mirror of
https://github.com/absmach/supermq.git
synced 2026-06-23 06:20:18 +00:00
dusan
1605 lines
69 KiB
YAML
1605 lines
69 KiB
YAML
# Copyright (c) Abstract Machines
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
name: "supermq"
|
|
|
|
networks:
|
|
supermq-base-net:
|
|
driver: bridge
|
|
name: supermq-base-net
|
|
|
|
volumes:
|
|
supermq-users-db-volume:
|
|
supermq-groups-db-volume:
|
|
supermq-clients-db-volume:
|
|
supermq-channels-db-volume:
|
|
supermq-channels-redis-volume:
|
|
supermq-clients-redis-volume:
|
|
supermq-broker-volume:
|
|
supermq-mqtt-broker-volume:
|
|
supermq-spicedb-db-volume:
|
|
supermq-auth-db-volume:
|
|
supermq-pat-db-volume:
|
|
supermq-domains-db-volume:
|
|
supermq-domains-redis-volume:
|
|
supermq-auth-redis-volume:
|
|
supermq-auth-keys-volume:
|
|
|
|
services:
|
|
spicedb:
|
|
image: docker.io/authzed/spicedb:v1.37.0
|
|
container_name: supermq-spicedb
|
|
command: "serve"
|
|
restart: "always"
|
|
networks:
|
|
- supermq-base-net
|
|
ports:
|
|
- "8080:8080"
|
|
- "9091:9090"
|
|
- "50051:50051"
|
|
environment:
|
|
SPICEDB_GRPC_PRESHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY}
|
|
SPICEDB_DATASTORE_ENGINE: ${SMQ_SPICEDB_DATASTORE_ENGINE}
|
|
SPICEDB_DATASTORE_CONN_URI: "${SMQ_SPICEDB_DATASTORE_ENGINE}://${SMQ_SPICEDB_DB_USER}:${SMQ_SPICEDB_DB_PASS}@spicedb-db:${SMQ_SPICEDB_DB_PORT}/${SMQ_SPICEDB_DB_NAME}?sslmode=disable"
|
|
depends_on:
|
|
- spicedb-migrate
|
|
|
|
spicedb-migrate:
|
|
image: docker.io/authzed/spicedb:v1.37.0
|
|
container_name: supermq-spicedb-migrate
|
|
command: "migrate head"
|
|
restart: "on-failure"
|
|
networks:
|
|
- supermq-base-net
|
|
environment:
|
|
SPICEDB_DATASTORE_ENGINE: ${SMQ_SPICEDB_DATASTORE_ENGINE}
|
|
SPICEDB_DATASTORE_CONN_URI: "${SMQ_SPICEDB_DATASTORE_ENGINE}://${SMQ_SPICEDB_DB_USER}:${SMQ_SPICEDB_DB_PASS}@spicedb-db:${SMQ_SPICEDB_DB_PORT}/${SMQ_SPICEDB_DB_NAME}?sslmode=disable"
|
|
depends_on:
|
|
- spicedb-db
|
|
|
|
spicedb-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: supermq-spicedb-db
|
|
networks:
|
|
- supermq-base-net
|
|
ports:
|
|
- "6010:5432"
|
|
environment:
|
|
POSTGRES_USER: ${SMQ_SPICEDB_DB_USER}
|
|
POSTGRES_PASSWORD: ${SMQ_SPICEDB_DB_PASS}
|
|
POSTGRES_DB: ${SMQ_SPICEDB_DB_NAME}
|
|
volumes:
|
|
- supermq-spicedb-db-volume:/var/lib/postgresql/data
|
|
command: ["postgres", "-c", "track_commit_timestamp=on"]
|
|
|
|
auth-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: supermq-auth-db
|
|
restart: on-failure
|
|
ports:
|
|
- 6001:5432
|
|
environment:
|
|
POSTGRES_USER: ${SMQ_AUTH_DB_USER}
|
|
POSTGRES_PASSWORD: ${SMQ_AUTH_DB_PASS}
|
|
POSTGRES_DB: ${SMQ_AUTH_DB_NAME}
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
- supermq-auth-db-volume:/var/lib/postgresql/data
|
|
|
|
auth-redis:
|
|
image: docker.io/redis:8.2.2-alpine3.22
|
|
container_name: supermq-auth-redis
|
|
restart: on-failure
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
- supermq-auth-redis-volume:/data
|
|
- ./redis/redis.conf:/etc/redis/redis.conf:ro
|
|
command: ["redis-server", "/etc/redis/redis.conf"]
|
|
|
|
auth:
|
|
image: docker.io/supermq/auth:${SMQ_RELEASE_TAG}
|
|
container_name: supermq-auth
|
|
depends_on:
|
|
- auth-db
|
|
- spicedb
|
|
expose:
|
|
- ${SMQ_AUTH_GRPC_PORT}
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_AUTH_LOG_LEVEL: ${SMQ_AUTH_LOG_LEVEL}
|
|
SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE}
|
|
SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY}
|
|
SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST}
|
|
SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT}
|
|
SMQ_AUTH_INVITATION_DURATION: ${SMQ_AUTH_INVITATION_DURATION}
|
|
SMQ_AUTH_HTTP_HOST: ${SMQ_AUTH_HTTP_HOST}
|
|
SMQ_AUTH_HTTP_PORT: ${SMQ_AUTH_HTTP_PORT}
|
|
SMQ_AUTH_HTTP_SERVER_CERT: ${SMQ_AUTH_HTTP_SERVER_CERT}
|
|
SMQ_AUTH_HTTP_SERVER_KEY: ${SMQ_AUTH_HTTP_SERVER_KEY}
|
|
SMQ_AUTH_GRPC_HOST: ${SMQ_AUTH_GRPC_HOST}
|
|
SMQ_AUTH_GRPC_PORT: ${SMQ_AUTH_GRPC_PORT}
|
|
SMQ_AUTH_ACCESS_TOKEN_DURATION: ${SMQ_AUTH_ACCESS_TOKEN_DURATION}
|
|
SMQ_AUTH_REFRESH_TOKEN_DURATION: ${SMQ_AUTH_REFRESH_TOKEN_DURATION}
|
|
SMQ_AUTH_KEYS_ALGORITHM: ${SMQ_AUTH_KEYS_ALGORITHM}
|
|
SMQ_AUTH_KEYS_ACTIVE_KEY_PATH: ${SMQ_AUTH_KEYS_ACTIVE_KEY_PATH:+/keys/active.key}
|
|
SMQ_AUTH_KEYS_RETIRING_KEY_PATH: ${SMQ_AUTH_KEYS_RETIRING_KEY_PATH:+/keys/retiring.key}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
SMQ_AUTH_GRPC_SERVER_CERT: ${SMQ_AUTH_GRPC_SERVER_CERT:+/auth-grpc-server.crt}
|
|
SMQ_AUTH_GRPC_SERVER_KEY: ${SMQ_AUTH_GRPC_SERVER_KEY:+/auth-grpc-server.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_CA_CERTS: ${SMQ_AUTH_GRPC_CLIENT_CA_CERTS:+/auth-grpc-client-ca.crt}
|
|
SMQ_AUTH_DB_HOST: ${SMQ_AUTH_DB_HOST}
|
|
SMQ_AUTH_DB_PORT: ${SMQ_AUTH_DB_PORT}
|
|
SMQ_AUTH_DB_USER: ${SMQ_AUTH_DB_USER}
|
|
SMQ_AUTH_DB_PASS: ${SMQ_AUTH_DB_PASS}
|
|
SMQ_AUTH_DB_NAME: ${SMQ_AUTH_DB_NAME}
|
|
SMQ_AUTH_DB_SSL_MODE: ${SMQ_AUTH_DB_SSL_MODE}
|
|
SMQ_AUTH_DB_SSL_CERT: ${SMQ_AUTH_DB_SSL_CERT}
|
|
SMQ_AUTH_DB_SSL_KEY: ${SMQ_AUTH_DB_SSL_KEY}
|
|
SMQ_AUTH_DB_SSL_ROOT_CERT: ${SMQ_AUTH_DB_SSL_ROOT_CERT}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_AUTH_ADAPTER_INSTANCE_ID: ${SMQ_AUTH_ADAPTER_INSTANCE_ID}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
SMQ_AUTH_CACHE_URL: ${SMQ_AUTH_CACHE_URL}
|
|
ports:
|
|
- ${SMQ_AUTH_HTTP_PORT}:${SMQ_AUTH_HTTP_PORT}
|
|
- ${SMQ_AUTH_GRPC_PORT}:${SMQ_AUTH_GRPC_PORT}
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
- ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
|
|
- supermq-pat-db-volume:/supermq-data
|
|
# Auth active private key file
|
|
- type: bind
|
|
source: ${SMQ_AUTH_KEYS_ACTIVE_KEY_PATH}
|
|
target: /keys/active.key
|
|
read_only: true
|
|
# Auth retiring private key file (optional, for key rotation)
|
|
- type: bind
|
|
source: ${SMQ_AUTH_KEYS_RETIRING_KEY_PATH:-ssl/certs/dummy/retiring_key}
|
|
target: /keys/retiring.key
|
|
read_only: true
|
|
bind:
|
|
create_host_path: true
|
|
# Auth gRPC mTLS server certificates
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert}
|
|
target: /auth-grpc-server.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key}
|
|
target: /auth-grpc-server.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs}
|
|
target: /auth-grpc-client-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Auth Callout Client Certificates
|
|
- type: bind
|
|
source: ${SMQ_AUTH_CALLOUT_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /auth-callout-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_CALLOUT_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /auth-callout-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_CALLOUT_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs}
|
|
target: /auth-callout-client-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
domains-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: supermq-domains-db
|
|
restart: on-failure
|
|
ports:
|
|
- 6003:5432
|
|
environment:
|
|
POSTGRES_USER: ${SMQ_DOMAINS_DB_USER}
|
|
POSTGRES_PASSWORD: ${SMQ_DOMAINS_DB_PASS}
|
|
POSTGRES_DB: ${SMQ_DOMAINS_DB_NAME}
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
- supermq-domains-db-volume:/var/lib/postgresql/data
|
|
|
|
domains-redis:
|
|
image: docker.io/redis:8.2.2-alpine3.22
|
|
container_name: supermq-domains-redis
|
|
restart: on-failure
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
- supermq-domains-redis-volume:/data
|
|
|
|
domains:
|
|
image: docker.io/supermq/domains:${SMQ_RELEASE_TAG}
|
|
container_name: supermq-domains
|
|
depends_on:
|
|
- domains-db
|
|
- spicedb
|
|
expose:
|
|
- ${SMQ_DOMAINS_GRPC_PORT}
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_DOMAINS_LOG_LEVEL: ${SMQ_DOMAINS_LOG_LEVEL}
|
|
SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY}
|
|
SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST}
|
|
SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT}
|
|
SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE}
|
|
SMQ_DOMAINS_HTTP_HOST: ${SMQ_DOMAINS_HTTP_HOST}
|
|
SMQ_DOMAINS_HTTP_PORT: ${SMQ_DOMAINS_HTTP_PORT}
|
|
SMQ_DOMAINS_HTTP_SERVER_CERT: ${SMQ_DOMAINS_HTTP_SERVER_CERT}
|
|
SMQ_DOMAINS_HTTP_SERVER_KEY: ${SMQ_DOMAINS_HTTP_SERVER_KEY}
|
|
SMQ_DOMAINS_GRPC_HOST: ${SMQ_DOMAINS_GRPC_HOST}
|
|
SMQ_DOMAINS_GRPC_PORT: ${SMQ_DOMAINS_GRPC_PORT}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
SMQ_DOMAINS_GRPC_SERVER_CERT: ${SMQ_DOMAINS_GRPC_SERVER_CERT:+/domains-grpc-server.crt}
|
|
SMQ_DOMAINS_GRPC_SERVER_KEY: ${SMQ_DOMAINS_GRPC_SERVER_KEY:+/domains-grpc-server.key}
|
|
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS: ${SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS:+/domains-grpc-client-ca.crt}
|
|
SMQ_DOMAINS_DB_HOST: ${SMQ_DOMAINS_DB_HOST}
|
|
SMQ_DOMAINS_DB_PORT: ${SMQ_DOMAINS_DB_PORT}
|
|
SMQ_DOMAINS_DB_USER: ${SMQ_DOMAINS_DB_USER}
|
|
SMQ_DOMAINS_DB_PASS: ${SMQ_DOMAINS_DB_PASS}
|
|
SMQ_DOMAINS_DB_NAME: ${SMQ_DOMAINS_DB_NAME}
|
|
SMQ_DOMAINS_DB_SSL_MODE: ${SMQ_DOMAINS_DB_SSL_MODE}
|
|
SMQ_DOMAINS_DB_SSL_CERT: ${SMQ_DOMAINS_DB_SSL_CERT}
|
|
SMQ_DOMAINS_DB_SSL_KEY: ${SMQ_DOMAINS_DB_SSL_KEY}
|
|
SMQ_DOMAINS_DB_SSL_ROOT_CERT: ${SMQ_DOMAINS_DB_SSL_ROOT_CERT}
|
|
SMQ_DOMAINS_INSTANCE_ID: ${SMQ_DOMAINS_INSTANCE_ID}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
SMQ_DOMAINS_CACHE_URL: ${SMQ_DOMAINS_CACHE_URL}
|
|
SMQ_DOMAINS_CACHE_KEY_DURATION: ${SMQ_DOMAINS_CACHE_KEY_DURATION}
|
|
SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
|
|
SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
|
|
SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_AUTH_KEYS_ALGORITHM: ${SMQ_AUTH_KEYS_ALGORITHM}
|
|
SMQ_GROUPS_GRPC_URL: ${SMQ_GROUPS_GRPC_URL}
|
|
SMQ_GROUPS_GRPC_TIMEOUT: ${SMQ_GROUPS_GRPC_TIMEOUT}
|
|
SMQ_GROUPS_GRPC_CLIENT_CERT: ${SMQ_GROUPS_GRPC_CLIENT_CERT:+/groups-grpc-client.crt}
|
|
SMQ_GROUPS_GRPC_CLIENT_KEY: ${SMQ_GROUPS_GRPC_CLIENT_KEY:+/groups-grpc-client.key}
|
|
SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt}
|
|
SMQ_CHANNELS_URL: ${SMQ_CHANNELS_URL}
|
|
SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL}
|
|
SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT}
|
|
SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
SMQ_CLIENTS_GRPC_URL: ${SMQ_CLIENTS_GRPC_URL}
|
|
SMQ_CLIENTS_GRPC_TIMEOUT: ${SMQ_CLIENTS_GRPC_TIMEOUT}
|
|
SMQ_CLIENTS_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
SMQ_CLIENTS_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
SMQ_CLIENTS_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_DOMAINS_CALLOUT_URLS: ${SMQ_DOMAINS_CALLOUT_URLS}
|
|
SMQ_DOMAINS_CALLOUT_METHOD: ${SMQ_DOMAINS_CALLOUT_METHOD}
|
|
SMQ_DOMAINS_CALLOUT_TLS_VERIFICATION: ${SMQ_DOMAINS_CALLOUT_TLS_VERIFICATION}
|
|
SMQ_DOMAINS_CALLOUT_TIMEOUT: ${SMQ_DOMAINS_CALLOUT_TIMEOUT}
|
|
SMQ_DOMAINS_CALLOUT_CA_CERT: ${SMQ_DOMAINS_CALLOUT_CA_CERT}
|
|
SMQ_DOMAINS_CALLOUT_CERT: ${SMQ_DOMAINS_CALLOUT_CERT}
|
|
SMQ_DOMAINS_CALLOUT_KEY: ${SMQ_DOMAINS_CALLOUT_KEY}
|
|
SMQ_DOMAINS_CALLOUT_OPERATIONS: ${SMQ_DOMAINS_CALLOUT_OPERATIONS}
|
|
SMQ_ALLOW_UNVERIFIED_USER: ${SMQ_ALLOW_UNVERIFIED_USER}
|
|
ports:
|
|
- ${SMQ_DOMAINS_HTTP_PORT}:${SMQ_DOMAINS_HTTP_PORT}
|
|
- ${SMQ_DOMAINS_GRPC_PORT}:${SMQ_DOMAINS_GRPC_PORT}
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
- ./permission.yaml:/permission.yaml
|
|
- ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
|
|
# Auth gRPC mTLS server certificates
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert}
|
|
target: /domains-grpc-server.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key}
|
|
target: /domains-grpc-server.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs}
|
|
target: /domains-grpc-client-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Groups gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /groups-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /groups-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /groups-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Channels gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /channels-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /channels-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /channels-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Clients gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /clients-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /clients-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /clients-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
nginx:
|
|
image: docker.io/nginx:1.29.2-alpine3.22
|
|
container_name: supermq-nginx
|
|
restart: on-failure
|
|
volumes:
|
|
- ./nginx/nginx-${AUTH-key}.conf:/etc/nginx/nginx.conf.template
|
|
- ./nginx/entrypoint.sh:/docker-entrypoint.d/entrypoint.sh
|
|
- ./nginx/snippets:/etc/nginx/snippets
|
|
- ./ssl/authorization.js:/etc/nginx/authorization.js
|
|
- type: bind
|
|
source: ${SMQ_NGINX_SERVER_CERT:-./ssl/certs/supermq-server.crt}
|
|
target: /etc/ssl/certs/supermq-server.crt
|
|
- type: bind
|
|
source: ${SMQ_NGINX_SERVER_KEY:-./ssl/certs/supermq-server.key}
|
|
target: /etc/ssl/private/supermq-server.key
|
|
- type: bind
|
|
source: ${SMQ_NGINX_SERVER_CLIENT_CA:-./ssl/certs/ca.crt}
|
|
target: /etc/ssl/certs/ca.crt
|
|
- type: bind
|
|
source: ${SMQ_NGINX_SERVER_DHPARAM:-./ssl/dhparam.pem}
|
|
target: /etc/ssl/certs/dhparam.pem
|
|
ports:
|
|
- ${SMQ_NGINX_HTTP_PORT}:${SMQ_NGINX_HTTP_PORT}
|
|
- ${SMQ_NGINX_SSL_PORT}:${SMQ_NGINX_SSL_PORT}
|
|
- ${SMQ_NGINX_MQTT_PORT}:${SMQ_NGINX_MQTT_PORT}
|
|
- ${SMQ_NGINX_MQTTS_PORT}:${SMQ_NGINX_MQTTS_PORT}
|
|
networks:
|
|
- supermq-base-net
|
|
env_file:
|
|
- .env
|
|
depends_on:
|
|
- auth
|
|
- clients
|
|
- users
|
|
- mqtt-adapter
|
|
- http-adapter
|
|
- coap-adapter
|
|
ulimits:
|
|
nofile:
|
|
soft: 65536
|
|
hard: 65536
|
|
|
|
clients-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: supermq-clients-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${SMQ_CLIENTS_DB_USER}
|
|
POSTGRES_PASSWORD: ${SMQ_CLIENTS_DB_PASS}
|
|
POSTGRES_DB: ${SMQ_CLIENTS_DB_NAME}
|
|
SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS}
|
|
networks:
|
|
- supermq-base-net
|
|
ports:
|
|
- 6006:5432
|
|
volumes:
|
|
- supermq-clients-db-volume:/var/lib/postgresql/data
|
|
|
|
clients-redis:
|
|
image: docker.io/redis:8.2.2-alpine3.22
|
|
container_name: supermq-clients-redis
|
|
restart: on-failure
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
- supermq-clients-redis-volume:/data
|
|
|
|
clients:
|
|
image: docker.io/supermq/clients:${SMQ_RELEASE_TAG}
|
|
container_name: supermq-clients
|
|
depends_on:
|
|
- clients-db
|
|
- users
|
|
- auth
|
|
- nats
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_CLIENTS_LOG_LEVEL: ${SMQ_CLIENTS_LOG_LEVEL}
|
|
SMQ_CLIENTS_STANDALONE_ID: ${SMQ_CLIENTS_STANDALONE_ID}
|
|
SMQ_CLIENTS_STANDALONE_TOKEN: ${SMQ_CLIENTS_STANDALONE_TOKEN}
|
|
SMQ_CLIENTS_CACHE_KEY_DURATION: ${SMQ_CLIENTS_CACHE_KEY_DURATION}
|
|
SMQ_CLIENTS_HTTP_HOST: ${SMQ_CLIENTS_HTTP_HOST}
|
|
SMQ_CLIENTS_HTTP_PORT: ${SMQ_CLIENTS_HTTP_PORT}
|
|
SMQ_CLIENTS_GRPC_HOST: ${SMQ_CLIENTS_GRPC_HOST}
|
|
SMQ_CLIENTS_GRPC_PORT: ${SMQ_CLIENTS_GRPC_PORT}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
SMQ_CLIENTS_GRPC_SERVER_CERT: ${SMQ_CLIENTS_GRPC_SERVER_CERT:+/clients-grpc-server.crt}
|
|
SMQ_CLIENTS_GRPC_SERVER_KEY: ${SMQ_CLIENTS_GRPC_SERVER_KEY:+/clients-grpc-server.key}
|
|
SMQ_CLIENTS_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
SMQ_CLIENTS_GRPC_CLIENT_CA_CERTS: ${SMQ_CLIENTS_GRPC_CLIENT_CA_CERTS:+/clients-grpc-client-ca.crt}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
SMQ_CLIENTS_CACHE_URL: ${SMQ_CLIENTS_CACHE_URL}
|
|
SMQ_CLIENTS_DB_HOST: ${SMQ_CLIENTS_DB_HOST}
|
|
SMQ_CLIENTS_DB_PORT: ${SMQ_CLIENTS_DB_PORT}
|
|
SMQ_CLIENTS_DB_USER: ${SMQ_CLIENTS_DB_USER}
|
|
SMQ_CLIENTS_DB_PASS: ${SMQ_CLIENTS_DB_PASS}
|
|
SMQ_CLIENTS_DB_NAME: ${SMQ_CLIENTS_DB_NAME}
|
|
SMQ_CLIENTS_DB_SSL_MODE: ${SMQ_CLIENTS_DB_SSL_MODE}
|
|
SMQ_CLIENTS_DB_SSL_CERT: ${SMQ_CLIENTS_DB_SSL_CERT}
|
|
SMQ_CLIENTS_DB_SSL_KEY: ${SMQ_CLIENTS_DB_SSL_KEY}
|
|
SMQ_CLIENTS_DB_SSL_ROOT_CERT: ${SMQ_CLIENTS_DB_SSL_ROOT_CERT}
|
|
SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
|
|
SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
|
|
SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_AUTH_KEYS_ALGORITHM: ${SMQ_AUTH_KEYS_ALGORITHM}
|
|
SMQ_CHANNELS_URL: ${SMQ_CHANNELS_URL}
|
|
SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL}
|
|
SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT}
|
|
SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
SMQ_GROUPS_URL: ${SMQ_GROUPS_URL}
|
|
SMQ_GROUPS_GRPC_URL: ${SMQ_GROUPS_GRPC_URL}
|
|
SMQ_GROUPS_GRPC_TIMEOUT: ${SMQ_GROUPS_GRPC_TIMEOUT}
|
|
SMQ_GROUPS_GRPC_CLIENT_CERT: ${SMQ_GROUPS_GRPC_CLIENT_CERT:+/groups-grpc-client.crt}
|
|
SMQ_GROUPS_GRPC_CLIENT_KEY: ${SMQ_GROUPS_GRPC_CLIENT_KEY:+/groups-grpc-client.key}
|
|
SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt}
|
|
SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL}
|
|
SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT}
|
|
SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY}
|
|
SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST}
|
|
SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT}
|
|
SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE}
|
|
SMQ_CLIENTS_CALLOUT_URLS: ${SMQ_CLIENTS_CALLOUT_URLS}
|
|
SMQ_CLIENTS_CALLOUT_METHOD: ${SMQ_CLIENTS_CALLOUT_METHOD}
|
|
SMQ_CLIENTS_CALLOUT_TLS_VERIFICATION: ${SMQ_CLIENTS_CALLOUT_TLS_VERIFICATION}
|
|
SMQ_CLIENTS_CALLOUT_TIMEOUT: ${SMQ_CLIENTS_CALLOUT_TIMEOUT}
|
|
SMQ_CLIENTS_CALLOUT_CA_CERT: ${SMQ_CLIENTS_CALLOUT_CA_CERT}
|
|
SMQ_CLIENTS_CALLOUT_CERT: ${SMQ_CLIENTS_CALLOUT_CERT}
|
|
SMQ_CLIENTS_CALLOUT_KEY: ${SMQ_CLIENTS_CALLOUT_KEY}
|
|
SMQ_CLIENTS_CALLOUT_OPERATIONS: ${SMQ_CLIENTS_CALLOUT_OPERATIONS}
|
|
SMQ_ALLOW_UNVERIFIED_USER: ${SMQ_ALLOW_UNVERIFIED_USER}
|
|
ports:
|
|
- ${SMQ_CLIENTS_HTTP_PORT}:${SMQ_CLIENTS_HTTP_PORT}
|
|
- ${SMQ_CLIENTS_GRPC_PORT}:${SMQ_CLIENTS_GRPC_PORT}
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
- ./permission.yaml:/permission.yaml
|
|
- ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
|
|
# Clients gRPC server certificates
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert}
|
|
target: /clients-grpc-server.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key}
|
|
target: /clients-grpc-server.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs}
|
|
target: /clients-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs}
|
|
target: /clients-grpc-client-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Channel gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /channels-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /channels-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /channels-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Group gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /groups-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /groups-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /groups-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Domain gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /domains-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /domains-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
channels-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: supermq-channels-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${SMQ_CHANNELS_DB_USER}
|
|
POSTGRES_PASSWORD: ${SMQ_CHANNELS_DB_PASS}
|
|
POSTGRES_DB: ${SMQ_CHANNELS_DB_NAME}
|
|
SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS}
|
|
networks:
|
|
- supermq-base-net
|
|
ports:
|
|
- 6005:5432
|
|
volumes:
|
|
- supermq-channels-db-volume:/var/lib/postgresql/data
|
|
|
|
channels-redis:
|
|
image: docker.io/redis:8.2.2-alpine3.22
|
|
container_name: supermq-channels-redis
|
|
restart: on-failure
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
- supermq-channels-redis-volume:/data
|
|
|
|
channels:
|
|
image: docker.io/supermq/channels:${SMQ_RELEASE_TAG}
|
|
container_name: supermq-channels
|
|
depends_on:
|
|
- channels-db
|
|
- channels-redis
|
|
- users
|
|
- auth
|
|
- nats
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_CHANNELS_LOG_LEVEL: ${SMQ_CHANNELS_LOG_LEVEL}
|
|
SMQ_CHANNELS_INSTANCE_ID: ${SMQ_CHANNELS_INSTANCE_ID}
|
|
SMQ_CHANNELS_HTTP_HOST: ${SMQ_CHANNELS_HTTP_HOST}
|
|
SMQ_CHANNELS_HTTP_PORT: ${SMQ_CHANNELS_HTTP_PORT}
|
|
SMQ_CHANNELS_GRPC_HOST: ${SMQ_CHANNELS_GRPC_HOST}
|
|
SMQ_CHANNELS_GRPC_PORT: ${SMQ_CHANNELS_GRPC_PORT}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
SMQ_CHANNELS_GRPC_SERVER_CERT: ${SMQ_CHANNELS_GRPC_SERVER_CERT:+/channels-grpc-server.crt}
|
|
SMQ_CHANNELS_GRPC_SERVER_KEY: ${SMQ_CHANNELS_GRPC_SERVER_KEY:+/channels-grpc-server.key}
|
|
SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS: ${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:+/channels-grpc-client-ca.crt}
|
|
SMQ_CHANNELS_DB_HOST: ${SMQ_CHANNELS_DB_HOST}
|
|
SMQ_CHANNELS_DB_PORT: ${SMQ_CHANNELS_DB_PORT}
|
|
SMQ_CHANNELS_DB_USER: ${SMQ_CHANNELS_DB_USER}
|
|
SMQ_CHANNELS_DB_PASS: ${SMQ_CHANNELS_DB_PASS}
|
|
SMQ_CHANNELS_DB_NAME: ${SMQ_CHANNELS_DB_NAME}
|
|
SMQ_CHANNELS_DB_SSL_MODE: ${SMQ_CHANNELS_DB_SSL_MODE}
|
|
SMQ_CHANNELS_DB_SSL_CERT: ${SMQ_CHANNELS_DB_SSL_CERT}
|
|
SMQ_CHANNELS_DB_SSL_KEY: ${SMQ_CHANNELS_DB_SSL_KEY}
|
|
SMQ_CHANNELS_DB_SSL_ROOT_CERT: ${SMQ_CHANNELS_DB_SSL_ROOT_CERT}
|
|
SMQ_CHANNELS_CACHE_URL: ${SMQ_CHANNELS_CACHE_URL}
|
|
SMQ_CHANNELS_CACHE_KEY_DURATION: ${SMQ_CHANNELS_CACHE_KEY_DURATION}
|
|
SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
|
|
SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
|
|
SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_AUTH_KEYS_ALGORITHM: ${SMQ_AUTH_KEYS_ALGORITHM}
|
|
SMQ_CLIENTS_GRPC_URL: ${SMQ_CLIENTS_GRPC_URL}
|
|
SMQ_CLIENTS_GRPC_TIMEOUT: ${SMQ_CLIENTS_GRPC_TIMEOUT}
|
|
SMQ_CLIENTS_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
SMQ_CLIENTS_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
SMQ_CLIENTS_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
SMQ_GROUPS_GRPC_URL: ${SMQ_GROUPS_GRPC_URL}
|
|
SMQ_GROUPS_GRPC_TIMEOUT: ${SMQ_GROUPS_GRPC_TIMEOUT}
|
|
SMQ_GROUPS_GRPC_CLIENT_CERT: ${SMQ_GROUPS_GRPC_CLIENT_CERT:+/groups-grpc-client.crt}
|
|
SMQ_GROUPS_GRPC_CLIENT_KEY: ${SMQ_GROUPS_GRPC_CLIENT_KEY:+/groups-grpc-client.key}
|
|
SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt}
|
|
SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL}
|
|
SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT}
|
|
SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY}
|
|
SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST}
|
|
SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT}
|
|
SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE}
|
|
SMQ_CHANNELS_CALLOUT_URLS: ${SMQ_CHANNELS_CALLOUT_URLS}
|
|
SMQ_CHANNELS_CALLOUT_METHOD: ${SMQ_CHANNELS_CALLOUT_METHOD}
|
|
SMQ_CHANNELS_CALLOUT_TLS_VERIFICATION: ${SMQ_CHANNELS_CALLOUT_TLS_VERIFICATION}
|
|
SMQ_CHANNELS_CALLOUT_TIMEOUT: ${SMQ_CHANNELS_CALLOUT_TIMEOUT}
|
|
SMQ_CHANNELS_CALLOUT_CA_CERT: ${SMQ_CHANNELS_CALLOUT_CA_CERT}
|
|
SMQ_CHANNELS_CALLOUT_CERT: ${SMQ_CHANNELS_CALLOUT_CERT}
|
|
SMQ_CHANNELS_CALLOUT_KEY: ${SMQ_CHANNELS_CALLOUT_KEY}
|
|
SMQ_CHANNELS_CALLOUT_OPERATIONS: ${SMQ_CHANNELS_CALLOUT_OPERATIONS}
|
|
SMQ_ALLOW_UNVERIFIED_USER: ${SMQ_ALLOW_UNVERIFIED_USER}
|
|
ports:
|
|
- ${SMQ_CHANNELS_HTTP_PORT}:${SMQ_CHANNELS_HTTP_PORT}
|
|
- ${SMQ_CHANNELS_GRPC_PORT}:${SMQ_CHANNELS_GRPC_PORT}
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
- ./permission.yaml:/permission.yaml
|
|
- ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
|
|
# Channels gRPC server certificates
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert}
|
|
target: /channels-grpc-server.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key}
|
|
target: /channels-grpc-server.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs}
|
|
target: /channels-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs}
|
|
target: /channels-grpc-client-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Clients gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /clients-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /clients-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /clients-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Groups gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /groups-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /groups-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /groups-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Domains gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /domains-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /domains-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
users-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: supermq-users-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${SMQ_USERS_DB_USER}
|
|
POSTGRES_PASSWORD: ${SMQ_USERS_DB_PASS}
|
|
POSTGRES_DB: ${SMQ_USERS_DB_NAME}
|
|
SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS}
|
|
ports:
|
|
- 6002:5432
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
- supermq-users-db-volume:/var/lib/postgresql/data
|
|
|
|
users:
|
|
image: docker.io/supermq/users:${SMQ_RELEASE_TAG}
|
|
container_name: supermq-users
|
|
depends_on:
|
|
- users-db
|
|
- auth
|
|
- nats
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_USERS_LOG_LEVEL: ${SMQ_USERS_LOG_LEVEL}
|
|
SMQ_USERS_SECRET_KEY: ${SMQ_USERS_SECRET_KEY}
|
|
SMQ_USERS_ADMIN_EMAIL: ${SMQ_USERS_ADMIN_EMAIL}
|
|
SMQ_USERS_ADMIN_PASSWORD: ${SMQ_USERS_ADMIN_PASSWORD}
|
|
SMQ_USERS_ADMIN_USERNAME: ${SMQ_USERS_ADMIN_USERNAME}
|
|
SMQ_USERS_ADMIN_FIRST_NAME: ${SMQ_USERS_ADMIN_FIRST_NAME}
|
|
SMQ_USERS_ADMIN_LAST_NAME: ${SMQ_USERS_ADMIN_LAST_NAME}
|
|
SMQ_USERS_PASS_REGEX: ${SMQ_USERS_PASS_REGEX}
|
|
SMQ_USERS_HTTP_HOST: ${SMQ_USERS_HTTP_HOST}
|
|
SMQ_USERS_HTTP_PORT: ${SMQ_USERS_HTTP_PORT}
|
|
SMQ_USERS_HTTP_SERVER_CERT: ${SMQ_USERS_HTTP_SERVER_CERT}
|
|
SMQ_USERS_HTTP_SERVER_KEY: ${SMQ_USERS_HTTP_SERVER_KEY}
|
|
SMQ_USERS_GRPC_HOST: ${SMQ_USERS_GRPC_HOST}
|
|
SMQ_USERS_GRPC_PORT: ${SMQ_USERS_GRPC_PORT}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
SMQ_USERS_GRPC_SERVER_CERT: ${SMQ_USERS_GRPC_SERVER_CERT:+/users-grpc-server.crt}
|
|
SMQ_USERS_GRPC_SERVER_KEY: ${SMQ_USERS_GRPC_SERVER_KEY:+/users-grpc-server.key}
|
|
SMQ_USERS_GRPC_SERVER_CA_CERTS: ${SMQ_USERS_GRPC_SERVER_CA_CERTS:+/users-grpc-server-ca.crt}
|
|
SMQ_USERS_GRPC_CLIENT_CA_CERTS: ${SMQ_USERS_GRPC_CLIENT_CA_CERTS:+/users-grpc-client-ca.crt}
|
|
SMQ_USERS_DB_HOST: ${SMQ_USERS_DB_HOST}
|
|
SMQ_USERS_DB_PORT: ${SMQ_USERS_DB_PORT}
|
|
SMQ_USERS_DB_USER: ${SMQ_USERS_DB_USER}
|
|
SMQ_USERS_DB_PASS: ${SMQ_USERS_DB_PASS}
|
|
SMQ_USERS_DB_NAME: ${SMQ_USERS_DB_NAME}
|
|
SMQ_USERS_DB_SSL_MODE: ${SMQ_USERS_DB_SSL_MODE}
|
|
SMQ_USERS_DB_SSL_CERT: ${SMQ_USERS_DB_SSL_CERT}
|
|
SMQ_USERS_DB_SSL_KEY: ${SMQ_USERS_DB_SSL_KEY}
|
|
SMQ_USERS_DB_SSL_ROOT_CERT: ${SMQ_USERS_DB_SSL_ROOT_CERT}
|
|
SMQ_USERS_ALLOW_SELF_REGISTER: ${SMQ_USERS_ALLOW_SELF_REGISTER}
|
|
SMQ_EMAIL_HOST: ${SMQ_EMAIL_HOST}
|
|
SMQ_EMAIL_PORT: ${SMQ_EMAIL_PORT}
|
|
SMQ_EMAIL_USERNAME: ${SMQ_EMAIL_USERNAME}
|
|
SMQ_EMAIL_PASSWORD: ${SMQ_EMAIL_PASSWORD}
|
|
SMQ_EMAIL_FROM_ADDRESS: ${SMQ_EMAIL_FROM_ADDRESS}
|
|
SMQ_EMAIL_FROM_NAME: ${SMQ_EMAIL_FROM_NAME}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
|
|
SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
|
|
SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_AUTH_KEYS_ALGORITHM: ${SMQ_AUTH_KEYS_ALGORITHM}
|
|
SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL}
|
|
SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT}
|
|
SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
SMQ_GOOGLE_CLIENT_ID: ${SMQ_GOOGLE_CLIENT_ID}
|
|
SMQ_GOOGLE_CLIENT_SECRET: ${SMQ_GOOGLE_CLIENT_SECRET}
|
|
SMQ_GOOGLE_REDIRECT_URL: ${SMQ_GOOGLE_REDIRECT_URL}
|
|
SMQ_GOOGLE_STATE: ${SMQ_GOOGLE_STATE}
|
|
SMQ_OAUTH_UI_REDIRECT_URL: ${SMQ_OAUTH_UI_REDIRECT_URL}
|
|
SMQ_OAUTH_UI_ERROR_URL: ${SMQ_OAUTH_UI_ERROR_URL}
|
|
SMQ_USERS_DELETE_INTERVAL: ${SMQ_USERS_DELETE_INTERVAL}
|
|
SMQ_USERS_DELETE_AFTER: ${SMQ_USERS_DELETE_AFTER}
|
|
SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY}
|
|
SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST}
|
|
SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT}
|
|
SMQ_PASSWORD_RESET_URL_PREFIX: ${SMQ_PASSWORD_RESET_URL_PREFIX}
|
|
SMQ_PASSWORD_RESET_EMAIL_TEMPLATE: ${SMQ_PASSWORD_RESET_EMAIL_TEMPLATE}
|
|
SMQ_VERIFICATION_URL_PREFIX: ${SMQ_VERIFICATION_URL_PREFIX}
|
|
SMQ_VERIFICATION_EMAIL_TEMPLATE: ${SMQ_VERIFICATION_EMAIL_TEMPLATE}
|
|
SMQ_ALLOW_UNVERIFIED_USER: ${SMQ_ALLOW_UNVERIFIED_USER}
|
|
ports:
|
|
- ${SMQ_USERS_HTTP_PORT}:${SMQ_USERS_HTTP_PORT}
|
|
- ${SMQ_USERS_GRPC_PORT}:${SMQ_USERS_GRPC_PORT}
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
- ./templates/${SMQ_PASSWORD_RESET_EMAIL_TEMPLATE}:/${SMQ_PASSWORD_RESET_EMAIL_TEMPLATE}
|
|
- ./templates/${SMQ_VERIFICATION_EMAIL_TEMPLATE}:/${SMQ_VERIFICATION_EMAIL_TEMPLATE}
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Domains gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /domains-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /domains-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
notifications:
|
|
image: docker.io/supermq/notifications:${SMQ_RELEASE_TAG}
|
|
container_name: supermq-notifications
|
|
depends_on:
|
|
- nats
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_NOTIFICATIONS_LOG_LEVEL: ${SMQ_NOTIFICATIONS_LOG_LEVEL}
|
|
SMQ_NOTIFICATIONS_INSTANCE_ID: ${SMQ_NOTIFICATIONS_INSTANCE_ID}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_EMAIL_HOST: ${SMQ_EMAIL_HOST}
|
|
SMQ_EMAIL_PORT: ${SMQ_EMAIL_PORT}
|
|
SMQ_EMAIL_USERNAME: ${SMQ_EMAIL_USERNAME}
|
|
SMQ_EMAIL_PASSWORD: ${SMQ_EMAIL_PASSWORD}
|
|
SMQ_EMAIL_FROM_ADDRESS: ${SMQ_EMAIL_FROM_ADDRESS}
|
|
SMQ_EMAIL_FROM_NAME: ${SMQ_EMAIL_FROM_NAME}
|
|
SMQ_EMAIL_INVITATION_TEMPLATE: ${SMQ_EMAIL_INVITATION_TEMPLATE}
|
|
SMQ_EMAIL_ACCEPTANCE_TEMPLATE: ${SMQ_EMAIL_ACCEPTANCE_TEMPLATE}
|
|
SMQ_EMAIL_REJECTION_TEMPLATE: ${SMQ_EMAIL_REJECTION_TEMPLATE}
|
|
SMQ_USERS_GRPC_URL: ${SMQ_USERS_GRPC_URL}
|
|
SMQ_USERS_GRPC_TIMEOUT: ${SMQ_USERS_GRPC_TIMEOUT}
|
|
SMQ_USERS_GRPC_CLIENT_CERT: ${SMQ_USERS_GRPC_CLIENT_CERT:+/users-grpc-client.crt}
|
|
SMQ_USERS_GRPC_CLIENT_KEY: ${SMQ_USERS_GRPC_CLIENT_KEY:+/users-grpc-client.key}
|
|
SMQ_USERS_GRPC_SERVER_CA_CERTS: ${SMQ_USERS_GRPC_SERVER_CA_CERTS:+/users-grpc-server-ca.crt}
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
- ./templates/${SMQ_EMAIL_INVITATION_TEMPLATE}:/${SMQ_EMAIL_INVITATION_TEMPLATE}
|
|
- ./templates/${SMQ_EMAIL_ACCEPTANCE_TEMPLATE}:/${SMQ_EMAIL_ACCEPTANCE_TEMPLATE}
|
|
- ./templates/${SMQ_EMAIL_REJECTION_TEMPLATE}:/${SMQ_EMAIL_REJECTION_TEMPLATE}
|
|
# Users gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_USERS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /users-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_USERS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /users-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_USERS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /users-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
groups-db:
|
|
image: docker.io/postgres:18.0-alpine3.22
|
|
container_name: supermq-groups-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${SMQ_GROUPS_DB_USER}
|
|
POSTGRES_PASSWORD: ${SMQ_GROUPS_DB_PASS}
|
|
POSTGRES_DB: ${SMQ_GROUPS_DB_NAME}
|
|
SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS}
|
|
ports:
|
|
- 6004:5432
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
- supermq-groups-db-volume:/var/lib/postgresql/data
|
|
|
|
groups:
|
|
image: docker.io/supermq/groups:${SMQ_RELEASE_TAG}
|
|
container_name: supermq-groups
|
|
depends_on:
|
|
- groups-db
|
|
- auth
|
|
- nats
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_GROUPS_LOG_LEVEL: ${SMQ_GROUPS_LOG_LEVEL}
|
|
SMQ_GROUPS_HTTP_HOST: ${SMQ_GROUPS_HTTP_HOST}
|
|
SMQ_GROUPS_HTTP_PORT: ${SMQ_GROUPS_HTTP_PORT}
|
|
SMQ_GROUPS_HTTP_SERVER_CERT: ${SMQ_GROUPS_HTTP_SERVER_CERT}
|
|
SMQ_GROUPS_HTTP_SERVER_KEY: ${SMQ_GROUPS_HTTP_SERVER_KEY}
|
|
SMQ_GROUPS_GRPC_HOST: ${SMQ_GROUPS_GRPC_HOST}
|
|
SMQ_GROUPS_GRPC_PORT: ${SMQ_GROUPS_GRPC_PORT}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
SMQ_GROUPS_GRPC_SERVER_CERT: ${SMQ_GROUPS_GRPC_SERVER_CERT:+/groups-grpc-server.crt}
|
|
SMQ_GROUPS_GRPC_SERVER_KEY: ${SMQ_GROUPS_GRPC_SERVER_KEY:+/groups-grpc-server.key}
|
|
SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt}
|
|
SMQ_GROUPS_GRPC_CLIENT_CA_CERTS: ${SMQ_GROUPS_GRPC_CLIENT_CA_CERTS:+/groups-grpc-client-ca.crt}
|
|
SMQ_GROUPS_DB_HOST: ${SMQ_GROUPS_DB_HOST}
|
|
SMQ_GROUPS_DB_PORT: ${SMQ_GROUPS_DB_PORT}
|
|
SMQ_GROUPS_DB_USER: ${SMQ_GROUPS_DB_USER}
|
|
SMQ_GROUPS_DB_PASS: ${SMQ_GROUPS_DB_PASS}
|
|
SMQ_GROUPS_DB_NAME: ${SMQ_GROUPS_DB_NAME}
|
|
SMQ_GROUPS_DB_SSL_MODE: ${SMQ_GROUPS_DB_SSL_MODE}
|
|
SMQ_GROUPS_DB_SSL_CERT: ${SMQ_GROUPS_DB_SSL_CERT}
|
|
SMQ_GROUPS_DB_SSL_KEY: ${SMQ_GROUPS_DB_SSL_KEY}
|
|
SMQ_GROUPS_DB_SSL_ROOT_CERT: ${SMQ_GROUPS_DB_SSL_ROOT_CERT}
|
|
SMQ_CHANNELS_URL: ${SMQ_CHANNELS_URL}
|
|
SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL}
|
|
SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT}
|
|
SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
SMQ_CLIENTS_GRPC_URL: ${SMQ_CLIENTS_GRPC_URL}
|
|
SMQ_CLIENTS_GRPC_TIMEOUT: ${SMQ_CLIENTS_GRPC_TIMEOUT}
|
|
SMQ_CLIENTS_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
SMQ_CLIENTS_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
SMQ_CLIENTS_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL}
|
|
SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT}
|
|
SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
|
|
SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
|
|
SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_AUTH_KEYS_ALGORITHM: ${SMQ_AUTH_KEYS_ALGORITHM}
|
|
SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY}
|
|
SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST}
|
|
SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT}
|
|
SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE}
|
|
SMQ_GROUPS_CALLOUT_URLS: ${SMQ_GROUPS_CALLOUT_URLS}
|
|
SMQ_GROUPS_CALLOUT_METHOD: ${SMQ_GROUPS_CALLOUT_METHOD}
|
|
SMQ_GROUPS_CALLOUT_TLS_VERIFICATION: ${SMQ_GROUPS_CALLOUT_TLS_VERIFICATION}
|
|
SMQ_GROUPS_CALLOUT_TIMEOUT: ${SMQ_GROUPS_CALLOUT_TIMEOUT}
|
|
SMQ_GROUPS_CALLOUT_CA_CERT: ${SMQ_GROUPS_CALLOUT_CA_CERT}
|
|
SMQ_GROUPS_CALLOUT_CERT: ${SMQ_GROUPS_CALLOUT_CERT}
|
|
SMQ_GROUPS_CALLOUT_KEY: ${SMQ_GROUPS_CALLOUT_KEY}
|
|
SMQ_GROUPS_CALLOUT_OPERATIONS: ${SMQ_GROUPS_CALLOUT_OPERATIONS}
|
|
SMQ_ALLOW_UNVERIFIED_USER: ${SMQ_ALLOW_UNVERIFIED_USER}
|
|
ports:
|
|
- ${SMQ_GROUPS_HTTP_PORT}:${SMQ_GROUPS_HTTP_PORT}
|
|
- ${SMQ_GROUPS_GRPC_PORT}:${SMQ_GROUPS_GRPC_PORT}
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
- ./permission.yaml:/permission.yaml
|
|
- ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
|
|
# Groups gRPC server certificates
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert}
|
|
target: /groups-grpc-server.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key}
|
|
target: /groups-grpc-server.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs}
|
|
target: /groups-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs}
|
|
target: /groups-grpc-client-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Clients gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /clients-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /clients-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /clients-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Channels gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /channels-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /channels-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /channels-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Domains gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /domains-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /domains-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
jaeger:
|
|
image: docker.io/jaegertracing/all-in-one:1.74.0
|
|
container_name: supermq-jaeger
|
|
environment:
|
|
COLLECTOR_OTLP_ENABLED: ${SMQ_JAEGER_COLLECTOR_OTLP_ENABLED}
|
|
command: --memory.max-traces ${SMQ_JAEGER_MEMORY_MAX_TRACES}
|
|
ports:
|
|
- ${SMQ_JAEGER_FRONTEND}:${SMQ_JAEGER_FRONTEND}
|
|
- ${SMQ_JAEGER_OLTP_HTTP}:${SMQ_JAEGER_OLTP_HTTP}
|
|
networks:
|
|
- supermq-base-net
|
|
|
|
mqtt-adapter:
|
|
image: docker.io/supermq/mqtt:${SMQ_RELEASE_TAG}
|
|
container_name: supermq-mqtt
|
|
depends_on:
|
|
- clients
|
|
- rabbitmq
|
|
- nats
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_MQTT_ADAPTER_LOG_LEVEL: ${SMQ_MQTT_ADAPTER_LOG_LEVEL}
|
|
SMQ_MQTT_ADAPTER_MQTT_PORT: ${SMQ_MQTT_ADAPTER_MQTT_PORT}
|
|
SMQ_MQTT_ADAPTER_MQTT_TARGET_HOST: ${SMQ_MQTT_ADAPTER_MQTT_TARGET_HOST}
|
|
SMQ_MQTT_ADAPTER_MQTT_TARGET_PORT: ${SMQ_MQTT_ADAPTER_MQTT_TARGET_PORT}
|
|
SMQ_MQTT_ADAPTER_MQTT_TARGET_USERNAME: ${SMQ_MQTT_ADAPTER_MQTT_TARGET_USERNAME}
|
|
SMQ_MQTT_ADAPTER_MQTT_TARGET_PASSWORD: ${SMQ_MQTT_ADAPTER_MQTT_TARGET_PASSWORD}
|
|
SMQ_MQTT_ADAPTER_FORWARDER_TIMEOUT: ${SMQ_MQTT_ADAPTER_FORWARDER_TIMEOUT}
|
|
SMQ_MQTT_ADAPTER_MQTT_TARGET_HEALTH_CHECK: ${SMQ_MQTT_ADAPTER_MQTT_TARGET_HEALTH_CHECK}
|
|
SMQ_MQTT_ADAPTER_MQTT_QOS: ${SMQ_MQTT_ADAPTER_MQTT_QOS}
|
|
SMQ_MQTT_ADAPTER_WS_PORT: ${SMQ_MQTT_ADAPTER_WS_PORT}
|
|
SMQ_MQTT_ADAPTER_INSTANCE_ID: ${SMQ_MQTT_ADAPTER_INSTANCE_ID}
|
|
SMQ_MQTT_ADAPTER_WS_TARGET_HOST: ${SMQ_MQTT_ADAPTER_WS_TARGET_HOST}
|
|
SMQ_MQTT_ADAPTER_WS_TARGET_PORT: ${SMQ_MQTT_ADAPTER_WS_TARGET_PORT}
|
|
SMQ_MQTT_ADAPTER_WS_TARGET_PATH: ${SMQ_MQTT_ADAPTER_WS_TARGET_PATH}
|
|
SMQ_MQTT_ADAPTER_INSTANCE: ${SMQ_MQTT_ADAPTER_INSTANCE}
|
|
SMQ_MQTT_ADAPTER_CACHE_NUM_COUNTERS: ${SMQ_MQTT_ADAPTER_CACHE_NUM_COUNTERS}
|
|
SMQ_MQTT_ADAPTER_CACHE_MAX_COST: ${SMQ_MQTT_ADAPTER_CACHE_MAX_COST}
|
|
SMQ_MQTT_ADAPTER_CACHE_BUFFER_ITEMS: ${SMQ_MQTT_ADAPTER_CACHE_BUFFER_ITEMS}
|
|
SMQ_MQTT_ADAPTER_CERT_FILE: ${SMQ_MQTT_ADAPTER_CERT_FILE:+/mqtt-adapter.crt}
|
|
SMQ_MQTT_ADAPTER_KEY_FILE: ${SMQ_MQTT_ADAPTER_KEY_FILE:+/mqtt-adapter.key}
|
|
SMQ_MQTT_ADAPTER_SERVER_CA_FILE: ${SMQ_MQTT_ADAPTER_SERVER_CA_FILE:+/mqtt-adapter-server-ca.crt}
|
|
SMQ_MQTT_ADAPTER_CLIENT_CA_FILE: ${SMQ_MQTT_ADAPTER_CLIENT_CA_FILE:+/mqtt-adapter-client-ca.crt}
|
|
SMQ_MQTT_ADAPTER_CERT_VERIFICATION_METHODS: ${SMQ_MQTT_ADAPTER_CERT_VERIFICATION_METHODS}
|
|
SMQ_MQTT_ADAPTER_OCSP_RESPONDER_URL: ${SMQ_MQTT_ADAPTER_OCSP_RESPONDER_URL}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
SMQ_CLIENTS_GRPC_URL: ${SMQ_CLIENTS_GRPC_URL}
|
|
SMQ_CLIENTS_GRPC_TIMEOUT: ${SMQ_CLIENTS_GRPC_TIMEOUT}
|
|
SMQ_CLIENTS_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
SMQ_CLIENTS_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
SMQ_CLIENTS_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL}
|
|
SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT}
|
|
SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL}
|
|
SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT}
|
|
SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_MESSAGE_BROKER_URL: ${SMQ_MESSAGE_BROKER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
# TLS certificate for MQTT
|
|
- type: bind
|
|
source: ${SMQ_MQTT_ADAPTER_CERT_FILE:-ssl/certs/dummy/server_cert}
|
|
target: /mqtt-adapter.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_MQTT_ADAPTER_KEY_FILE:-ssl/certs/dummy/server_key}
|
|
target: /mqtt-adapter.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_MQTT_ADAPTER_SERVER_CA_FILE:-ssl/certs/dummy/server_ca}
|
|
target: /mqtt-adapter-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_MQTT_ADAPTER_CLIENT_CA_FILE:-ssl/certs/dummy/client_ca}
|
|
target: /mqtt-adapter-client-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Clients gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /clients-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /clients-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /clients-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Channels gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /channels-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /channels-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /channels-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Domains gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /domains-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /domains-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
http-adapter:
|
|
image: docker.io/supermq/http:${SMQ_RELEASE_TAG}
|
|
container_name: supermq-http
|
|
depends_on:
|
|
- clients
|
|
- nats
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_HTTP_ADAPTER_LOG_LEVEL: ${SMQ_HTTP_ADAPTER_LOG_LEVEL}
|
|
SMQ_HTTP_ADAPTER_HOST: ${SMQ_HTTP_ADAPTER_HOST}
|
|
SMQ_HTTP_ADAPTER_PORT: ${SMQ_HTTP_ADAPTER_PORT}
|
|
SMQ_HTTP_ADAPTER_SERVER_CERT: ${SMQ_HTTP_ADAPTER_SERVER_CERT}
|
|
SMQ_HTTP_ADAPTER_SERVER_KEY: ${SMQ_HTTP_ADAPTER_SERVER_KEY}
|
|
SMQ_HTTP_ADAPTER_CACHE_NUM_COUNTERS: ${SMQ_HTTP_ADAPTER_CACHE_NUM_COUNTERS}
|
|
SMQ_HTTP_ADAPTER_CACHE_MAX_COST: ${SMQ_HTTP_ADAPTER_CACHE_MAX_COST}
|
|
SMQ_HTTP_ADAPTER_CACHE_BUFFER_ITEMS: ${SMQ_HTTP_ADAPTER_CACHE_BUFFER_ITEMS}
|
|
SMQ_CLIENTS_GRPC_URL: ${SMQ_CLIENTS_GRPC_URL}
|
|
SMQ_CLIENTS_GRPC_TIMEOUT: ${SMQ_CLIENTS_GRPC_TIMEOUT}
|
|
SMQ_CLIENTS_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
SMQ_CLIENTS_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
SMQ_CLIENTS_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL}
|
|
SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT}
|
|
SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL}
|
|
SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT}
|
|
SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
|
|
SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
|
|
SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_AUTH_KEYS_ALGORITHM: ${SMQ_AUTH_KEYS_ALGORITHM}
|
|
SMQ_MESSAGE_BROKER_URL: ${SMQ_MESSAGE_BROKER_URL}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_HTTP_ADAPTER_INSTANCE_ID: ${SMQ_HTTP_ADAPTER_INSTANCE_ID}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
ports:
|
|
- ${SMQ_HTTP_ADAPTER_PORT}:${SMQ_HTTP_ADAPTER_PORT}
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
# Clients gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /clients-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /clients-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /clients-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Channels gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /channels-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /channels-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /channels-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Auth gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /auth-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /auth-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /auth-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Domains gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /domains-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /domains-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
coap-adapter:
|
|
image: docker.io/supermq/coap:${SMQ_RELEASE_TAG}
|
|
container_name: supermq-coap
|
|
depends_on:
|
|
- clients
|
|
- nats
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_COAP_ADAPTER_LOG_LEVEL: ${SMQ_COAP_ADAPTER_LOG_LEVEL}
|
|
SMQ_COAP_ADAPTER_HOST: ${SMQ_COAP_ADAPTER_HOST}
|
|
SMQ_COAP_ADAPTER_PORT: ${SMQ_COAP_ADAPTER_PORT}
|
|
SMQ_COAP_ADAPTER_SERVER_CERT_FILE: ${SMQ_COAP_ADAPTER_SERVER_CERT_FILE:+/coap-server.crt}
|
|
SMQ_COAP_ADAPTER_SERVER_KEY_FILE: ${SMQ_COAP_ADAPTER_SERVER_KEY_FILE:+/coap-server.key}
|
|
SMQ_COAP_ADAPTER_SERVER_CA_FILE: ${SMQ_COAP_ADAPTER_SERVER_CA_FILE:+/coap-server-ca.crt}
|
|
SMQ_COAP_ADAPTER_HTTP_HOST: ${SMQ_COAP_ADAPTER_HTTP_HOST}
|
|
SMQ_COAP_ADAPTER_HTTP_PORT: ${SMQ_COAP_ADAPTER_HTTP_PORT}
|
|
SMQ_COAP_ADAPTER_HTTP_SERVER_CERT: ${SMQ_COAP_ADAPTER_HTTP_SERVER_CERT}
|
|
SMQ_COAP_ADAPTER_HTTP_SERVER_KEY: ${SMQ_COAP_ADAPTER_HTTP_SERVER_KEY}
|
|
SMQ_COAP_ADAPTER_CACHE_NUM_COUNTERS: ${SMQ_COAP_ADAPTER_CACHE_NUM_COUNTERS}
|
|
SMQ_COAP_ADAPTER_CACHE_MAX_COST: ${SMQ_COAP_ADAPTER_CACHE_MAX_COST}
|
|
SMQ_COAP_ADAPTER_CACHE_BUFFER_ITEMS: ${SMQ_COAP_ADAPTER_CACHE_BUFFER_ITEMS}
|
|
SMQ_CLIENTS_GRPC_URL: ${SMQ_CLIENTS_GRPC_URL}
|
|
SMQ_CLIENTS_GRPC_TIMEOUT: ${SMQ_CLIENTS_GRPC_TIMEOUT}
|
|
SMQ_CLIENTS_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
SMQ_CLIENTS_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
SMQ_CLIENTS_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL}
|
|
SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT}
|
|
SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL}
|
|
SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT}
|
|
SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
SMQ_MESSAGE_BROKER_URL: ${SMQ_MESSAGE_BROKER_URL}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_COAP_ADAPTER_INSTANCE_ID: ${SMQ_COAP_ADAPTER_INSTANCE_ID}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
ports:
|
|
- ${SMQ_COAP_ADAPTER_PORT}:${SMQ_COAP_ADAPTER_PORT}/udp
|
|
- ${SMQ_COAP_ADAPTER_HTTP_PORT}:${SMQ_COAP_ADAPTER_HTTP_PORT}/tcp
|
|
networks:
|
|
- supermq-base-net
|
|
volumes:
|
|
# DTLS certificates for CoAP
|
|
- type: bind
|
|
source: ${SMQ_COAP_ADAPTER_SERVER_CERT_FILE:-ssl/certs/dummy/server_cert}
|
|
target: /coap-server.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_COAP_ADAPTER_SERVER_KEY_FILE:-ssl/certs/dummy/server_key}
|
|
target: /coap-server.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_COAP_ADAPTER_SERVER_CA_FILE:-ssl/certs/dummy/server_ca}
|
|
target: /coap-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Clients gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /clients-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /clients-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /clients-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Channels gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /channels-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /channels-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /channels-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca}
|
|
target: /channels-grpc-client-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
# Domains gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /domains-grpc-client.crt
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /domains-grpc-client.key
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /domains-grpc-server-ca.crt
|
|
bind:
|
|
create_host_path: true
|
|
|
|
rabbitmq:
|
|
image: docker.io/rabbitmq:4.1.4-management-alpine
|
|
container_name: supermq-rabbitmq
|
|
restart: on-failure
|
|
environment:
|
|
RABBITMQ_ERLANG_COOKIE: ${SMQ_RABBITMQ_COOKIE}
|
|
RABBITMQ_DEFAULT_USER: ${SMQ_RABBITMQ_USER}
|
|
RABBITMQ_DEFAULT_PASS: ${SMQ_RABBITMQ_PASS}
|
|
RABBITMQ_DEFAULT_VHOST: ${SMQ_RABBITMQ_VHOST}
|
|
RABBITMQ_CONFIG_FILES: /etc/rabbitmq/conf.d/
|
|
ports:
|
|
- ${SMQ_RABBITMQ_PORT}:${SMQ_RABBITMQ_PORT}
|
|
- ${SMQ_RABBITMQ_HTTP_PORT}:${SMQ_RABBITMQ_HTTP_PORT}
|
|
- ${SMQ_RABBITMQ_WS_PORT}:${SMQ_RABBITMQ_WS_PORT}
|
|
volumes:
|
|
- ./rabbitmq/enabled_plugins:/etc/rabbitmq/enabled_plugins
|
|
- ./rabbitmq/rabbitmq.conf:/etc/rabbitmq/conf.d/10-defaults.conf
|
|
- supermq-mqtt-broker-volume:/var/lib/rabbitmq
|
|
networks:
|
|
- supermq-base-net
|
|
|
|
nats:
|
|
image: docker.io/nats:2.12.0-alpine3.22
|
|
container_name: supermq-nats
|
|
restart: on-failure
|
|
command: "--config=/etc/nats/nats.conf"
|
|
environment:
|
|
- SMQ_NATS_PORT=${SMQ_NATS_PORT}
|
|
- SMQ_NATS_HTTP_PORT=${SMQ_NATS_HTTP_PORT}
|
|
- SMQ_NATS_JETSTREAM_KEY=${SMQ_NATS_JETSTREAM_KEY}
|
|
ports:
|
|
- ${SMQ_NATS_PORT}:${SMQ_NATS_PORT}
|
|
- ${SMQ_NATS_HTTP_PORT}:${SMQ_NATS_HTTP_PORT}
|
|
volumes:
|
|
- supermq-broker-volume:/data
|
|
- ./nats:/etc/nats
|
|
networks:
|
|
- supermq-base-net
|