URL}
|
|
MG_GROUPS_GRPC_TIMEOUT: ${MG_GROUPS_GRPC_TIMEOUT}
|
|
MG_GROUPS_GRPC_CLIENT_CERT: ${MG_GROUPS_GRPC_CLIENT_CERT:+/groups-grpc-client.crt}
|
|
MG_GROUPS_GRPC_CLIENT_KEY: ${MG_GROUPS_GRPC_CLIENT_KEY:+/groups-grpc-client.key}
|
|
MG_GROUPS_GRPC_SERVER_CA_CERTS: ${MG_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt}
|
|
MG_CHANNELS_URL: ${MG_CHANNELS_URL}
|
|
MG_CHANNELS_GRPC_URL: ${MG_CHANNELS_GRPC_URL}
|
|
MG_CHANNELS_GRPC_TIMEOUT: ${MG_CHANNELS_GRPC_TIMEOUT}
|
|
MG_CHANNELS_GRPC_CLIENT_CERT: ${MG_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
MG_CHANNELS_GRPC_CLIENT_KEY: ${MG_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
MG_CHANNELS_GRPC_SERVER_CA_CERTS: ${MG_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
MG_CLIENTS_GRPC_URL: ${MG_CLIENTS_GRPC_URL}
|
|
MG_CLIENTS_GRPC_TIMEOUT: ${MG_CLIENTS_GRPC_TIMEOUT}
|
|
MG_CLIENTS_GRPC_CLIENT_CERT: ${MG_CLIENTS_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
MG_CLIENTS_GRPC_CLIENT_KEY: ${MG_CLIENTS_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
MG_CLIENTS_GRPC_SERVER_CA_CERTS: ${MG_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
|
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
|
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
|
MG_DOMAINS_CALLOUT_URLS: ${MG_DOMAINS_CALLOUT_URLS}
|
|
MG_DOMAINS_CALLOUT_METHOD: ${MG_DOMAINS_CALLOUT_METHOD}
|
|
MG_DOMAINS_CALLOUT_TLS_VERIFICATION: ${MG_DOMAINS_CALLOUT_TLS_VERIFICATION}
|
|
MG_DOMAINS_CALLOUT_TIMEOUT: ${MG_DOMAINS_CALLOUT_TIMEOUT}
|
|
MG_DOMAINS_CALLOUT_CA_CERT: ${MG_DOMAINS_CALLOUT_CA_CERT}
|
|
MG_DOMAINS_CALLOUT_CERT: ${MG_DOMAINS_CALLOUT_CERT}
|
|
MG_DOMAINS_CALLOUT_KEY: ${MG_DOMAINS_CALLOUT_KEY}
|
|
MG_DOMAINS_CALLOUT_OPERATIONS: ${MG_DOMAINS_CALLOUT_OPERATIONS}
|
|
MG_ALLOW_UNVERIFIED_USER: ${MG_ALLOW_UNVERIFIED_USER}
|
|
ports:
|
|
- ${MG_DOMAINS_HTTP_PORT}:${MG_DOMAINS_HTTP_PORT}
|
|
- ${MG_DOMAINS_GRPC_PORT}:${MG_DOMAINS_GRPC_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./permission.yaml:/permission.yaml
|
|
- ./spicedb/schema.zed:${MG_SPICEDB_SCHEMA_FILE}
|
|
# Domains gRPC mTLS server certificates
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_SERVER_CERT:-./ssl/placeholder}
|
|
target: /domains-grpc-server.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_SERVER_KEY:-./ssl/placeholder}
|
|
target: /domains-grpc-server.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_CA_CERTS:-./ssl/placeholder}
|
|
target: /domains-grpc-client-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Groups gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_GROUPS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /groups-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_GROUPS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /groups-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_GROUPS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /groups-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Channels gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /channels-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /channels-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /channels-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Clients gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /clients-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /clients-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /clients-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
journal-db:
|
|
image: postgres:16.2-alpine
|
|
container_name: magistrala-journal-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${MG_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${MG_JOURNAL_DB_USER}
|
|
POSTGRES_PASSWORD: ${MG_JOURNAL_DB_PASS}
|
|
POSTGRES_DB: ${MG_JOURNAL_DB_NAME}
|
|
MG_POSTGRES_MAX_CONNECTIONS: ${MG_POSTGRES_MAX_CONNECTIONS}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-journal-volume:/var/lib/postgresql/data
|
|
|
|
journal:
|
|
image: ghcr.io/absmach/magistrala/journal:${MG_RELEASE_TAG}
|
|
container_name: magistrala-journal
|
|
depends_on:
|
|
- journal-db
|
|
- auth
|
|
- domains
|
|
- nginx
|
|
restart: on-failure
|
|
environment:
|
|
MG_JOURNAL_LOG_LEVEL: ${MG_JOURNAL_LOG_LEVEL}
|
|
MG_JOURNAL_HTTP_HOST: ${MG_JOURNAL_HTTP_HOST}
|
|
MG_JOURNAL_HTTP_PORT: ${MG_JOURNAL_HTTP_PORT}
|
|
MG_JOURNAL_HTTP_SERVER_CERT: ${MG_JOURNAL_HTTP_SERVER_CERT}
|
|
MG_JOURNAL_HTTP_SERVER_KEY: ${MG_JOURNAL_HTTP_SERVER_KEY}
|
|
MG_JOURNAL_DB_HOST: ${MG_JOURNAL_DB_HOST}
|
|
MG_JOURNAL_DB_PORT: ${MG_JOURNAL_DB_PORT}
|
|
MG_JOURNAL_DB_USER: ${MG_JOURNAL_DB_USER}
|
|
MG_JOURNAL_DB_PASS: ${MG_JOURNAL_DB_PASS}
|
|
MG_JOURNAL_DB_NAME: ${MG_JOURNAL_DB_NAME}
|
|
MG_JOURNAL_DB_SSL_MODE: ${MG_JOURNAL_DB_SSL_MODE}
|
|
MG_JOURNAL_DB_SSL_CERT: ${MG_JOURNAL_DB_SSL_CERT}
|
|
MG_JOURNAL_DB_SSL_KEY: ${MG_JOURNAL_DB_SSL_KEY}
|
|
MG_JOURNAL_DB_SSL_ROOT_CERT: ${MG_JOURNAL_DB_SSL_ROOT_CERT}
|
|
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
|
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
|
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
MG_AUTH_KEYS_ALGORITHM: ${MG_AUTH_KEYS_ALGORITHM}
|
|
MG_ES_URL: ${MG_ES_URL}
|
|
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
|
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
|
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
|
MG_JOURNAL_INSTANCE_ID: ${MG_JOURNAL_INSTANCE_ID}
|
|
MG_DOMAINS_GRPC_URL: ${MG_DOMAINS_GRPC_URL}
|
|
MG_DOMAINS_GRPC_TIMEOUT: ${MG_DOMAINS_GRPC_TIMEOUT}
|
|
MG_DOMAINS_GRPC_CLIENT_CERT: ${MG_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
MG_DOMAINS_GRPC_CLIENT_KEY: ${MG_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
MG_DOMAINS_GRPC_SERVER_CA_CERTS: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
MG_ALLOW_UNVERIFIED_USER: ${MG_ALLOW_UNVERIFIED_USER}
|
|
ports:
|
|
- ${MG_JOURNAL_HTTP_PORT}:${MG_JOURNAL_HTTP_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /domains-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /domains-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
nginx:
|
|
image: docker.io/nginx:1.29.2-alpine3.22
|
|
container_name: magistrala-nginx
|
|
restart: on-failure
|
|
volumes:
|
|
- ./nginx/nginx-${AUTH-key}.conf:/etc/nginx/nginx.conf.template
|
|
- ./nginx/entrypoint.sh:/docker-entrypoint.d/entrypoint.sh
|
|
- ./nginx/snippets:/etc/nginx/snippets
|
|
- ./ssl/authorization.js:/etc/nginx/authorization.js
|
|
- type: bind
|
|
source: ${MG_NGINX_SERVER_CERT:-./ssl/certs/magistrala-server.crt}
|
|
target: /etc/ssl/certs/magistrala-server.crt
|
|
- type: bind
|
|
source: ${MG_NGINX_SERVER_KEY:-./ssl/certs/magistrala-server.key}
|
|
target: /etc/ssl/private/magistrala-server.key
|
|
- type: bind
|
|
source: ${MG_NGINX_SERVER_CLIENT_CA:-./ssl/certs/ca.crt}
|
|
target: /etc/ssl/certs/ca.crt
|
|
- type: bind
|
|
source: ${MG_NGINX_SERVER_DHPARAM:-./ssl/dhparam.pem}
|
|
target: /etc/ssl/certs/dhparam.pem
|
|
ports:
|
|
- ${MG_NGINX_HTTP_PORT}:${MG_NGINX_HTTP_PORT}
|
|
- ${MG_NGINX_SSL_PORT}:${MG_NGINX_SSL_PORT}
|
|
- ${MG_NGINX_MQTT_PORT}:${MG_NGINX_MQTT_PORT}
|
|
- ${MG_NGINX_MQTTS_PORT}:${MG_NGINX_MQTTS_PORT}
|
|
- ${MG_NGINX_AMQP_PORT}:${MG_NGINX_AMQP_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
env_file:
|
|
- .env
|
|
depends_on:
|
|
- fluxmq-node1
|
|
- fluxmq-node2
|
|
- fluxmq-node3
|
|
ulimits:
|
|
nofile:
|
|
soft: 65536
|
|
hard: 65536
|
|
|
|
clients-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: magistrala-clients-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${MG_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${MG_CLIENTS_DB_USER}
|
|
POSTGRES_PASSWORD: ${MG_CLIENTS_DB_PASS}
|
|
POSTGRES_DB: ${MG_CLIENTS_DB_NAME}
|
|
MG_POSTGRES_MAX_CONNECTIONS: ${MG_POSTGRES_MAX_CONNECTIONS}
|
|
networks:
|
|
- magistrala-base-net
|
|
ports:
|
|
- 6006:5432
|
|
volumes:
|
|
- magistrala-clients-db-volume:/var/lib/postgresql/data
|
|
|
|
clients-redis:
|
|
image: docker.io/redis:8.2.2-alpine3.22
|
|
container_name: magistrala-clients-redis
|
|
restart: on-failure
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-clients-redis-volume:/data
|
|
|
|
clients:
|
|
image: ghcr.io/absmach/magistrala/clients:${MG_RELEASE_TAG}
|
|
container_name: magistrala-clients
|
|
depends_on:
|
|
- clients-db
|
|
- users
|
|
- auth
|
|
- nginx
|
|
restart: on-failure
|
|
environment:
|
|
MG_CLIENTS_LOG_LEVEL: ${MG_CLIENTS_LOG_LEVEL}
|
|
MG_CLIENTS_STANDALONE_ID: ${MG_CLIENTS_STANDALONE_ID}
|
|
MG_CLIENTS_STANDALONE_TOKEN: ${MG_CLIENTS_STANDALONE_TOKEN}
|
|
MG_CLIENTS_CACHE_KEY_DURATION: ${MG_CLIENTS_CACHE_KEY_DURATION}
|
|
MG_CLIENTS_HTTP_HOST: ${MG_CLIENTS_HTTP_HOST}
|
|
MG_CLIENTS_HTTP_PORT: ${MG_CLIENTS_HTTP_PORT}
|
|
MG_CLIENTS_GRPC_HOST: ${MG_CLIENTS_GRPC_HOST}
|
|
MG_CLIENTS_GRPC_PORT: ${MG_CLIENTS_GRPC_PORT}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
MG_CLIENTS_GRPC_SERVER_CERT: ${MG_CLIENTS_GRPC_SERVER_CERT:+/clients-grpc-server.crt}
|
|
MG_CLIENTS_GRPC_SERVER_KEY: ${MG_CLIENTS_GRPC_SERVER_KEY:+/clients-grpc-server.key}
|
|
MG_CLIENTS_GRPC_SERVER_CA_CERTS: ${MG_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
MG_CLIENTS_GRPC_CLIENT_CA_CERTS: ${MG_CLIENTS_GRPC_CLIENT_CA_CERTS:+/clients-grpc-client-ca.crt}
|
|
MG_ES_URL: ${MG_ES_URL}
|
|
MG_CLIENTS_CACHE_URL: ${MG_CLIENTS_CACHE_URL}
|
|
MG_CLIENTS_DB_HOST: ${MG_CLIENTS_DB_HOST}
|
|
MG_CLIENTS_DB_PORT: ${MG_CLIENTS_DB_PORT}
|
|
MG_CLIENTS_DB_USER: ${MG_CLIENTS_DB_USER}
|
|
MG_CLIENTS_DB_PASS: ${MG_CLIENTS_DB_PASS}
|
|
MG_CLIENTS_DB_NAME: ${MG_CLIENTS_DB_NAME}
|
|
MG_CLIENTS_DB_SSL_MODE: ${MG_CLIENTS_DB_SSL_MODE}
|
|
MG_CLIENTS_DB_SSL_CERT: ${MG_CLIENTS_DB_SSL_CERT}
|
|
MG_CLIENTS_DB_SSL_KEY: ${MG_CLIENTS_DB_SSL_KEY}
|
|
MG_CLIENTS_DB_SSL_ROOT_CERT: ${MG_CLIENTS_DB_SSL_ROOT_CERT}
|
|
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
|
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
|
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
MG_AUTH_KEYS_ALGORITHM: ${MG_AUTH_KEYS_ALGORITHM}
|
|
MG_CHANNELS_URL: ${MG_CHANNELS_URL}
|
|
MG_CHANNELS_GRPC_URL: ${MG_CHANNELS_GRPC_URL}
|
|
MG_CHANNELS_GRPC_TIMEOUT: ${MG_CHANNELS_GRPC_TIMEOUT}
|
|
MG_CHANNELS_GRPC_CLIENT_CERT: ${MG_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
MG_CHANNELS_GRPC_CLIENT_KEY: ${MG_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
MG_CHANNELS_GRPC_SERVER_CA_CERTS: ${MG_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
MG_GROUPS_URL: ${MG_GROUPS_URL}
|
|
MG_GROUPS_GRPC_URL: ${MG_GROUPS_GRPC_URL}
|
|
MG_GROUPS_GRPC_TIMEOUT: ${MG_GROUPS_GRPC_TIMEOUT}
|
|
MG_GROUPS_GRPC_CLIENT_CERT: ${MG_GROUPS_GRPC_CLIENT_CERT:+/groups-grpc-client.crt}
|
|
MG_GROUPS_GRPC_CLIENT_KEY: ${MG_GROUPS_GRPC_CLIENT_KEY:+/groups-grpc-client.key}
|
|
MG_GROUPS_GRPC_SERVER_CA_CERTS: ${MG_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt}
|
|
MG_DOMAINS_GRPC_URL: ${MG_DOMAINS_GRPC_URL}
|
|
MG_DOMAINS_GRPC_TIMEOUT: ${MG_DOMAINS_GRPC_TIMEOUT}
|
|
MG_DOMAINS_GRPC_CLIENT_CERT: ${MG_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
MG_DOMAINS_GRPC_CLIENT_KEY: ${MG_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
MG_DOMAINS_GRPC_SERVER_CA_CERTS: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
|
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
|
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
|
MG_SPICEDB_PRE_SHARED_KEY: ${MG_SPICEDB_PRE_SHARED_KEY}
|
|
MG_SPICEDB_HOST: ${MG_SPICEDB_HOST}
|
|
MG_SPICEDB_PORT: ${MG_SPICEDB_PORT}
|
|
MG_SPICEDB_SCHEMA_FILE: ${MG_SPICEDB_SCHEMA_FILE}
|
|
MG_CLIENTS_CALLOUT_URLS: ${MG_CLIENTS_CALLOUT_URLS}
|
|
MG_CLIENTS_CALLOUT_METHOD: ${MG_CLIENTS_CALLOUT_METHOD}
|
|
MG_CLIENTS_CALLOUT_TLS_VERIFICATION: ${MG_CLIENTS_CALLOUT_TLS_VERIFICATION}
|
|
MG_CLIENTS_CALLOUT_TIMEOUT: ${MG_CLIENTS_CALLOUT_TIMEOUT}
|
|
MG_CLIENTS_CALLOUT_CA_CERT: ${MG_CLIENTS_CALLOUT_CA_CERT}
|
|
MG_CLIENTS_CALLOUT_CERT: ${MG_CLIENTS_CALLOUT_CERT}
|
|
MG_CLIENTS_CALLOUT_KEY: ${MG_CLIENTS_CALLOUT_KEY}
|
|
MG_CLIENTS_CALLOUT_OPERATIONS: ${MG_CLIENTS_CALLOUT_OPERATIONS}
|
|
MG_ALLOW_UNVERIFIED_USER: ${MG_ALLOW_UNVERIFIED_USER}
|
|
ports:
|
|
- ${MG_CLIENTS_HTTP_PORT}:${MG_CLIENTS_HTTP_PORT}
|
|
- ${MG_CLIENTS_GRPC_PORT}:${MG_CLIENTS_GRPC_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./permission.yaml:/permission.yaml
|
|
- ./spicedb/schema.zed:${MG_SPICEDB_SCHEMA_FILE}
|
|
# Clients gRPC server certificates
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_SERVER_CERT:-./ssl/placeholder}
|
|
target: /clients-grpc-server.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_SERVER_KEY:-./ssl/placeholder}
|
|
target: /clients-grpc-server.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /clients-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_CLIENT_CA_CERTS:-./ssl/placeholder}
|
|
target: /clients-grpc-client-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Channel gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /channels-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /channels-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /channels-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Group gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_GROUPS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /groups-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_GROUPS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /groups-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_GROUPS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /groups-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Domain gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /domains-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /domains-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
channels-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: magistrala-channels-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${MG_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${MG_CHANNELS_DB_USER}
|
|
POSTGRES_PASSWORD: ${MG_CHANNELS_DB_PASS}
|
|
POSTGRES_DB: ${MG_CHANNELS_DB_NAME}
|
|
MG_POSTGRES_MAX_CONNECTIONS: ${MG_POSTGRES_MAX_CONNECTIONS}
|
|
networks:
|
|
- magistrala-base-net
|
|
ports:
|
|
- 6005:5432
|
|
volumes:
|
|
- magistrala-channels-db-volume:/var/lib/postgresql/data
|
|
|
|
channels-redis:
|
|
image: docker.io/redis:8.2.2-alpine3.22
|
|
container_name: magistrala-channels-redis
|
|
restart: on-failure
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-channels-redis-volume:/data
|
|
|
|
channels:
|
|
image: ghcr.io/absmach/magistrala/channels:${MG_RELEASE_TAG}
|
|
container_name: magistrala-channels
|
|
depends_on:
|
|
- channels-db
|
|
- channels-redis
|
|
- users
|
|
- auth
|
|
- nginx
|
|
restart: on-failure
|
|
environment:
|
|
MG_CHANNELS_LOG_LEVEL: ${MG_CHANNELS_LOG_LEVEL}
|
|
MG_CHANNELS_INSTANCE_ID: ${MG_CHANNELS_INSTANCE_ID}
|
|
MG_CHANNELS_HTTP_HOST: ${MG_CHANNELS_HTTP_HOST}
|
|
MG_CHANNELS_HTTP_PORT: ${MG_CHANNELS_HTTP_PORT}
|
|
MG_CHANNELS_GRPC_HOST: ${MG_CHANNELS_GRPC_HOST}
|
|
MG_CHANNELS_GRPC_PORT: ${MG_CHANNELS_GRPC_PORT}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
MG_CHANNELS_GRPC_SERVER_CERT: ${MG_CHANNELS_GRPC_SERVER_CERT:+/channels-grpc-server.crt}
|
|
MG_CHANNELS_GRPC_SERVER_KEY: ${MG_CHANNELS_GRPC_SERVER_KEY:+/channels-grpc-server.key}
|
|
MG_CHANNELS_GRPC_SERVER_CA_CERTS: ${MG_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
MG_CHANNELS_GRPC_CLIENT_CA_CERTS: ${MG_CHANNELS_GRPC_CLIENT_CA_CERTS:+/channels-grpc-client-ca.crt}
|
|
MG_CHANNELS_DB_HOST: ${MG_CHANNELS_DB_HOST}
|
|
MG_CHANNELS_DB_PORT: ${MG_CHANNELS_DB_PORT}
|
|
MG_CHANNELS_DB_USER: ${MG_CHANNELS_DB_USER}
|
|
MG_CHANNELS_DB_PASS: ${MG_CHANNELS_DB_PASS}
|
|
MG_CHANNELS_DB_NAME: ${MG_CHANNELS_DB_NAME}
|
|
MG_CHANNELS_DB_SSL_MODE: ${MG_CHANNELS_DB_SSL_MODE}
|
|
MG_CHANNELS_DB_SSL_CERT: ${MG_CHANNELS_DB_SSL_CERT}
|
|
MG_CHANNELS_DB_SSL_KEY: ${MG_CHANNELS_DB_SSL_KEY}
|
|
MG_CHANNELS_DB_SSL_ROOT_CERT: ${MG_CHANNELS_DB_SSL_ROOT_CERT}
|
|
MG_CHANNELS_CACHE_URL: ${MG_CHANNELS_CACHE_URL}
|
|
MG_CHANNELS_CACHE_KEY_DURATION: ${MG_CHANNELS_CACHE_KEY_DURATION}
|
|
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
|
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
|
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
MG_AUTH_KEYS_ALGORITHM: ${MG_AUTH_KEYS_ALGORITHM}
|
|
MG_CLIENTS_GRPC_URL: ${MG_CLIENTS_GRPC_URL}
|
|
MG_CLIENTS_GRPC_TIMEOUT: ${MG_CLIENTS_GRPC_TIMEOUT}
|
|
MG_CLIENTS_GRPC_CLIENT_CERT: ${MG_CLIENTS_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
MG_CLIENTS_GRPC_CLIENT_KEY: ${MG_CLIENTS_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
MG_CLIENTS_GRPC_SERVER_CA_CERTS: ${MG_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
MG_GROUPS_GRPC_URL: ${MG_GROUPS_GRPC_URL}
|
|
MG_GROUPS_GRPC_TIMEOUT: ${MG_GROUPS_GRPC_TIMEOUT}
|
|
MG_GROUPS_GRPC_CLIENT_CERT: ${MG_GROUPS_GRPC_CLIENT_CERT:+/groups-grpc-client.crt}
|
|
MG_GROUPS_GRPC_CLIENT_KEY: ${MG_GROUPS_GRPC_CLIENT_KEY:+/groups-grpc-client.key}
|
|
MG_GROUPS_GRPC_SERVER_CA_CERTS: ${MG_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt}
|
|
MG_DOMAINS_GRPC_URL: ${MG_DOMAINS_GRPC_URL}
|
|
MG_DOMAINS_GRPC_TIMEOUT: ${MG_DOMAINS_GRPC_TIMEOUT}
|
|
MG_DOMAINS_GRPC_CLIENT_CERT: ${MG_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
MG_DOMAINS_GRPC_CLIENT_KEY: ${MG_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
MG_DOMAINS_GRPC_SERVER_CA_CERTS: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
MG_ES_URL: ${MG_ES_URL}
|
|
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
|
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
|
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
|
MG_SPICEDB_PRE_SHARED_KEY: ${MG_SPICEDB_PRE_SHARED_KEY}
|
|
MG_SPICEDB_HOST: ${MG_SPICEDB_HOST}
|
|
MG_SPICEDB_PORT: ${MG_SPICEDB_PORT}
|
|
MG_SPICEDB_SCHEMA_FILE: ${MG_SPICEDB_SCHEMA_FILE}
|
|
MG_CHANNELS_CALLOUT_URLS: ${MG_CHANNELS_CALLOUT_URLS}
|
|
MG_CHANNELS_CALLOUT_METHOD: ${MG_CHANNELS_CALLOUT_METHOD}
|
|
MG_CHANNELS_CALLOUT_TLS_VERIFICATION: ${MG_CHANNELS_CALLOUT_TLS_VERIFICATION}
|
|
MG_CHANNELS_CALLOUT_TIMEOUT: ${MG_CHANNELS_CALLOUT_TIMEOUT}
|
|
MG_CHANNELS_CALLOUT_CA_CERT: ${MG_CHANNELS_CALLOUT_CA_CERT}
|
|
MG_CHANNELS_CALLOUT_CERT: ${MG_CHANNELS_CALLOUT_CERT}
|
|
MG_CHANNELS_CALLOUT_KEY: ${MG_CHANNELS_CALLOUT_KEY}
|
|
MG_CHANNELS_CALLOUT_OPERATIONS: ${MG_CHANNELS_CALLOUT_OPERATIONS}
|
|
MG_ALLOW_UNVERIFIED_USER: ${MG_ALLOW_UNVERIFIED_USER}
|
|
ports:
|
|
- ${MG_CHANNELS_HTTP_PORT}:${MG_CHANNELS_HTTP_PORT}
|
|
- ${MG_CHANNELS_GRPC_PORT}:${MG_CHANNELS_GRPC_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./permission.yaml:/permission.yaml
|
|
- ./spicedb/schema.zed:${MG_SPICEDB_SCHEMA_FILE}
|
|
# Channels gRPC server certificates
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_SERVER_CERT:-./ssl/placeholder}
|
|
target: /channels-grpc-server.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_SERVER_KEY:-./ssl/placeholder}
|
|
target: /channels-grpc-server.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /channels-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_CLIENT_CA_CERTS:-./ssl/placeholder}
|
|
target: /channels-grpc-client-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Clients gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /clients-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /clients-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /clients-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Groups gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_GROUPS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /groups-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_GROUPS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /groups-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_GROUPS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /groups-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Domains gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /domains-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /domains-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
users-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: magistrala-users-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${MG_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${MG_USERS_DB_USER}
|
|
POSTGRES_PASSWORD: ${MG_USERS_DB_PASS}
|
|
POSTGRES_DB: ${MG_USERS_DB_NAME}
|
|
MG_POSTGRES_MAX_CONNECTIONS: ${MG_POSTGRES_MAX_CONNECTIONS}
|
|
ports:
|
|
- 6002:5432
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-users-db-volume:/var/lib/postgresql/data
|
|
|
|
users:
|
|
image: ghcr.io/absmach/magistrala/users:${MG_RELEASE_TAG}
|
|
container_name: magistrala-users
|
|
depends_on:
|
|
- users-db
|
|
- auth
|
|
- nginx
|
|
restart: on-failure
|
|
environment:
|
|
MG_USERS_LOG_LEVEL: ${MG_USERS_LOG_LEVEL}
|
|
MG_USERS_SECRET_KEY: ${MG_USERS_SECRET_KEY}
|
|
MG_USERS_ADMIN_EMAIL: ${MG_USERS_ADMIN_EMAIL}
|
|
MG_USERS_ADMIN_PASSWORD: ${MG_USERS_ADMIN_PASSWORD}
|
|
MG_USERS_ADMIN_USERNAME: ${MG_USERS_ADMIN_USERNAME}
|
|
MG_USERS_ADMIN_FIRST_NAME: ${MG_USERS_ADMIN_FIRST_NAME}
|
|
MG_USERS_ADMIN_LAST_NAME: ${MG_USERS_ADMIN_LAST_NAME}
|
|
MG_USERS_PASS_REGEX: ${MG_USERS_PASS_REGEX}
|
|
MG_USERS_HTTP_HOST: ${MG_USERS_HTTP_HOST}
|
|
MG_USERS_HTTP_PORT: ${MG_USERS_HTTP_PORT}
|
|
MG_USERS_HTTP_SERVER_CERT: ${MG_USERS_HTTP_SERVER_CERT}
|
|
MG_USERS_HTTP_SERVER_KEY: ${MG_USERS_HTTP_SERVER_KEY}
|
|
MG_USERS_GRPC_HOST: ${MG_USERS_GRPC_HOST}
|
|
MG_USERS_GRPC_PORT: ${MG_USERS_GRPC_PORT}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
MG_USERS_GRPC_SERVER_CERT: ${MG_USERS_GRPC_SERVER_CERT:+/users-grpc-server.crt}
|
|
MG_USERS_GRPC_SERVER_KEY: ${MG_USERS_GRPC_SERVER_KEY:+/users-grpc-server.key}
|
|
MG_USERS_GRPC_SERVER_CA_CERTS: ${MG_USERS_GRPC_SERVER_CA_CERTS:+/users-grpc-server-ca.crt}
|
|
MG_USERS_GRPC_CLIENT_CA_CERTS: ${MG_USERS_GRPC_CLIENT_CA_CERTS:+/users-grpc-client-ca.crt}
|
|
MG_USERS_DB_HOST: ${MG_USERS_DB_HOST}
|
|
MG_USERS_DB_PORT: ${MG_USERS_DB_PORT}
|
|
MG_USERS_DB_USER: ${MG_USERS_DB_USER}
|
|
MG_USERS_DB_PASS: ${MG_USERS_DB_PASS}
|
|
MG_USERS_DB_NAME: ${MG_USERS_DB_NAME}
|
|
MG_USERS_DB_SSL_MODE: ${MG_USERS_DB_SSL_MODE}
|
|
MG_USERS_DB_SSL_CERT: ${MG_USERS_DB_SSL_CERT}
|
|
MG_USERS_DB_SSL_KEY: ${MG_USERS_DB_SSL_KEY}
|
|
MG_USERS_DB_SSL_ROOT_CERT: ${MG_USERS_DB_SSL_ROOT_CERT}
|
|
MG_USERS_ALLOW_SELF_REGISTER: ${MG_USERS_ALLOW_SELF_REGISTER}
|
|
MG_EMAIL_HOST: ${MG_EMAIL_HOST}
|
|
MG_EMAIL_PORT: ${MG_EMAIL_PORT}
|
|
MG_EMAIL_USERNAME: ${MG_EMAIL_USERNAME}
|
|
MG_EMAIL_PASSWORD: ${MG_EMAIL_PASSWORD}
|
|
MG_EMAIL_FROM_ADDRESS: ${MG_EMAIL_FROM_ADDRESS}
|
|
MG_EMAIL_FROM_NAME: ${MG_EMAIL_FROM_NAME}
|
|
MG_ES_URL: ${MG_ES_URL}
|
|
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
|
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
|
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
|
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
|
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
|
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
MG_AUTH_KEYS_ALGORITHM: ${MG_AUTH_KEYS_ALGORITHM}
|
|
MG_DOMAINS_GRPC_URL: ${MG_DOMAINS_GRPC_URL}
|
|
MG_DOMAINS_GRPC_TIMEOUT: ${MG_DOMAINS_GRPC_TIMEOUT}
|
|
MG_DOMAINS_GRPC_CLIENT_CERT: ${MG_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
MG_DOMAINS_GRPC_CLIENT_KEY: ${MG_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
MG_DOMAINS_GRPC_SERVER_CA_CERTS: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
MG_GOOGLE_CLIENT_ID: ${MG_GOOGLE_CLIENT_ID}
|
|
MG_GOOGLE_CLIENT_SECRET: ${MG_GOOGLE_CLIENT_SECRET}
|
|
MG_GOOGLE_REDIRECT_URL: ${MG_GOOGLE_REDIRECT_URL}
|
|
MG_GOOGLE_STATE: ${MG_GOOGLE_STATE}
|
|
MG_OAUTH_UI_REDIRECT_URL: ${MG_OAUTH_UI_REDIRECT_URL}
|
|
MG_OAUTH_UI_ERROR_URL: ${MG_OAUTH_UI_ERROR_URL}
|
|
MG_USERS_DELETE_INTERVAL: ${MG_USERS_DELETE_INTERVAL}
|
|
MG_USERS_DELETE_AFTER: ${MG_USERS_DELETE_AFTER}
|
|
MG_SPICEDB_PRE_SHARED_KEY: ${MG_SPICEDB_PRE_SHARED_KEY}
|
|
MG_SPICEDB_HOST: ${MG_SPICEDB_HOST}
|
|
MG_SPICEDB_PORT: ${MG_SPICEDB_PORT}
|
|
MG_PASSWORD_RESET_URL_PREFIX: ${MG_PASSWORD_RESET_URL_PREFIX}
|
|
MG_PASSWORD_RESET_EMAIL_TEMPLATE: ${MG_PASSWORD_RESET_EMAIL_TEMPLATE}
|
|
MG_VERIFICATION_URL_PREFIX: ${MG_VERIFICATION_URL_PREFIX}
|
|
MG_VERIFICATION_EMAIL_TEMPLATE: ${MG_VERIFICATION_EMAIL_TEMPLATE}
|
|
MG_ALLOW_UNVERIFIED_USER: ${MG_ALLOW_UNVERIFIED_USER}
|
|
ports:
|
|
- ${MG_USERS_HTTP_PORT}:${MG_USERS_HTTP_PORT}
|
|
- ${MG_USERS_GRPC_PORT}:${MG_USERS_GRPC_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./templates/${MG_PASSWORD_RESET_EMAIL_TEMPLATE}:/${MG_PASSWORD_RESET_EMAIL_TEMPLATE}
|
|
- ./templates/${MG_VERIFICATION_EMAIL_TEMPLATE}:/${MG_VERIFICATION_EMAIL_TEMPLATE}
|
|
# Users gRPC server certificates
|
|
- type: bind
|
|
source: ${MG_USERS_GRPC_SERVER_CERT:-./ssl/placeholder}
|
|
target: /users-grpc-server.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_USERS_GRPC_SERVER_KEY:-./ssl/placeholder}
|
|
target: /users-grpc-server.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_USERS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /users-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_USERS_GRPC_CLIENT_CA_CERTS:-./ssl/placeholder}
|
|
target: /users-grpc-client-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Domains gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /domains-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /domains-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
notifications:
|
|
image: ghcr.io/absmach/magistrala/notifications:${MG_RELEASE_TAG}
|
|
container_name: magistrala-notifications
|
|
depends_on:
|
|
- nginx
|
|
restart: on-failure
|
|
environment:
|
|
MG_NOTIFICATIONS_LOG_LEVEL: ${MG_NOTIFICATIONS_LOG_LEVEL}
|
|
MG_NOTIFICATIONS_INSTANCE_ID: ${MG_NOTIFICATIONS_INSTANCE_ID}
|
|
MG_ES_URL: ${MG_ES_URL}
|
|
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
|
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
|
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
|
MG_EMAIL_HOST: ${MG_EMAIL_HOST}
|
|
MG_EMAIL_PORT: ${MG_EMAIL_PORT}
|
|
MG_EMAIL_USERNAME: ${MG_EMAIL_USERNAME}
|
|
MG_EMAIL_PASSWORD: ${MG_EMAIL_PASSWORD}
|
|
MG_EMAIL_FROM_ADDRESS: ${MG_EMAIL_FROM_ADDRESS}
|
|
MG_EMAIL_FROM_NAME: ${MG_EMAIL_FROM_NAME}
|
|
MG_EMAIL_INVITATION_TEMPLATE: ${MG_EMAIL_INVITATION_TEMPLATE}
|
|
MG_EMAIL_ACCEPTANCE_TEMPLATE: ${MG_EMAIL_ACCEPTANCE_TEMPLATE}
|
|
MG_EMAIL_REJECTION_TEMPLATE: ${MG_EMAIL_REJECTION_TEMPLATE}
|
|
MG_USERS_GRPC_URL: ${MG_USERS_GRPC_URL}
|
|
MG_USERS_GRPC_TIMEOUT: ${MG_USERS_GRPC_TIMEOUT}
|
|
MG_USERS_GRPC_CLIENT_CERT: ${MG_USERS_GRPC_CLIENT_CERT:+/users-grpc-client.crt}
|
|
MG_USERS_GRPC_CLIENT_KEY: ${MG_USERS_GRPC_CLIENT_KEY:+/users-grpc-client.key}
|
|
MG_USERS_GRPC_SERVER_CA_CERTS: ${MG_USERS_GRPC_SERVER_CA_CERTS:+/users-grpc-server-ca.crt}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./templates/${MG_EMAIL_INVITATION_TEMPLATE}:/${MG_EMAIL_INVITATION_TEMPLATE}
|
|
- ./templates/${MG_EMAIL_ACCEPTANCE_TEMPLATE}:/${MG_EMAIL_ACCEPTANCE_TEMPLATE}
|
|
- ./templates/${MG_EMAIL_REJECTION_TEMPLATE}:/${MG_EMAIL_REJECTION_TEMPLATE}
|
|
# Users gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_USERS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /users-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_USERS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /users-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_USERS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /users-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
groups-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: magistrala-groups-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${MG_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${MG_GROUPS_DB_USER}
|
|
POSTGRES_PASSWORD: ${MG_GROUPS_DB_PASS}
|
|
POSTGRES_DB: ${MG_GROUPS_DB_NAME}
|
|
MG_POSTGRES_MAX_CONNECTIONS: ${MG_POSTGRES_MAX_CONNECTIONS}
|
|
ports:
|
|
- 6004:5432
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-groups-db-volume:/var/lib/postgresql/data
|
|
|
|
groups:
|
|
image: ghcr.io/absmach/magistrala/groups:${MG_RELEASE_TAG}
|
|
container_name: magistrala-groups
|
|
depends_on:
|
|
- groups-db
|
|
- auth
|
|
- nginx
|
|
restart: on-failure
|
|
environment:
|
|
MG_GROUPS_LOG_LEVEL: ${MG_GROUPS_LOG_LEVEL}
|
|
MG_GROUPS_HTTP_HOST: ${MG_GROUPS_HTTP_HOST}
|
|
MG_GROUPS_HTTP_PORT: ${MG_GROUPS_HTTP_PORT}
|
|
MG_GROUPS_HTTP_SERVER_CERT: ${MG_GROUPS_HTTP_SERVER_CERT}
|
|
MG_GROUPS_HTTP_SERVER_KEY: ${MG_GROUPS_HTTP_SERVER_KEY}
|
|
MG_GROUPS_GRPC_HOST: ${MG_GROUPS_GRPC_HOST}
|
|
MG_GROUPS_GRPC_PORT: ${MG_GROUPS_GRPC_PORT}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
MG_GROUPS_GRPC_SERVER_CERT: ${MG_GROUPS_GRPC_SERVER_CERT:+/groups-grpc-server.crt}
|
|
MG_GROUPS_GRPC_SERVER_KEY: ${MG_GROUPS_GRPC_SERVER_KEY:+/groups-grpc-server.key}
|
|
MG_GROUPS_GRPC_SERVER_CA_CERTS: ${MG_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt}
|
|
MG_GROUPS_GRPC_CLIENT_CA_CERTS: ${MG_GROUPS_GRPC_CLIENT_CA_CERTS:+/groups-grpc-client-ca.crt}
|
|
MG_GROUPS_DB_HOST: ${MG_GROUPS_DB_HOST}
|
|
MG_GROUPS_DB_PORT: ${MG_GROUPS_DB_PORT}
|
|
MG_GROUPS_DB_USER: ${MG_GROUPS_DB_USER}
|
|
MG_GROUPS_DB_PASS: ${MG_GROUPS_DB_PASS}
|
|
MG_GROUPS_DB_NAME: ${MG_GROUPS_DB_NAME}
|
|
MG_GROUPS_DB_SSL_MODE: ${MG_GROUPS_DB_SSL_MODE}
|
|
MG_GROUPS_DB_SSL_CERT: ${MG_GROUPS_DB_SSL_CERT}
|
|
MG_GROUPS_DB_SSL_KEY: ${MG_GROUPS_DB_SSL_KEY}
|
|
MG_GROUPS_DB_SSL_ROOT_CERT: ${MG_GROUPS_DB_SSL_ROOT_CERT}
|
|
MG_CHANNELS_URL: ${MG_CHANNELS_URL}
|
|
MG_CHANNELS_GRPC_URL: ${MG_CHANNELS_GRPC_URL}
|
|
MG_CHANNELS_GRPC_TIMEOUT: ${MG_CHANNELS_GRPC_TIMEOUT}
|
|
MG_CHANNELS_GRPC_CLIENT_CERT: ${MG_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
MG_CHANNELS_GRPC_CLIENT_KEY: ${MG_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
MG_CHANNELS_GRPC_SERVER_CA_CERTS: ${MG_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
MG_CLIENTS_GRPC_URL: ${MG_CLIENTS_GRPC_URL}
|
|
MG_CLIENTS_GRPC_TIMEOUT: ${MG_CLIENTS_GRPC_TIMEOUT}
|
|
MG_CLIENTS_GRPC_CLIENT_CERT: ${MG_CLIENTS_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
MG_CLIENTS_GRPC_CLIENT_KEY: ${MG_CLIENTS_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
MG_CLIENTS_GRPC_SERVER_CA_CERTS: ${MG_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
MG_DOMAINS_GRPC_URL: ${MG_DOMAINS_GRPC_URL}
|
|
MG_DOMAINS_GRPC_TIMEOUT: ${MG_DOMAINS_GRPC_TIMEOUT}
|
|
MG_DOMAINS_GRPC_CLIENT_CERT: ${MG_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
MG_DOMAINS_GRPC_CLIENT_KEY: ${MG_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
MG_DOMAINS_GRPC_SERVER_CA_CERTS: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
MG_ES_URL: ${MG_ES_URL}
|
|
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
|
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
|
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
|
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
|
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
|
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
MG_AUTH_KEYS_ALGORITHM: ${MG_AUTH_KEYS_ALGORITHM}
|
|
MG_SPICEDB_PRE_SHARED_KEY: ${MG_SPICEDB_PRE_SHARED_KEY}
|
|
MG_SPICEDB_HOST: ${MG_SPICEDB_HOST}
|
|
MG_SPICEDB_PORT: ${MG_SPICEDB_PORT}
|
|
MG_SPICEDB_SCHEMA_FILE: ${MG_SPICEDB_SCHEMA_FILE}
|
|
MG_GROUPS_CALLOUT_URLS: ${MG_GROUPS_CALLOUT_URLS}
|
|
MG_GROUPS_CALLOUT_METHOD: ${MG_GROUPS_CALLOUT_METHOD}
|
|
MG_GROUPS_CALLOUT_TLS_VERIFICATION: ${MG_GROUPS_CALLOUT_TLS_VERIFICATION}
|
|
MG_GROUPS_CALLOUT_TIMEOUT: ${MG_GROUPS_CALLOUT_TIMEOUT}
|
|
MG_GROUPS_CALLOUT_CA_CERT: ${MG_GROUPS_CALLOUT_CA_CERT}
|
|
MG_GROUPS_CALLOUT_CERT: ${MG_GROUPS_CALLOUT_CERT}
|
|
MG_GROUPS_CALLOUT_KEY: ${MG_GROUPS_CALLOUT_KEY}
|
|
MG_GROUPS_CALLOUT_OPERATIONS: ${MG_GROUPS_CALLOUT_OPERATIONS}
|
|
MG_ALLOW_UNVERIFIED_USER: ${MG_ALLOW_UNVERIFIED_USER}
|
|
ports:
|
|
- ${MG_GROUPS_HTTP_PORT}:${MG_GROUPS_HTTP_PORT}
|
|
- ${MG_GROUPS_GRPC_PORT}:${MG_GROUPS_GRPC_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./permission.yaml:/permission.yaml
|
|
- ./spicedb/schema.zed:${MG_SPICEDB_SCHEMA_FILE}
|
|
# Groups gRPC server certificates
|
|
- type: bind
|
|
source: ${MG_GROUPS_GRPC_SERVER_CERT:-./ssl/placeholder}
|
|
target: /groups-grpc-server.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_GROUPS_GRPC_SERVER_KEY:-./ssl/placeholder}
|
|
target: /groups-grpc-server.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_GROUPS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /groups-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_GROUPS_GRPC_CLIENT_CA_CERTS:-./ssl/placeholder}
|
|
target: /groups-grpc-client-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Clients gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /clients-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /clients-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /clients-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Channels gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /channels-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /channels-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /channels-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Domains gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /domains-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /domains-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
jaeger:
|
|
image: docker.io/jaegertracing/all-in-one:1.74.0
|
|
container_name: magistrala-jaeger
|
|
environment:
|
|
COLLECTOR_OTLP_ENABLED: ${MG_JAEGER_COLLECTOR_OTLP_ENABLED}
|
|
command: --memory.max-traces ${MG_JAEGER_MEMORY_MAX_TRACES}
|
|
ports:
|
|
- ${MG_JAEGER_FRONTEND}:${MG_JAEGER_FRONTEND}
|
|
- ${MG_JAEGER_OLTP_HTTP}:${MG_JAEGER_OLTP_HTTP}
|
|
networks:
|
|
- magistrala-base-net
|
|
|
|
fluxmq-node1:
|
|
image: ghcr.io/absmach/fluxmq:${MG_FLUXMQ_IMAGE_TAG}
|
|
container_name: magistrala-fluxmq-node1
|
|
user: "0:0"
|
|
command: ["-config", "/etc/fluxmq/config.yaml"]
|
|
depends_on:
|
|
- fluxmq-auth
|
|
restart: on-failure
|
|
ports:
|
|
- ${MG_COAP_PORT}:5683/udp
|
|
- ${MG_FLUXMQ_API_PORT_1}:8082
|
|
networks:
|
|
magistrala-base-net:
|
|
ipv4_address: 172.30.0.201
|
|
volumes:
|
|
- ./fluxmq/node1.yaml:/etc/fluxmq/config.yaml:ro
|
|
- magistrala-fluxmq-node1-volume:/tmp/fluxmq
|
|
|
|
fluxmq-node2:
|
|
image: ghcr.io/absmach/fluxmq:${MG_FLUXMQ_IMAGE_TAG}
|
|
container_name: magistrala-fluxmq-node2
|
|
user: "0:0"
|
|
command: ["-config", "/etc/fluxmq/config.yaml"]
|
|
depends_on:
|
|
- fluxmq-node1
|
|
- fluxmq-auth
|
|
restart: on-failure
|
|
ports:
|
|
- ${MG_FLUXMQ_API_PORT_2}:8082
|
|
networks:
|
|
magistrala-base-net:
|
|
ipv4_address: 172.30.0.202
|
|
volumes:
|
|
- ./fluxmq/node2.yaml:/etc/fluxmq/config.yaml:ro
|
|
- magistrala-fluxmq-node2-volume:/tmp/fluxmq
|
|
|
|
fluxmq-node3:
|
|
image: ghcr.io/absmach/fluxmq:${MG_FLUXMQ_IMAGE_TAG}
|
|
container_name: magistrala-fluxmq-node3
|
|
user: "0:0"
|
|
command: ["-config", "/etc/fluxmq/config.yaml"]
|
|
depends_on:
|
|
- fluxmq-node1
|
|
- fluxmq-auth
|
|
restart: on-failure
|
|
ports:
|
|
- ${MG_FLUXMQ_API_PORT_3}:8082
|
|
networks:
|
|
magistrala-base-net:
|
|
ipv4_address: 172.30.0.203
|
|
volumes:
|
|
- ./fluxmq/node3.yaml:/etc/fluxmq/config.yaml:ro
|
|
- magistrala-fluxmq-node3-volume:/tmp/fluxmq
|
|
|
|
fluxmq-auth:
|
|
image: ghcr.io/absmach/magistrala/fluxmq:${MG_RELEASE_TAG}
|
|
container_name: magistrala-fluxmq-auth
|
|
restart: on-failure
|
|
environment:
|
|
MG_FLUXMQ_LOG_LEVEL: ${MG_FLUXMQ_LOG_LEVEL}
|
|
MG_FLUXMQ_GRPC_HOST: ${MG_FLUXMQ_GRPC_HOST}
|
|
MG_FLUXMQ_GRPC_PORT: ${MG_FLUXMQ_GRPC_PORT}
|
|
MG_FLUXMQ_INSTANCE_ID: ${MG_FLUXMQ_INSTANCE_ID}
|
|
MG_FLUXMQ_CACHE_NUM_COUNTERS: ${MG_FLUXMQ_CACHE_NUM_COUNTERS}
|
|
MG_FLUXMQ_CACHE_MAX_COST: ${MG_FLUXMQ_CACHE_MAX_COST}
|
|
MG_FLUXMQ_CACHE_BUFFER_ITEMS: ${MG_FLUXMQ_CACHE_BUFFER_ITEMS}
|
|
MG_CLIENTS_GRPC_URL: ${MG_CLIENTS_GRPC_URL}
|
|
MG_CLIENTS_GRPC_TIMEOUT: ${MG_CLIENTS_GRPC_TIMEOUT}
|
|
MG_CLIENTS_GRPC_CLIENT_CERT: ${MG_CLIENTS_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
MG_CLIENTS_GRPC_CLIENT_KEY: ${MG_CLIENTS_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
MG_CLIENTS_GRPC_SERVER_CA_CERTS: ${MG_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
MG_CHANNELS_GRPC_URL: ${MG_CHANNELS_GRPC_URL}
|
|
MG_CHANNELS_GRPC_TIMEOUT: ${MG_CHANNELS_GRPC_TIMEOUT}
|
|
MG_CHANNELS_GRPC_CLIENT_CERT: ${MG_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
MG_CHANNELS_GRPC_CLIENT_KEY: ${MG_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
MG_CHANNELS_GRPC_SERVER_CA_CERTS: ${MG_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
MG_DOMAINS_GRPC_URL: ${MG_DOMAINS_GRPC_URL}
|
|
MG_DOMAINS_GRPC_TIMEOUT: ${MG_DOMAINS_GRPC_TIMEOUT}
|
|
MG_DOMAINS_GRPC_CLIENT_CERT: ${MG_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
MG_DOMAINS_GRPC_CLIENT_KEY: ${MG_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
MG_DOMAINS_GRPC_SERVER_CA_CERTS: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
|
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
# Clients gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /clients-grpc-client${MG_CLIENTS_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /clients-grpc-client${MG_CLIENTS_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /clients-grpc-server-ca${MG_CLIENTS_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
# Channels gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /channels-grpc-client${MG_CHANNELS_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /channels-grpc-client${MG_CHANNELS_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /channels-grpc-server-ca${MG_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
# Domains gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /domains-grpc-client${MG_DOMAINS_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /domains-grpc-client${MG_DOMAINS_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /domains-grpc-server-ca${MG_DOMAINS_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
|
|
ui:
|
|
image: ghcr.io/absmach/magistrala/ui-mg:${MG_RELEASE_TAG}
|
|
container_name: magistrala-ui
|
|
ports:
|
|
- 3000:3000
|
|
networks:
|
|
- magistrala-base-net
|
|
environment:
|
|
MG_AUTH_URL: ${MG_AUTH_URL}
|
|
MG_DOMAINS_URL: ${MG_DOMAINS_URL}
|
|
MG_USERS_URL: ${MG_USERS_URL}
|
|
MG_CLIENTS_URL: ${MG_CLIENTS_URL}
|
|
MG_CHANNELS_URL: ${MG_CHANNELS_URL}
|
|
MG_GROUPS_URL: ${MG_GROUPS_URL}
|
|
MG_BOOTSTRAP_URL: ${MG_BOOTSTRAP_URL}
|
|
MG_CERTS_URL: ${MG_CERTS_URL}
|
|
MG_HTTP_ADAPTER_URL: ${MG_HTTP_ADAPTER_URL}
|
|
MG_READER_URL: ${MG_READER_URL}
|
|
MG_BACKEND_URL: ${MG_UI_BACKEND_URL}
|
|
MG_JOURNAL_URL: ${MG_JOURNAL_URL}
|
|
MG_ALARMS_URL: ${MG_ALARMS_URL}
|
|
MG_RE_URL: ${MG_RE_URL}
|
|
MG_REPORTS_URL: ${MG_REPORTS_URL}
|
|
MG_GOOGLE_CLIENT_ID: ${MG_GOOGLE_CLIENT_ID}
|
|
MG_GOOGLE_CLIENT_SECRET: ${MG_GOOGLE_CLIENT_SECRET}
|
|
MG_GOOGLE_REDIRECT_URL: ${MG_GOOGLE_REDIRECT_URL}
|
|
MG_GOOGLE_STATE: ${MG_GOOGLE_STATE}
|
|
MG_UI_BASE_PATH: ${MG_UI_BASE_PATH}
|
|
MG_NEXTAUTH_BASE_PATH: ${MG_NEXTAUTH_BASE_PATH}
|
|
MG_UI_TYPE: ${MG_UI_TYPE}
|
|
MG_UI_BASEURL: ${MG_UI_BASEURL}
|
|
NEXTAUTH_URL: ${NEXTAUTH_URL}
|
|
NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
|
|
NEXT_LOG_LEVEL: "debug"
|
|
MG_HOST_URL: ${MG_HOST_URL}
|
|
MG_UI_IMAGE_URL: ${MG_UI_IMAGE_URL}
|
|
MG_UI_DOCKER_ACCEPT_EULA: ${MG_UI_DOCKER_ACCEPT_EULA}
|
|
MG_SUPPORT_EMAIL: ${MG_SUPPORT_EMAIL}
|
|
MG_SUPPORT_EMAIL_PASS: ${MG_SUPPORT_EMAIL_PASS}
|
|
MG_UI_CLI_MQTT_HOST: ${MG_UI_CLI_MQTT_HOST}
|
|
MG_UI_CLI_WS_URL: ${MG_UI_CLI_WS_URL}
|
|
MG_UI_CLI_COAP_HOST: ${MG_UI_CLI_COAP_HOST}
|
|
MG_UI_CLI_COAP_PORT: ${MG_UI_CLI_COAP_PORT}
|
|
MG_UI_CLI_HTTP_URL: ${MG_UI_CLI_HTTP_URL}
|
|
MG_UI_ALLOW_UNVERIFIED_USER: ${MG_ALLOW_UNVERIFIED_USER}
|
|
MG_ACCESS_TOKEN_EXPIRY: ${MG_AUTH_ACCESS_TOKEN_DURATION}
|
|
MG_REFRESH_TOKEN_EXPIRY: ${MG_AUTH_REFRESH_TOKEN_DURATION}
|
|
MG_UI_SMTP_HOST: ${MG_UI_SMTP_HOST}
|
|
MG_UI_SMTP_PORT: ${MG_UI_SMTP_PORT}
|
|
MG_UI_SMTP_SECURE: ${MG_UI_SMTP_SECURE}
|
|
MG_UI_SUPPORT_FROM: ${MG_UI_SUPPORT_FROM}
|
|
|
|
ui-backend:
|
|
image: ghcr.io/absmach/magistrala/ui-backend:${MG_RELEASE_TAG}
|
|
container_name: magistrala-ui-backend
|
|
ports:
|
|
- ${MG_UI_BACKEND_HTTP_PORT}:${MG_UI_BACKEND_HTTP_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
restart: on-failure:3
|
|
environment:
|
|
MG_BACKEND_LOG_LEVEL: ${MG_UI_BACKEND_LOG_LEVEL}
|
|
MG_BACKEND_HTTP_HOST: ${MG_UI_BACKEND_HTTP_HOST}
|
|
MG_BACKEND_HTTP_PORT: ${MG_UI_BACKEND_HTTP_PORT}
|
|
MG_BACKEND_HTTP_SERVER_CERT: ${MG_UI_BACKEND_HTTP_SERVER_CERT}
|
|
MG_BACKEND_HTTP_SERVER_KEY: ${MG_UI_BACKEND_HTTP_SERVER_KEY}
|
|
MG_BACKEND_DB_HOST: ${MG_UI_BACKEND_DB_HOST}
|
|
MG_BACKEND_DB_PORT: ${MG_UI_BACKEND_DB_PORT}
|
|
MG_BACKEND_DB_USER: ${MG_UI_BACKEND_DB_USER}
|
|
MG_BACKEND_DB_PASS: ${MG_UI_BACKEND_DB_PASS}
|
|
MG_BACKEND_DB_NAME: ${MG_UI_BACKEND_DB_NAME}
|
|
MG_BACKEND_DB_SSL_MODE: ${MG_UI_BACKEND_DB_SSL_MODE}
|
|
MG_BACKEND_DB_SSL_CERT: ${MG_UI_BACKEND_DB_SSL_CERT}
|
|
MG_BACKEND_DB_SSL_KEY: ${MG_UI_BACKEND_DB_SSL_KEY}
|
|
MG_BACKEND_DB_SSL_ROOT_CERT: ${MG_UI_BACKEND_DB_SSL_ROOT_CERT}
|
|
MG_BACKEND_INSTANCE_ID: ${MG_UI_BACKEND_INSTANCE_ID}
|
|
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
|
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
|
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
MG_UI_VERIFICATION_TLS: ${MG_UI_VERIFICATION_TLS}
|
|
MG_UI_CONTENT_TYPE: ${MG_UI_CONTENT_TYPE}
|
|
MG_READER_URL: ${MG_READER_URL}
|
|
MG_UI_DOCKER_ACCEPT_EULA: ${MG_UI_DOCKER_ACCEPT_EULA}
|
|
MG_CHANNELS_GRPC_URL: ${MG_CHANNELS_GRPC_URL}
|
|
MG_CHANNELS_GRPC_TIMEOUT: ${MG_CHANNELS_GRPC_TIMEOUT}
|
|
MG_CHANNELS_GRPC_CLIENT_CERT: ${MG_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
MG_CHANNELS_GRPC_CLIENT_KEY: ${MG_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
MG_CHANNELS_GRPC_SERVER_CA_CERTS: ${MG_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
MG_TIMESCALE_READER_GRPC_URL: ${MG_TIMESCALE_READER_GRPC_URL}
|
|
MG_TIMESCALE_READER_GRPC_TIMEOUT: ${MG_TIMESCALE_READER_GRPC_TIMEOUT}
|
|
MG_TIMESCALE_READER_GRPC_CLIENT_CERT: ${MG_TIMESCALE_READER_GRPC_CLIENT_CERT:+/readers-grpc-client.crt}
|
|
MG_TIMESCALE_READER_GRPC_CLIENT_KEY: ${MG_TIMESCALE_READER_GRPC_CLIENT_KEY:+/readers-grpc-client.key}
|
|
MG_TIMESCALE_READER_GRPC_SERVER_CA_CERTS: ${MG_TIMESCALE_READER_GRPC_SERVER_CA_CERTS:+/readers-grpc-server-ca.crt}
|
|
MG_BACKEND_OBJECT_STORAGE_REGION: ${MG_BACKEND_OBJECT_STORAGE_REGION}
|
|
MG_BACKEND_OBJECT_STORAGE_BUCKET: ${MG_BACKEND_OBJECT_STORAGE_BUCKET}
|
|
MG_BACKEND_OBJECT_STORAGE_ENDPOINT: ${MG_BACKEND_OBJECT_STORAGE_ENDPOINT}
|
|
MG_BACKEND_OBJECT_STORAGE_USE_PATH_STYLE: ${MG_BACKEND_OBJECT_STORAGE_USE_PATH_STYLE}
|
|
MG_BACKEND_OBJECT_STORAGE_PRESIGN_ENDPOINT: ${MG_BACKEND_OBJECT_STORAGE_PRESIGN_ENDPOINT}
|
|
MG_BACKEND_OBJECT_STORAGE_ACCESS_KEY: ${MG_BACKEND_OBJECT_STORAGE_ACCESS_KEY}
|
|
MG_BACKEND_OBJECT_STORAGE_SECRET_KEY: ${MG_BACKEND_OBJECT_STORAGE_SECRET_KEY}
|
|
MG_BACKEND_OBJECT_STORAGE_TTL: ${MG_BACKEND_OBJECT_STORAGE_TTL}
|
|
MG_BACKEND_OBJECT_STORAGE_READ_TTL: ${MG_BACKEND_OBJECT_STORAGE_READ_TTL}
|
|
depends_on:
|
|
ui-backend-db:
|
|
condition: service_healthy
|
|
seaweedfs-s3:
|
|
condition: service_started
|
|
volumes:
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Channels gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /channels-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /channels-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /channels-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Reader gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_TIMESCALE_READER_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /readers-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_TIMESCALE_READER_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /readers-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_TIMESCALE_READER_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /readers-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
ui-backend-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: magistrala-ui-backend-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${MG_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${MG_UI_BACKEND_DB_USER}
|
|
POSTGRES_PASSWORD: ${MG_UI_BACKEND_DB_PASS}
|
|
POSTGRES_DB: ${MG_UI_BACKEND_DB_NAME}
|
|
MG_POSTGRES_MAX_CONNECTIONS: ${MG_POSTGRES_MAX_CONNECTIONS}
|
|
ports:
|
|
- 6008:5432
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-ui-backend-db-volume:/var/lib/postgresql/data
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}"]
|
|
interval: 5s
|
|
timeout: 3s
|
|
retries: 60
|
|
|
|
seaweedfs-s3:
|
|
image: chrislusf/seaweedfs:4.16
|
|
container_name: magistrala-seaweedfs-s3
|
|
command: server -s3 -s3.config=/etc/seaweedfs/s3.json -dir=/data
|
|
ports:
|
|
- "8333:8333"
|
|
- "9333:9333"
|
|
- "19333:19333"
|
|
- "8888:8888"
|
|
volumes:
|
|
- ./data/seaweedfs:/data
|
|
- ./seaweedfs/s3.json:/etc/seaweedfs/s3.json:ro
|
|
networks:
|
|
- magistrala-base-net
|
|
|
|
seaweedfs-init:
|
|
image: amazon/aws-cli
|
|
container_name: magistrala-seaweedfs-init
|
|
entrypoint: /bin/sh
|
|
depends_on:
|
|
- seaweedfs-s3
|
|
command:
|
|
- -c
|
|
- |
|
|
echo "[INIT] Waiting 20s for SeaweedFS S3 to be ready...";
|
|
sleep 20;
|
|
OUT=$(aws --endpoint-url http://seaweedfs-s3:8333 s3api create-bucket --bucket $${BUCKET} 2>&1);
|
|
EXIT=$$?;
|
|
if [ $$EXIT -eq 0 ]; then
|
|
echo "[INIT] Bucket $${BUCKET} created successfully.";
|
|
elif echo "$$OUT" | grep -q 'BucketAlreadyOwnedByYou\|BucketAlreadyExists'; then
|
|
echo "[INIT] Bucket $${BUCKET} already exists, skipping.";
|
|
else
|
|
echo "[INIT] Failed to create bucket $${BUCKET}: $$OUT" >&2;
|
|
exit 1;
|
|
fi
|
|
networks:
|
|
- magistrala-base-net
|
|
environment:
|
|
BUCKET: ${MG_BACKEND_OBJECT_STORAGE_BUCKET}
|
|
AWS_ACCESS_KEY_ID: ${MG_BACKEND_OBJECT_STORAGE_ACCESS_KEY}
|
|
AWS_SECRET_ACCESS_KEY: ${MG_BACKEND_OBJECT_STORAGE_SECRET_KEY}
|
|
AWS_DEFAULT_REGION: ${MG_BACKEND_OBJECT_STORAGE_REGION}
|
|
AWS_EC2_METADATA_DISABLED: "true"
|
|
|
|
timescale:
|
|
image: timescale/timescaledb:2.19.3-pg16-oss
|
|
container_name: magistrala-timescale
|
|
restart: on-failure
|
|
environment:
|
|
POSTGRES_PASSWORD: ${MG_TIMESCALE_PASS}
|
|
POSTGRES_USER: ${MG_TIMESCALE_USER}
|
|
POSTGRES_DB: ${MG_TIMESCALE_NAME}
|
|
ports:
|
|
- 5433:5432
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-timescale-writer-volume:/var/lib/postgresql/data
|
|
|
|
timescale-reader:
|
|
image: ghcr.io/absmach/magistrala/timescale-reader:${MG_RELEASE_TAG}
|
|
container_name: magistrala-timescale-reader
|
|
depends_on:
|
|
- timescale
|
|
restart: on-failure
|
|
environment:
|
|
MG_TIMESCALE_READER_LOG_LEVEL: ${MG_TIMESCALE_READER_LOG_LEVEL}
|
|
MG_TIMESCALE_READER_HTTP_HOST: ${MG_TIMESCALE_READER_HTTP_HOST}
|
|
MG_TIMESCALE_READER_HTTP_PORT: ${MG_TIMESCALE_READER_HTTP_PORT}
|
|
MG_TIMESCALE_READER_HTTP_SERVER_CERT: ${MG_TIMESCALE_READER_HTTP_SERVER_CERT}
|
|
MG_TIMESCALE_READER_HTTP_SERVER_KEY: ${MG_TIMESCALE_READER_HTTP_SERVER_KEY}
|
|
MG_TIMESCALE_HOST: ${MG_TIMESCALE_HOST}
|
|
MG_TIMESCALE_PORT: ${MG_TIMESCALE_PORT}
|
|
MG_TIMESCALE_USER: ${MG_TIMESCALE_USER}
|
|
MG_TIMESCALE_PASS: ${MG_TIMESCALE_PASS}
|
|
MG_TIMESCALE_NAME: ${MG_TIMESCALE_NAME}
|
|
MG_TIMESCALE_SSL_MODE: ${MG_TIMESCALE_SSL_MODE}
|
|
MG_TIMESCALE_SSL_CERT: ${MG_TIMESCALE_SSL_CERT}
|
|
MG_TIMESCALE_SSL_KEY: ${MG_TIMESCALE_SSL_KEY}
|
|
MG_TIMESCALE_SSL_ROOT_CERT: ${MG_TIMESCALE_SSL_ROOT_CERT}
|
|
MG_CLIENTS_GRPC_URL: ${MG_CLIENTS_GRPC_URL}
|
|
MG_CLIENTS_GRPC_TIMEOUT: ${MG_CLIENTS_GRPC_TIMEOUT}
|
|
MG_CLIENTS_GRPC_CLIENT_CERT: ${MG_CLIENTS_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
MG_CLIENTS_GRPC_CLIENT_KEY: ${MG_CLIENTS_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
MG_CLIENTS_GRPC_SERVER_CA_CERTS: ${MG_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
MG_CHANNELS_GRPC_URL: ${MG_CHANNELS_GRPC_URL}
|
|
MG_CHANNELS_GRPC_TIMEOUT: ${MG_CHANNELS_GRPC_TIMEOUT}
|
|
MG_CHANNELS_GRPC_CLIENT_CERT: ${MG_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
MG_CHANNELS_GRPC_CLIENT_KEY: ${MG_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
MG_CHANNELS_GRPC_SERVER_CA_CERTS: ${MG_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
MG_TIMESCALE_READER_GRPC_URL: ${MG_TIMESCALE_READER_GRPC_URL}
|
|
MG_TIMESCALE_READER_GRPC_PORT: ${MG_TIMESCALE_READER_GRPC_PORT}
|
|
MG_TIMESCALE_READER_GRPC_HOST: ${MG_TIMESCALE_READER_GRPC_HOST}
|
|
MG_TIMESCALE_READER_GRPC_TIMEOUT: ${MG_TIMESCALE_READER_GRPC_TIMEOUT}
|
|
MG_TIMESCALE_READER_GRPC_CLIENT_CERT: ${MG_TIMESCALE_READER_GRPC_CLIENT_CERT:+/readers-grpc-client.crt}
|
|
MG_TIMESCALE_READER_GRPC_CLIENT_CA_CERTS: ${MG_TIMESCALE_READER_GRPC_CLIENT_CA_CERTS:+/readers-grpc-client-ca.crt}
|
|
MG_TIMESCALE_READER_GRPC_SERVER_CA_CERTS: ${MG_TIMESCALE_READER_GRPC_SERVER_CA_CERTS:+/readers-grpc-server-ca.crt}
|
|
MG_TIMESCALE_READER_GRPC_CLIENT_KEY: ${MG_TIMESCALE_READER_GRPC_CLIENT_KEY:+/readers-grpc-client.key}
|
|
MG_TIMESCALE_READER_GRPC_SERVER_CERT: ${MG_TIMESCALE_READER_GRPC_SERVER_CERT:+/readers-grpc-server.crt}
|
|
MG_TIMESCALE_READER_GRPC_SERVER_KEY: ${MG_TIMESCALE_READER_GRPC_SERVER_KEY:+/readers-grpc-server.key}
|
|
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
|
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
|
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
|
MG_TIMESCALE_READER_INSTANCE_ID: ${MG_TIMESCALE_READER_INSTANCE_ID}
|
|
ports:
|
|
- ${MG_TIMESCALE_READER_HTTP_PORT}:${MG_TIMESCALE_READER_HTTP_PORT}
|
|
- ${MG_TIMESCALE_READER_GRPC_PORT}:${MG_TIMESCALE_READER_GRPC_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
# Clients gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /clients-grpc-client${MG_CLIENTS_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /clients-grpc-client${MG_CLIENTS_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CLIENTS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /clients-grpc-server-ca${MG_CLIENTS_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
# Channels gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /channels-grpc-client${MG_CHANNELS_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /channels-grpc-client${MG_CHANNELS_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_CHANNELS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /channels-grpc-server-ca${MG_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
# Reader gRPC server and client certificates
|
|
- type: bind
|
|
source: ${MG_TIMESCALE_READER_GRPC_SERVER_CERT:-./ssl/placeholder}
|
|
target: /readers-grpc-server${MG_TIMESCALE_READER_GRPC_SERVER_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_TIMESCALE_READER_GRPC_SERVER_KEY:-./ssl/placeholder}
|
|
target: /readers-grpc-server${MG_TIMESCALE_READER_GRPC_SERVER_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_TIMESCALE_READER_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /readers-grpc-server-ca${MG_TIMESCALE_READER_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_TIMESCALE_READER_GRPC_CLIENT_CA_CERTS:-./ssl/placeholder}
|
|
target: /readers-grpc-client-ca${MG_TIMESCALE_READER_GRPC_CLIENT_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_TIMESCALE_READER_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /readers-grpc-client${MG_TIMESCALE_READER_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_TIMESCALE_READER_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /readers-grpc-client${MG_TIMESCALE_READER_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
|
|
timescale-writer:
|
|
image: ghcr.io/absmach/magistrala/timescale-writer:${MG_RELEASE_TAG}
|
|
container_name: magistrala-timescale-writer
|
|
depends_on:
|
|
- timescale
|
|
restart: on-failure
|
|
environment:
|
|
MG_TIMESCALE_WRITER_LOG_LEVEL: ${MG_TIMESCALE_WRITER_LOG_LEVEL}
|
|
MG_TIMESCALE_WRITER_CONFIG_PATH: ${MG_TIMESCALE_WRITER_CONFIG_PATH}
|
|
MG_TIMESCALE_WRITER_HTTP_HOST: ${MG_TIMESCALE_WRITER_HTTP_HOST}
|
|
MG_TIMESCALE_WRITER_HTTP_PORT: ${MG_TIMESCALE_WRITER_HTTP_PORT}
|
|
MG_TIMESCALE_WRITER_HTTP_SERVER_CERT: ${MG_TIMESCALE_WRITER_HTTP_SERVER_CERT}
|
|
MG_TIMESCALE_WRITER_HTTP_SERVER_KEY: ${MG_TIMESCALE_WRITER_HTTP_SERVER_KEY}
|
|
MG_TIMESCALE_HOST: ${MG_TIMESCALE_HOST}
|
|
MG_TIMESCALE_PORT: ${MG_TIMESCALE_PORT}
|
|
MG_TIMESCALE_USER: ${MG_TIMESCALE_USER}
|
|
MG_TIMESCALE_PASS: ${MG_TIMESCALE_PASS}
|
|
MG_TIMESCALE_NAME: ${MG_TIMESCALE_NAME}
|
|
MG_TIMESCALE_SSL_MODE: ${MG_TIMESCALE_SSL_MODE}
|
|
MG_TIMESCALE_SSL_CERT: ${MG_TIMESCALE_SSL_CERT}
|
|
MG_TIMESCALE_SSL_KEY: ${MG_TIMESCALE_SSL_KEY}
|
|
MG_TIMESCALE_SSL_ROOT_CERT: ${MG_TIMESCALE_SSL_ROOT_CERT}
|
|
MG_MESSAGE_BROKER_URL: ${MG_MESSAGE_BROKER_URL}
|
|
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
|
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
|
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
|
MG_TIMESCALE_WRITER_INSTANCE_ID: ${MG_TIMESCALE_WRITER_INSTANCE_ID}
|
|
ports:
|
|
- ${MG_TIMESCALE_WRITER_HTTP_PORT}:${MG_TIMESCALE_WRITER_HTTP_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./addons/timescale-writer/config.toml:${MG_TIMESCALE_WRITER_CONFIG_PATH}
|
|
re-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: magistrala-re-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${MG_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${MG_RE_DB_USER}
|
|
POSTGRES_PASSWORD: ${MG_RE_DB_PASS}
|
|
POSTGRES_DB: ${MG_RE_DB_NAME}
|
|
ports:
|
|
- 6009:5432
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-re-db-volume:/var/lib/postgresql/data
|
|
|
|
re:
|
|
image: ghcr.io/absmach/magistrala/re:${MG_RELEASE_TAG}
|
|
container_name: magistrala-re
|
|
depends_on:
|
|
- re-db
|
|
- spicedb-migrate
|
|
- nginx
|
|
restart: on-failure
|
|
environment:
|
|
MG_RE_LOG_LEVEL: ${MG_RE_LOG_LEVEL}
|
|
MG_RE_HTTP_PORT: ${MG_RE_HTTP_PORT}
|
|
MG_RE_HTTP_HOST: ${MG_RE_HTTP_HOST}
|
|
MG_RE_HTTP_SERVER_CERT: ${MG_RE_HTTP_SERVER_CERT}
|
|
MG_RE_HTTP_SERVER_KEY: ${MG_RE_HTTP_SERVER_KEY}
|
|
MG_RE_DB_HOST: ${MG_RE_DB_HOST}
|
|
MG_RE_DB_PORT: ${MG_RE_DB_PORT}
|
|
MG_RE_DB_USER: ${MG_RE_DB_USER}
|
|
MG_RE_DB_PASS: ${MG_RE_DB_PASS}
|
|
MG_RE_DB_NAME: ${MG_RE_DB_NAME}
|
|
MG_RE_DB_SSL_MODE: ${MG_RE_DB_SSL_MODE}
|
|
MG_RE_DB_SSL_CERT: ${MG_RE_DB_SSL_CERT}
|
|
MG_RE_DB_SSL_KEY: ${MG_RE_DB_SSL_KEY}
|
|
MG_RE_DB_SSL_ROOT_CERT: ${MG_RE_DB_SSL_ROOT_CERT}
|
|
MG_RE_CALLOUT_URLS: ${MG_RE_CALLOUT_URLS}
|
|
MG_RE_CALLOUT_METHOD: ${MG_RE_CALLOUT_METHOD}
|
|
MG_RE_CALLOUT_TLS_VERIFICATION: ${MG_RE_CALLOUT_TLS_VERIFICATION}
|
|
MG_RE_CALLOUT_TIMEOUT: ${MG_RE_CALLOUT_TIMEOUT}
|
|
MG_RE_CALLOUT_CA_CERT: ${MG_RE_CALLOUT_CA_CERT}
|
|
MG_RE_CALLOUT_CERT: ${MG_RE_CALLOUT_CERT}
|
|
MG_RE_CALLOUT_KEY: ${MG_RE_CALLOUT_KEY}
|
|
MG_RE_CALLOUT_OPERATIONS: ${MG_RE_CALLOUT_OPERATIONS}
|
|
MG_MESSAGE_BROKER_URL: ${MG_MESSAGE_BROKER_URL}
|
|
MG_ES_URL: ${MG_ES_URL}
|
|
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
|
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
|
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
|
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
|
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
|
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
MG_SPICEDB_PRE_SHARED_KEY: ${MG_SPICEDB_PRE_SHARED_KEY}
|
|
MG_SPICEDB_HOST: ${MG_SPICEDB_HOST}
|
|
MG_SPICEDB_PORT: ${MG_SPICEDB_PORT}
|
|
MG_SPICEDB_SCHEMA_FILE: ${MG_SPICEDB_SCHEMA_FILE}
|
|
MG_PERMISSIONS_FILE: ${MG_PERMISSIONS_FILE}
|
|
MG_RE_INSTANCE_ID: ${MG_RE_INSTANCE_ID}
|
|
MG_EMAIL_HOST: ${MG_EMAIL_HOST}
|
|
MG_EMAIL_PORT: ${MG_EMAIL_PORT}
|
|
MG_EMAIL_USERNAME: ${MG_EMAIL_USERNAME}
|
|
MG_EMAIL_PASSWORD: ${MG_EMAIL_PASSWORD}
|
|
MG_EMAIL_FROM_ADDRESS: ${MG_EMAIL_FROM_ADDRESS}
|
|
MG_EMAIL_FROM_NAME: ${MG_EMAIL_FROM_NAME}
|
|
MG_EMAIL_TEMPLATE: ${MG_EMAIL_TEMPLATE}
|
|
MG_TIMESCALE_READER_GRPC_URL: ${MG_TIMESCALE_READER_GRPC_URL}
|
|
MG_TIMESCALE_READER_GRPC_TIMEOUT: ${MG_TIMESCALE_READER_GRPC_TIMEOUT}
|
|
MG_TIMESCALE_READER_GRPC_CLIENT_CERT: ${MG_TIMESCALE_READER_GRPC_CLIENT_CERT}
|
|
MG_TIMESCALE_READER_GRPC_CLIENT_CA_CERTS: ${MG_TIMESCALE_READER_GRPC_CLIENT_CA_CERTS}
|
|
MG_TIMESCALE_READER_GRPC_CLIENT_KEY: ${MG_TIMESCALE_READER_GRPC_CLIENT_KEY}
|
|
MG_DOMAINS_GRPC_URL: ${MG_DOMAINS_GRPC_URL}
|
|
MG_DOMAINS_GRPC_TIMEOUT: ${MG_DOMAINS_GRPC_TIMEOUT}
|
|
MG_DOMAINS_GRPC_CLIENT_CERT: ${MG_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
MG_DOMAINS_GRPC_CLIENT_KEY: ${MG_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
MG_DOMAINS_GRPC_SERVER_CA_CERTS: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
MG_ALLOW_UNVERIFIED_USER: ${MG_ALLOW_UNVERIFIED_USER}
|
|
ports:
|
|
- ${MG_RE_HTTP_PORT}:${MG_RE_HTTP_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./permission.yaml:${MG_PERMISSIONS_FILE}
|
|
- ./spicedb/schema.zed:${MG_SPICEDB_SCHEMA_FILE}
|
|
- ./templates/${MG_RE_EMAIL_TEMPLATE}:/email.tmpl
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Domains gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /domains-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /domains-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
alarms-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: magistrala-alarms-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${MG_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${MG_ALARMS_DB_USER}
|
|
POSTGRES_PASSWORD: ${MG_ALARMS_DB_PASS}
|
|
POSTGRES_DB: ${MG_ALARMS_DB_NAME}
|
|
ports:
|
|
- 6019:5432
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-alarms-db-volume:/var/lib/postgresql/data
|
|
|
|
alarms:
|
|
image: ghcr.io/absmach/magistrala/alarms:${MG_RELEASE_TAG}
|
|
container_name: magistrala-alarms
|
|
depends_on:
|
|
- alarms-db
|
|
- spicedb-migrate
|
|
- nginx
|
|
restart: on-failure
|
|
environment:
|
|
MG_ALARMS_LOG_LEVEL: ${MG_ALARMS_LOG_LEVEL}
|
|
MG_ALARMS_HTTP_PORT: ${MG_ALARMS_HTTP_PORT}
|
|
MG_ALARMS_HTTP_HOST: ${MG_ALARMS_HTTP_HOST}
|
|
MG_ALARMS_HTTP_SERVER_CERT: ${MG_ALARMS_HTTP_SERVER_CERT}
|
|
MG_ALARMS_HTTP_SERVER_KEY: ${MG_ALARMS_HTTP_SERVER_KEY}
|
|
MG_ALARMS_DB_HOST: ${MG_ALARMS_DB_HOST}
|
|
MG_ALARMS_DB_PORT: ${MG_ALARMS_DB_PORT}
|
|
MG_ALARMS_DB_USER: ${MG_ALARMS_DB_USER}
|
|
MG_ALARMS_DB_PASS: ${MG_ALARMS_DB_PASS}
|
|
MG_ALARMS_DB_NAME: ${MG_ALARMS_DB_NAME}
|
|
MG_ALARMS_DB_SSL_MODE: ${MG_ALARMS_DB_SSL_MODE}
|
|
MG_ALARMS_DB_SSL_CERT: ${MG_ALARMS_DB_SSL_CERT}
|
|
MG_ALARMS_DB_SSL_KEY: ${MG_ALARMS_DB_SSL_KEY}
|
|
MG_ALARMS_DB_SSL_ROOT_CERT: ${MG_ALARMS_DB_SSL_ROOT_CERT}
|
|
MG_MESSAGE_BROKER_URL: ${MG_MESSAGE_BROKER_URL}
|
|
MG_ES_URL: ${MG_ES_URL}
|
|
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
|
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
|
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
|
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
|
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
MG_DOMAINS_GRPC_URL: ${MG_DOMAINS_GRPC_URL}
|
|
MG_DOMAINS_GRPC_TIMEOUT: ${MG_DOMAINS_GRPC_TIMEOUT}
|
|
MG_DOMAINS_GRPC_CLIENT_CERT: ${MG_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
MG_DOMAINS_GRPC_CLIENT_KEY: ${MG_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
MG_DOMAINS_GRPC_SERVER_CA_CERTS: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
MG_SPICEDB_PRE_SHARED_KEY: ${MG_SPICEDB_PRE_SHARED_KEY}
|
|
MG_SPICEDB_HOST: ${MG_SPICEDB_HOST}
|
|
MG_SPICEDB_PORT: ${MG_SPICEDB_PORT}
|
|
MG_SPICEDB_SCHEMA_FILE: ${MG_SPICEDB_SCHEMA_FILE}
|
|
MG_PERMISSIONS_FILE: ${MG_PERMISSIONS_FILE}
|
|
MG_ALARMS_INSTANCE_ID: ${MG_ALARMS_INSTANCE_ID}
|
|
MG_ALARMS_EVENT_CONSUMER: ${MG_ALARMS_EVENT_CONSUMER}
|
|
MG_ALLOW_UNVERIFIED_USER: ${MG_ALLOW_UNVERIFIED_USER}
|
|
ports:
|
|
- ${MG_ALARMS_HTTP_PORT}:${MG_ALARMS_HTTP_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./permission.yaml:${MG_PERMISSIONS_FILE}
|
|
- ./spicedb/schema.zed:${MG_SPICEDB_SCHEMA_FILE}
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Domains gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /domains-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /domains-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
reports-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: magistrala-reports-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${MG_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${MG_REPORTS_DB_USER}
|
|
POSTGRES_PASSWORD: ${MG_REPORTS_DB_PASS}
|
|
POSTGRES_DB: ${MG_REPORTS_DB_NAME}
|
|
ports:
|
|
- 6020:5432
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-reports-db-volume:/var/lib/postgresql/data
|
|
|
|
reports:
|
|
image: ghcr.io/absmach/magistrala/reports:${MG_RELEASE_TAG}
|
|
container_name: magistrala-reports
|
|
depends_on:
|
|
- reports-db
|
|
- spicedb-migrate
|
|
- nginx
|
|
restart: on-failure
|
|
environment:
|
|
MG_REPORTS_LOG_LEVEL: ${MG_REPORTS_LOG_LEVEL}
|
|
MG_REPORTS_HTTP_PORT: ${MG_REPORTS_HTTP_PORT}
|
|
MG_REPORTS_HTTP_HOST: ${MG_REPORTS_HTTP_HOST}
|
|
MG_REPORTS_HTTP_SERVER_CERT: ${MG_REPORTS_HTTP_SERVER_CERT}
|
|
MG_REPORTS_HTTP_SERVER_KEY: ${MG_REPORTS_HTTP_SERVER_KEY}
|
|
MG_REPORTS_DB_HOST: ${MG_REPORTS_DB_HOST}
|
|
MG_REPORTS_DB_PORT: ${MG_REPORTS_DB_PORT}
|
|
MG_REPORTS_DB_USER: ${MG_REPORTS_DB_USER}
|
|
MG_REPORTS_DB_PASS: ${MG_REPORTS_DB_PASS}
|
|
MG_REPORTS_DB_NAME: ${MG_REPORTS_DB_NAME}
|
|
MG_REPORTS_DB_SSL_MODE: ${MG_REPORTS_DB_SSL_MODE}
|
|
MG_REPORTS_DB_SSL_CERT: ${MG_REPORTS_DB_SSL_CERT}
|
|
MG_REPORTS_DB_SSL_KEY: ${MG_REPORTS_DB_SSL_KEY}
|
|
MG_REPORTS_DB_SSL_ROOT_CERT: ${MG_REPORTS_DB_SSL_ROOT_CERT}
|
|
MG_REPORTS_DEFAULT_TEMPLATE: ${MG_REPORTS_DEFAULT_TEMPLATE}
|
|
MG_PDF_CONVERTER_URL: ${MG_PDF_CONVERTER_URL}
|
|
MG_REPORTS_CALLOUT_URLS: ${MG_REPORTS_CALLOUT_URLS}
|
|
MG_REPORTS_CALLOUT_METHOD: ${MG_REPORTS_CALLOUT_METHOD}
|
|
MG_REPORTS_CALLOUT_TLS_VERIFICATION: ${MG_REPORTS_CALLOUT_TLS_VERIFICATION}
|
|
MG_REPORTS_CALLOUT_TIMEOUT: ${MG_REPORTS_CALLOUT_TIMEOUT}
|
|
MG_REPORTS_CALLOUT_CA_CERT: ${MG_REPORTS_CALLOUT_CA_CERT}
|
|
MG_REPORTS_CALLOUT_CERT: ${MG_REPORTS_CALLOUT_CERT}
|
|
MG_REPORTS_CALLOUT_KEY: ${MG_REPORTS_CALLOUT_KEY}
|
|
MG_REPORTS_CALLOUT_OPERATIONS: ${MG_REPORTS_CALLOUT_OPERATIONS}
|
|
MG_MESSAGE_BROKER_URL: ${MG_MESSAGE_BROKER_URL}
|
|
MG_ES_URL: ${MG_ES_URL}
|
|
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
|
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
|
MG_SEND_TELEMETRY: ${MG_SEND_TELEMETRY}
|
|
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
|
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
|
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
MG_SPICEDB_PRE_SHARED_KEY: ${MG_SPICEDB_PRE_SHARED_KEY}
|
|
MG_SPICEDB_HOST: ${MG_SPICEDB_HOST}
|
|
MG_SPICEDB_PORT: ${MG_SPICEDB_PORT}
|
|
MG_SPICEDB_SCHEMA_FILE: ${MG_SPICEDB_SCHEMA_FILE}
|
|
MG_PERMISSIONS_FILE: ${MG_PERMISSIONS_FILE}
|
|
MG_REPORTS_INSTANCE_ID: ${MG_RE_INSTANCE_ID}
|
|
MG_EMAIL_HOST: ${MG_EMAIL_HOST}
|
|
MG_EMAIL_PORT: ${MG_EMAIL_PORT}
|
|
MG_EMAIL_USERNAME: ${MG_EMAIL_USERNAME}
|
|
MG_EMAIL_PASSWORD: ${MG_EMAIL_PASSWORD}
|
|
MG_EMAIL_FROM_ADDRESS: ${MG_EMAIL_FROM_ADDRESS}
|
|
MG_EMAIL_FROM_NAME: ${MG_EMAIL_FROM_NAME}
|
|
MG_EMAIL_TEMPLATE: ${MG_EMAIL_TEMPLATE}
|
|
MG_TIMESCALE_READER_GRPC_URL: ${MG_TIMESCALE_READER_GRPC_URL}
|
|
MG_TIMESCALE_READER_GRPC_TIMEOUT: ${MG_TIMESCALE_READER_GRPC_TIMEOUT}
|
|
MG_TIMESCALE_READER_GRPC_CLIENT_CERT: ${MG_TIMESCALE_READER_GRPC_CLIENT_CERT}
|
|
MG_TIMESCALE_READER_GRPC_SERVER_CA_CERTS: ${MG_TIMESCALE_READER_GRPC_SERVER_CA_CERTS}
|
|
MG_TIMESCALE_READER_GRPC_CLIENT_KEY: ${MG_TIMESCALE_READER_GRPC_CLIENT_KEY}
|
|
MG_DOMAINS_GRPC_URL: ${MG_DOMAINS_GRPC_URL}
|
|
MG_DOMAINS_GRPC_TIMEOUT: ${MG_DOMAINS_GRPC_TIMEOUT}
|
|
MG_DOMAINS_GRPC_CLIENT_CERT: ${MG_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
MG_DOMAINS_GRPC_CLIENT_KEY: ${MG_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
MG_DOMAINS_GRPC_SERVER_CA_CERTS: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
MG_ALLOW_UNVERIFIED_USER: ${MG_ALLOW_UNVERIFIED_USER}
|
|
ports:
|
|
- ${MG_REPORTS_HTTP_PORT}:${MG_REPORTS_HTTP_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./permission.yaml:${MG_PERMISSIONS_FILE}
|
|
- ./spicedb/schema.zed:${MG_SPICEDB_SCHEMA_FILE}
|
|
- ./templates/${MG_REPORTS_EMAIL_TEMPLATE}:/email.tmpl
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Domains gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /domains-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /domains-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
pdf-generator:
|
|
image: gotenberg/gotenberg:8.25.1
|
|
container_name: magistrala-pdf
|
|
ports:
|
|
- "4000:3000"
|
|
networks:
|
|
- magistrala-base-net
|
|
|
|
certs:
|
|
image: ghcr.io/absmach/magistrala/certs:${MG_RELEASE_TAG}
|
|
container_name: magistrala-certs
|
|
depends_on:
|
|
openbao:
|
|
condition: service_healthy
|
|
certs-db:
|
|
condition: service_started
|
|
restart: on-failure
|
|
networks:
|
|
- magistrala-base-net
|
|
environment:
|
|
MG_CERTS_LOG_LEVEL: ${MG_CERTS_LOG_LEVEL}
|
|
MG_CERTS_HTTP_HOST: ${MG_CERTS_HTTP_HOST}
|
|
MG_CERTS_HTTP_PORT: ${MG_CERTS_HTTP_PORT}
|
|
MG_CERTS_GRPC_HOST: ${MG_CERTS_GRPC_HOST}
|
|
MG_CERTS_GRPC_PORT: ${MG_CERTS_GRPC_PORT}
|
|
MG_JAEGER_URL: ${MG_JAEGER_URL}
|
|
MG_JAEGER_TRACE_RATIO: ${MG_JAEGER_TRACE_RATIO}
|
|
MG_CERTS_OPENBAO_HOST: ${MG_CERTS_OPENBAO_HOST}
|
|
MG_CERTS_OPENBAO_APP_ROLE: ${MG_CERTS_OPENBAO_APP_ROLE}
|
|
MG_CERTS_OPENBAO_APP_SECRET: ${MG_CERTS_OPENBAO_APP_SECRET}
|
|
MG_CERTS_OPENBAO_NAMESPACE: ${MG_CERTS_OPENBAO_NAMESPACE}
|
|
MG_CERTS_OPENBAO_PKI_PATH: ${MG_CERTS_OPENBAO_PKI_PATH}
|
|
MG_CERTS_OPENBAO_ROLE: ${MG_CERTS_OPENBAO_ROLE}
|
|
MG_CERTS_OPENBAO_SECRET_ID_TTL: ${MG_CERTS_OPENBAO_SECRET_ID_TTL}
|
|
MG_CERTS_DB_HOST: ${MG_CERTS_DB_HOST}
|
|
MG_CERTS_DB_PORT: ${MG_CERTS_DB_PORT}
|
|
MG_CERTS_DB_USER: ${MG_CERTS_DB_USER}
|
|
MG_CERTS_DB_PASS: ${MG_CERTS_DB_PASS}
|
|
MG_CERTS_DB: ${MG_CERTS_DB}
|
|
MG_CERTS_DB_SSL_MODE: ${MG_CERTS_DB_SSL_MODE}
|
|
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
|
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
|
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
MG_DOMAINS_GRPC_URL: ${MG_DOMAINS_GRPC_URL}
|
|
MG_DOMAINS_GRPC_TIMEOUT: ${MG_DOMAINS_GRPC_TIMEOUT}
|
|
MG_DOMAINS_GRPC_CLIENT_CERT: ${MG_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
MG_DOMAINS_GRPC_CLIENT_KEY: ${MG_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
MG_DOMAINS_GRPC_SERVER_CA_CERTS: ${MG_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
MG_CERTS_SECRET: ${MG_CERTS_SECRET}
|
|
MG_CERTS_SERVICE_TOKEN_PATH: ${MG_CERTS_SERVICE_TOKEN_PATH}
|
|
MG_CERTS_SECRET_ID_PATH: ${MG_CERTS_SECRET_ID_PATH}
|
|
MG_CERTS_SECRET_RENEW_THRESHOLD: ${MG_CERTS_SECRET_RENEW_THRESHOLD}
|
|
MG_CERTS_SECRET_CHECK_INTERVAL: ${MG_CERTS_SECRET_CHECK_INTERVAL}
|
|
MG_ALLOW_UNVERIFIED_USER: ${MG_ALLOW_UNVERIFIED_USER}
|
|
ports:
|
|
- ${MG_CERTS_HTTP_PORT}:${MG_CERTS_HTTP_PORT}
|
|
- ${MG_CERTS_GRPC_PORT}:${MG_CERTS_GRPC_PORT}
|
|
volumes:
|
|
- magistrala-openbao-data:/openbao:ro
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${AM_AUTH_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${AM_AUTH_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${AM_AUTH_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Domains gRPC client certificates
|
|
- type: bind
|
|
source: ${AM_DOMAINS_GRPC_CLIENT_CERT:-./ssl/placeholder}
|
|
target: /domains-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${AM_DOMAINS_GRPC_CLIENT_KEY:-./ssl/placeholder}
|
|
target: /domains-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${AM_DOMAINS_GRPC_SERVER_CA_CERTS:-./ssl/placeholder}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
certs-db:
|
|
image: docker.io/postgres:16.2-alpine
|
|
container_name: magistrala-certs-db
|
|
restart: on-failure
|
|
networks:
|
|
- magistrala-base-net
|
|
command: postgres -c "max_connections=${MG_CERTS_DB_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${MG_CERTS_DB_USER}
|
|
POSTGRES_PASSWORD: ${MG_CERTS_DB_PASS}
|
|
POSTGRES_DB: ${MG_CERTS_DB}
|
|
ports:
|
|
- 5454:5432
|
|
volumes:
|
|
- magistrala-certs-db-volume:/var/lib/postgresql/data
|
|
|
|
openbao:
|
|
image: openbao/openbao:2.4.0
|
|
container_name: magistrala-openbao
|
|
restart: on-failure
|
|
networks:
|
|
- magistrala-base-net
|
|
ports:
|
|
- 8200:8200
|
|
healthcheck:
|
|
test: ["CMD", "sh", "-c", "test -f /opt/openbao/data/service_token"]
|
|
interval: 5s
|
|
timeout: 3s
|
|
retries: 20
|
|
start_period: 30s
|
|
environment:
|
|
- BAO_ADDR=http://127.0.0.1:8200
|
|
- BAO_LOG_LEVEL=info
|
|
- MG_CERTS_OPENBAO_PKI_ROLE=${MG_CERTS_OPENBAO_ROLE}
|
|
- MG_CERTS_OPENBAO_APP_ROLE=${MG_CERTS_OPENBAO_APP_ROLE}
|
|
- MG_CERTS_OPENBAO_APP_SECRET=${MG_CERTS_OPENBAO_APP_SECRET}
|
|
- MG_CERTS_OPENBAO_SECRET_ID_TTL=${MG_CERTS_OPENBAO_SECRET_ID_TTL}
|
|
- MG_CERTS_OPENBAO_NAMESPACE=${MG_CERTS_OPENBAO_NAMESPACE}
|
|
- MG_CERTS_OPENBAO_PKI_CA_CN=${MG_CERTS_OPENBAO_PKI_CA_CN}
|
|
- MG_CERTS_OPENBAO_PKI_CA_OU=${MG_CERTS_OPENBAO_PKI_CA_OU}
|
|
- MG_CERTS_OPENBAO_PKI_CA_O=${MG_CERTS_OPENBAO_PKI_CA_O}
|
|
- MG_CERTS_OPENBAO_PKI_CA_C=${MG_CERTS_OPENBAO_PKI_CA_C}
|
|
- MG_CERTS_OPENBAO_PKI_CA_L=${MG_CERTS_OPENBAO_PKI_CA_L}
|
|
- MG_CERTS_OPENBAO_PKI_CA_ST=${MG_CERTS_OPENBAO_PKI_CA_ST}
|
|
- MG_CERTS_OPENBAO_PKI_CA_ADDR=${MG_CERTS_OPENBAO_PKI_CA_ADDR}
|
|
- MG_CERTS_OPENBAO_PKI_CA_PO=${MG_CERTS_OPENBAO_PKI_CA_PO}
|
|
- MG_CERTS_OPENBAO_PKI_CA_DNS_NAMES=${MG_CERTS_OPENBAO_PKI_CA_DNS_NAMES}
|
|
- MG_CERTS_OPENBAO_PKI_CA_IP_ADDRESSES=${MG_CERTS_OPENBAO_PKI_CA_IP_ADDRESSES}
|
|
- MG_CERTS_OPENBAO_PKI_CA_URI_SANS=${MG_CERTS_OPENBAO_PKI_CA_URI_SANS}
|
|
- MG_CERTS_OPENBAO_PKI_CA_EMAIL_ADDRESSES=${MG_CERTS_OPENBAO_PKI_CA_EMAIL_ADDRESSES}
|
|
- MG_CERTS_OPENBAO_UNSEAL_KEY_1=${MG_CERTS_OPENBAO_UNSEAL_KEY_1}
|
|
- MG_CERTS_OPENBAO_UNSEAL_KEY_2=${MG_CERTS_OPENBAO_UNSEAL_KEY_2}
|
|
- MG_CERTS_OPENBAO_UNSEAL_KEY_3=${MG_CERTS_OPENBAO_UNSEAL_KEY_3}
|
|
- MG_CERTS_OPENBAO_ROOT_TOKEN=${MG_CERTS_OPENBAO_ROOT_TOKEN}
|
|
cap_add:
|
|
- IPC_LOCK
|
|
mem_swappiness: 0
|
|
volumes:
|
|
- magistrala-openbao-data:/opt/openbao/data
|
|
- magistrala-openbao-data:/opt/openbao/config
|
|
- ./openbao-entrypoint.sh:/entrypoint.sh
|
|
entrypoint: /bin/sh
|
|
command: /entrypoint.sh
|