mirror of
https://github.com/absmach/supermq.git
synced 2026-06-23 06:40:19 +00:00
Dušan Borovčanin
20bc79ad8b
* Move invitations to Domain Signed-off-by: Dusan Borovcanin <borovcanindusan1@gmail.com> * Update README run command Signed-off-by: Dusan Borovcanin <borovcanindusan1@gmail.com> * Remove invitations from UI Signed-off-by: Dusan Borovcanin <borovcanindusan1@gmail.com> --------- Signed-off-by: Dusan Borovcanin <borovcanindusan1@gmail.com>
1459 lines
65 KiB
YAML
1459 lines
65 KiB
YAML
# Copyright (c) Abstract Machines
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
name: "supermq"
|
|
|
|
networks:
|
|
magistrala-base-net:
|
|
driver: bridge
|
|
|
|
volumes:
|
|
magistrala-users-db-volume:
|
|
magistrala-groups-db-volume:
|
|
magistrala-clients-db-volume:
|
|
magistrala-channels-db-volume:
|
|
magistrala-clients-redis-volume:
|
|
magistrala-broker-volume:
|
|
magistrala-spicedb-db-volume:
|
|
magistrala-auth-db-volume:
|
|
magistrala-pat-db-volume:
|
|
magistrala-domains-db-volume:
|
|
magistrala-domains-redis-volume:
|
|
magistrala-journal-volume:
|
|
magistrala-ui-backend-db-volume:
|
|
magistrala-re-db-volume:
|
|
|
|
services:
|
|
spicedb:
|
|
image: "authzed/spicedb:v1.37.0"
|
|
container_name: magistrala-spicedb
|
|
command: "serve"
|
|
restart: "always"
|
|
networks:
|
|
- magistrala-base-net
|
|
ports:
|
|
- "8080:8080"
|
|
- "9091:9090"
|
|
- "50051:50051"
|
|
environment:
|
|
SPICEDB_GRPC_PRESHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY}
|
|
SPICEDB_DATASTORE_ENGINE: ${SMQ_SPICEDB_DATASTORE_ENGINE}
|
|
SPICEDB_DATASTORE_CONN_URI: "${SMQ_SPICEDB_DATASTORE_ENGINE}://${SMQ_SPICEDB_DB_USER}:${SMQ_SPICEDB_DB_PASS}@spicedb-db:${SMQ_SPICEDB_DB_PORT}/${SMQ_SPICEDB_DB_NAME}?sslmode=disable"
|
|
depends_on:
|
|
- spicedb-migrate
|
|
|
|
spicedb-migrate:
|
|
image: "authzed/spicedb:v1.37.0"
|
|
container_name: magistrala-spicedb-migrate
|
|
command: "migrate head"
|
|
restart: "on-failure"
|
|
networks:
|
|
- magistrala-base-net
|
|
environment:
|
|
SPICEDB_DATASTORE_ENGINE: ${SMQ_SPICEDB_DATASTORE_ENGINE}
|
|
SPICEDB_DATASTORE_CONN_URI: "${SMQ_SPICEDB_DATASTORE_ENGINE}://${SMQ_SPICEDB_DB_USER}:${SMQ_SPICEDB_DB_PASS}@spicedb-db:${SMQ_SPICEDB_DB_PORT}/${SMQ_SPICEDB_DB_NAME}?sslmode=disable"
|
|
depends_on:
|
|
- spicedb-db
|
|
|
|
spicedb-db:
|
|
image: "postgres:16.2-alpine"
|
|
container_name: magistrala-spicedb-db
|
|
networks:
|
|
- magistrala-base-net
|
|
ports:
|
|
- "6010:5432"
|
|
environment:
|
|
POSTGRES_USER: ${SMQ_SPICEDB_DB_USER}
|
|
POSTGRES_PASSWORD: ${SMQ_SPICEDB_DB_PASS}
|
|
POSTGRES_DB: ${SMQ_SPICEDB_DB_NAME}
|
|
volumes:
|
|
- magistrala-spicedb-db-volume:/var/lib/postgresql/data
|
|
command: ["postgres", "-c", "track_commit_timestamp=on"]
|
|
|
|
auth-db:
|
|
image: postgres:16.2-alpine
|
|
container_name: magistrala-auth-db
|
|
restart: on-failure
|
|
ports:
|
|
- 6001:5432
|
|
environment:
|
|
POSTGRES_USER: ${SMQ_AUTH_DB_USER}
|
|
POSTGRES_PASSWORD: ${SMQ_AUTH_DB_PASS}
|
|
POSTGRES_DB: ${SMQ_AUTH_DB_NAME}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-auth-db-volume:/var/lib/postgresql/data
|
|
|
|
auth:
|
|
image: supermq/auth:${MG_RELEASE_TAG}
|
|
container_name: magistrala-auth
|
|
depends_on:
|
|
- auth-db
|
|
- spicedb
|
|
expose:
|
|
- ${SMQ_AUTH_GRPC_PORT}
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_AUTH_LOG_LEVEL: ${SMQ_AUTH_LOG_LEVEL}
|
|
SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE}
|
|
SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY}
|
|
SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST}
|
|
SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT}
|
|
SMQ_AUTH_ACCESS_TOKEN_DURATION: ${SMQ_AUTH_ACCESS_TOKEN_DURATION}
|
|
SMQ_AUTH_REFRESH_TOKEN_DURATION: ${SMQ_AUTH_REFRESH_TOKEN_DURATION}
|
|
SMQ_AUTH_INVITATION_DURATION: ${SMQ_AUTH_INVITATION_DURATION}
|
|
SMQ_AUTH_SECRET_KEY: ${SMQ_AUTH_SECRET_KEY}
|
|
SMQ_AUTH_HTTP_HOST: ${SMQ_AUTH_HTTP_HOST}
|
|
SMQ_AUTH_HTTP_PORT: ${SMQ_AUTH_HTTP_PORT}
|
|
SMQ_AUTH_HTTP_SERVER_CERT: ${SMQ_AUTH_HTTP_SERVER_CERT}
|
|
SMQ_AUTH_HTTP_SERVER_KEY: ${SMQ_AUTH_HTTP_SERVER_KEY}
|
|
SMQ_AUTH_GRPC_HOST: ${SMQ_AUTH_GRPC_HOST}
|
|
SMQ_AUTH_GRPC_PORT: ${SMQ_AUTH_GRPC_PORT}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
SMQ_AUTH_GRPC_SERVER_CERT: ${SMQ_AUTH_GRPC_SERVER_CERT:+/auth-grpc-server.crt}
|
|
SMQ_AUTH_GRPC_SERVER_KEY: ${SMQ_AUTH_GRPC_SERVER_KEY:+/auth-grpc-server.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_CA_CERTS: ${SMQ_AUTH_GRPC_CLIENT_CA_CERTS:+/auth-grpc-client-ca.crt}
|
|
SMQ_AUTH_DB_HOST: ${SMQ_AUTH_DB_HOST}
|
|
SMQ_AUTH_DB_PORT: ${SMQ_AUTH_DB_PORT}
|
|
SMQ_AUTH_DB_USER: ${SMQ_AUTH_DB_USER}
|
|
SMQ_AUTH_DB_PASS: ${SMQ_AUTH_DB_PASS}
|
|
SMQ_AUTH_DB_NAME: ${SMQ_AUTH_DB_NAME}
|
|
SMQ_AUTH_DB_SSL_MODE: ${SMQ_AUTH_DB_SSL_MODE}
|
|
SMQ_AUTH_DB_SSL_CERT: ${SMQ_AUTH_DB_SSL_CERT}
|
|
SMQ_AUTH_DB_SSL_KEY: ${SMQ_AUTH_DB_SSL_KEY}
|
|
SMQ_AUTH_DB_SSL_ROOT_CERT: ${SMQ_AUTH_DB_SSL_ROOT_CERT}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_AUTH_ADAPTER_INSTANCE_ID: ${SMQ_AUTH_ADAPTER_INSTANCE_ID}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
ports:
|
|
- ${SMQ_AUTH_HTTP_PORT}:${SMQ_AUTH_HTTP_PORT}
|
|
- ${SMQ_AUTH_GRPC_PORT}:${SMQ_AUTH_GRPC_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
|
|
- magistrala-pat-db-volume:/supermq-data
|
|
# Auth gRPC mTLS server certificates
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert}
|
|
target: /auth-grpc-server${SMQ_AUTH_GRPC_SERVER_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key}
|
|
target: /auth-grpc-server${SMQ_AUTH_GRPC_SERVER_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs}
|
|
target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs}
|
|
target: /auth-grpc-client-ca${SMQ_AUTH_GRPC_CLIENT_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
|
|
domains-db:
|
|
image: postgres:16.2-alpine
|
|
container_name: magistrala-domains-db
|
|
restart: on-failure
|
|
ports:
|
|
- 6003:5432
|
|
environment:
|
|
POSTGRES_USER: ${SMQ_DOMAINS_DB_USER}
|
|
POSTGRES_PASSWORD: ${SMQ_DOMAINS_DB_PASS}
|
|
POSTGRES_DB: ${SMQ_DOMAINS_DB_NAME}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-domains-db-volume:/var/lib/postgresql/data
|
|
|
|
domains-redis:
|
|
image: redis:7.2.4-alpine
|
|
container_name: magistrala-domains-redis
|
|
restart: on-failure
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-domains-redis-volume:/data
|
|
|
|
domains:
|
|
image: supermq/domains:${MG_RELEASE_TAG}
|
|
container_name: magistrala-domains
|
|
depends_on:
|
|
- domains-db
|
|
- spicedb
|
|
expose:
|
|
- ${SMQ_DOMAINS_GRPC_PORT}
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_DOMAINS_LOG_LEVEL: ${SMQ_DOMAINS_LOG_LEVEL}
|
|
SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY}
|
|
SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST}
|
|
SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT}
|
|
SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE}
|
|
SMQ_DOMAINS_HTTP_HOST: ${SMQ_DOMAINS_HTTP_HOST}
|
|
SMQ_DOMAINS_HTTP_PORT: ${SMQ_DOMAINS_HTTP_PORT}
|
|
SMQ_DOMAINS_HTTP_SERVER_CERT: ${SMQ_DOMAINS_HTTP_SERVER_CERT}
|
|
SMQ_DOMAINS_HTTP_SERVER_KEY: ${SMQ_DOMAINS_HTTP_SERVER_KEY}
|
|
SMQ_DOMAINS_GRPC_HOST: ${SMQ_DOMAINS_GRPC_HOST}
|
|
SMQ_DOMAINS_GRPC_PORT: ${SMQ_DOMAINS_GRPC_PORT}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
SMQ_DOMAINS_GRPC_SERVER_CERT: ${SMQ_DOMAINS_GRPC_SERVER_CERT:+/auth-grpc-server.crt}
|
|
SMQ_DOMAINS_GRPC_SERVER_KEY: ${SMQ_DOMAINS_GRPC_SERVER_KEY:+/auth-grpc-server.key}
|
|
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS: ${SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS:+/auth-grpc-client-ca.crt}
|
|
SMQ_DOMAINS_DB_HOST: ${SMQ_DOMAINS_DB_HOST}
|
|
SMQ_DOMAINS_DB_PORT: ${SMQ_DOMAINS_DB_PORT}
|
|
SMQ_DOMAINS_DB_USER: ${SMQ_DOMAINS_DB_USER}
|
|
SMQ_DOMAINS_DB_PASS: ${SMQ_DOMAINS_DB_PASS}
|
|
SMQ_DOMAINS_DB_NAME: ${SMQ_DOMAINS_DB_NAME}
|
|
SMQ_DOMAINS_DB_SSL_MODE: ${SMQ_DOMAINS_DB_SSL_MODE}
|
|
SMQ_DOMAINS_DB_SSL_CERT: ${SMQ_DOMAINS_DB_SSL_CERT}
|
|
SMQ_DOMAINS_DB_SSL_KEY: ${SMQ_DOMAINS_DB_SSL_KEY}
|
|
SMQ_DOMAINS_DB_SSL_ROOT_CERT: ${SMQ_DOMAINS_DB_SSL_ROOT_CERT}
|
|
SMQ_DOMAINS_INSTANCE_ID: ${SMQ_DOMAINS_INSTANCE_ID}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
SMQ_DOMAINS_CACHE_URL: ${SMQ_DOMAINS_CACHE_URL}
|
|
SMQ_DOMAINS_CACHE_KEY_DURATION: ${SMQ_DOMAINS_CACHE_KEY_DURATION}
|
|
SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
|
|
SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
|
|
SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_GROUPS_GRPC_URL: ${SMQ_GROUPS_GRPC_URL}
|
|
SMQ_GROUPS_GRPC_TIMEOUT: ${SMQ_GROUPS_GRPC_TIMEOUT}
|
|
SMQ_GROUPS_GRPC_CLIENT_CERT: ${SMQ_GROUPS_GRPC_CLIENT_CERT:+/groups-grpc-client.crt}
|
|
SMQ_GROUPS_GRPC_CLIENT_KEY: ${SMQ_GROUPS_GRPC_CLIENT_KEY:+/groups-grpc-client.key}
|
|
SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt}
|
|
SMQ_CHANNELS_URL: ${SMQ_CHANNELS_URL}
|
|
SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL}
|
|
SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT}
|
|
SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL}
|
|
SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT}
|
|
SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
ports:
|
|
- ${SMQ_DOMAINS_HTTP_PORT}:${SMQ_DOMAINS_HTTP_PORT}
|
|
- ${SMQ_DOMAINS_GRPC_PORT}:${SMQ_DOMAINS_GRPC_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
|
|
# Auth gRPC mTLS server certificates
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert}
|
|
target: /auth-grpc-server${SMQ_DOMAINS_GRPC_SERVER_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key}
|
|
target: /auth-grpc-server${SMQ_DOMAINS_GRPC_SERVER_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs}
|
|
target: /auth-grpc-server-ca${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs}
|
|
target: /auth-grpc-client-ca${SMQ_DOMAINS_GRPC_CLIENT_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
|
|
nginx:
|
|
image: nginx:1.25.4-alpine
|
|
container_name: magistrala-nginx
|
|
restart: on-failure
|
|
volumes:
|
|
- ./nginx/nginx-${AUTH-key}.conf:/etc/nginx/nginx.conf.template
|
|
- ./nginx/entrypoint.sh:/docker-entrypoint.d/entrypoint.sh
|
|
- ./nginx/snippets:/etc/nginx/snippets
|
|
- ./ssl/authorization.js:/etc/nginx/authorization.js
|
|
- type: bind
|
|
source: ${SMQ_NGINX_SERVER_CERT:-./ssl/certs/magistrala-server.crt}
|
|
target: /etc/ssl/certs/magistrala-server.crt
|
|
- type: bind
|
|
source: ${SMQ_NGINX_SERVER_KEY:-./ssl/certs/magistrala-server.key}
|
|
target: /etc/ssl/private/magistrala-server.key
|
|
- type: bind
|
|
source: ${SMQ_NGINX_SERVER_CLIENT_CA:-./ssl/certs/ca.crt}
|
|
target: /etc/ssl/certs/ca.crt
|
|
- type: bind
|
|
source: ${SMQ_NGINX_SERVER_DHPARAM:-./ssl/dhparam.pem}
|
|
target: /etc/ssl/certs/dhparam.pem
|
|
ports:
|
|
- ${SMQ_NGINX_HTTP_PORT}:${SMQ_NGINX_HTTP_PORT}
|
|
- ${SMQ_NGINX_SSL_PORT}:${SMQ_NGINX_SSL_PORT}
|
|
- ${SMQ_NGINX_MQTT_PORT}:${SMQ_NGINX_MQTT_PORT}
|
|
- ${SMQ_NGINX_MQTTS_PORT}:${SMQ_NGINX_MQTTS_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
env_file:
|
|
- .env
|
|
depends_on:
|
|
- auth
|
|
- clients
|
|
- users
|
|
- mqtt-adapter
|
|
- http-adapter
|
|
- ws-adapter
|
|
- coap-adapter
|
|
|
|
clients-db:
|
|
image: postgres:16.2-alpine
|
|
container_name: magistrala-clients-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${SMQ_CLIENTS_DB_USER}
|
|
POSTGRES_PASSWORD: ${SMQ_CLIENTS_DB_PASS}
|
|
POSTGRES_DB: ${SMQ_CLIENTS_DB_NAME}
|
|
SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS}
|
|
networks:
|
|
- magistrala-base-net
|
|
ports:
|
|
- 6006:5432
|
|
volumes:
|
|
- magistrala-clients-db-volume:/var/lib/postgresql/data
|
|
|
|
clients-redis:
|
|
image: redis:7.2.4-alpine
|
|
container_name: magistrala-clients-redis
|
|
restart: on-failure
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-clients-redis-volume:/data
|
|
|
|
clients:
|
|
image: supermq/clients:${MG_RELEASE_TAG}
|
|
container_name: magistrala-clients
|
|
depends_on:
|
|
- clients-db
|
|
- users
|
|
- auth
|
|
- nats
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_CLIENTS_LOG_LEVEL: ${SMQ_CLIENTS_LOG_LEVEL}
|
|
SMQ_CLIENTS_STANDALONE_ID: ${SMQ_CLIENTS_STANDALONE_ID}
|
|
SMQ_CLIENTS_STANDALONE_TOKEN: ${SMQ_CLIENTS_STANDALONE_TOKEN}
|
|
SMQ_CLIENTS_CACHE_KEY_DURATION: ${SMQ_CLIENTS_CACHE_KEY_DURATION}
|
|
SMQ_CLIENTS_HTTP_HOST: ${SMQ_CLIENTS_HTTP_HOST}
|
|
SMQ_CLIENTS_HTTP_PORT: ${SMQ_CLIENTS_HTTP_PORT}
|
|
SMQ_CLIENTS_AUTH_GRPC_HOST: ${SMQ_CLIENTS_AUTH_GRPC_HOST}
|
|
SMQ_CLIENTS_AUTH_GRPC_PORT: ${SMQ_CLIENTS_AUTH_GRPC_PORT}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT:+/clients-grpc-server.crt}
|
|
SMQ_CLIENTS_AUTH_GRPC_SERVER_KEY: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_KEY:+/clients-grpc-server.key}
|
|
SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
SMQ_CLIENTS_AUTH_GRPC_CLIENT_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CA_CERTS:+/clients-grpc-client-ca.crt}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
SMQ_CLIENTS_CACHE_URL: ${SMQ_CLIENTS_CACHE_URL}
|
|
SMQ_CLIENTS_DB_HOST: ${SMQ_CLIENTS_DB_HOST}
|
|
SMQ_CLIENTS_DB_PORT: ${SMQ_CLIENTS_DB_PORT}
|
|
SMQ_CLIENTS_DB_USER: ${SMQ_CLIENTS_DB_USER}
|
|
SMQ_CLIENTS_DB_PASS: ${SMQ_CLIENTS_DB_PASS}
|
|
SMQ_CLIENTS_DB_NAME: ${SMQ_CLIENTS_DB_NAME}
|
|
SMQ_CLIENTS_DB_SSL_MODE: ${SMQ_CLIENTS_DB_SSL_MODE}
|
|
SMQ_CLIENTS_DB_SSL_CERT: ${SMQ_CLIENTS_DB_SSL_CERT}
|
|
SMQ_CLIENTS_DB_SSL_KEY: ${SMQ_CLIENTS_DB_SSL_KEY}
|
|
SMQ_CLIENTS_DB_SSL_ROOT_CERT: ${SMQ_CLIENTS_DB_SSL_ROOT_CERT}
|
|
SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
|
|
SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
|
|
SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_CHANNELS_URL: ${SMQ_CHANNELS_URL}
|
|
SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL}
|
|
SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT}
|
|
SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
SMQ_GROUPS_URL: ${SMQ_GROUPS_URL}
|
|
SMQ_GROUPS_GRPC_URL: ${SMQ_GROUPS_GRPC_URL}
|
|
SMQ_GROUPS_GRPC_TIMEOUT: ${SMQ_GROUPS_GRPC_TIMEOUT}
|
|
SMQ_GROUPS_GRPC_CLIENT_CERT: ${SMQ_GROUPS_GRPC_CLIENT_CERT:+/groups-grpc-client.crt}
|
|
SMQ_GROUPS_GRPC_CLIENT_KEY: ${SMQ_GROUPS_GRPC_CLIENT_KEY:+/groups-grpc-client.key}
|
|
SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt}
|
|
SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL}
|
|
SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT}
|
|
SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY}
|
|
SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST}
|
|
SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT}
|
|
SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE}
|
|
ports:
|
|
- ${SMQ_CLIENTS_HTTP_PORT}:${SMQ_CLIENTS_HTTP_PORT}
|
|
- ${SMQ_CLIENTS_AUTH_GRPC_PORT}:${SMQ_CLIENTS_AUTH_GRPC_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
|
|
# Clients gRPC server certificates
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT:-ssl/certs/dummy/server_cert}
|
|
target: /clients-grpc-server${SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key}
|
|
target: /clients-grpc-server${SMQ_CLIENTS_AUTH_GRPC_SERVER_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca_certs}
|
|
target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca_certs}
|
|
target: /clients-grpc-client-ca${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
# Channel gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
# Group gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /groups-grpc-client${SMQ_GROUPS_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /groups-grpc-client${SMQ_GROUPS_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_ca}
|
|
target: /groups-grpc-server-ca${SMQ_GROUPS_GRPC_SERVER_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
|
|
channels-db:
|
|
image: postgres:16.2-alpine
|
|
container_name: magistrala-channels-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${SMQ_CHANNELS_DB_USER}
|
|
POSTGRES_PASSWORD: ${SMQ_CHANNELS_DB_PASS}
|
|
POSTGRES_DB: ${SMQ_CHANNELS_DB_NAME}
|
|
SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS}
|
|
networks:
|
|
- magistrala-base-net
|
|
ports:
|
|
- 6005:5432
|
|
volumes:
|
|
- magistrala-channels-db-volume:/var/lib/postgresql/data
|
|
|
|
channels:
|
|
image: supermq/channels:${MG_RELEASE_TAG}
|
|
container_name: magistrala-channels
|
|
depends_on:
|
|
- channels-db
|
|
- users
|
|
- auth
|
|
- nats
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_CHANNELS_LOG_LEVEL: ${SMQ_CHANNELS_LOG_LEVEL}
|
|
SMQ_CHANNELS_INSTANCE_ID: ${SMQ_CHANNELS_INSTANCE_ID}
|
|
SMQ_CHANNELS_HTTP_HOST: ${SMQ_CHANNELS_HTTP_HOST}
|
|
SMQ_CHANNELS_HTTP_PORT: ${SMQ_CHANNELS_HTTP_PORT}
|
|
SMQ_CHANNELS_GRPC_HOST: ${SMQ_CHANNELS_GRPC_HOST}
|
|
SMQ_CHANNELS_GRPC_PORT: ${SMQ_CHANNELS_GRPC_PORT}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
SMQ_CHANNELS_GRPC_SERVER_CERT: ${SMQ_CHANNELS_GRPC_SERVER_CERT:+/channels-grpc-server.crt}
|
|
SMQ_CHANNELS_GRPC_SERVER_KEY: ${SMQ_CHANNELS_GRPC_SERVER_KEY:+/channels-grpc-server.key}
|
|
SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS: ${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:+/channels-grpc-client-ca.crt}
|
|
SMQ_CHANNELS_DB_HOST: ${SMQ_CHANNELS_DB_HOST}
|
|
SMQ_CHANNELS_DB_PORT: ${SMQ_CHANNELS_DB_PORT}
|
|
SMQ_CHANNELS_DB_USER: ${SMQ_CHANNELS_DB_USER}
|
|
SMQ_CHANNELS_DB_PASS: ${SMQ_CHANNELS_DB_PASS}
|
|
SMQ_CHANNELS_DB_NAME: ${SMQ_CHANNELS_DB_NAME}
|
|
SMQ_CHANNELS_DB_SSL_MODE: ${SMQ_CHANNELS_DB_SSL_MODE}
|
|
SMQ_CHANNELS_DB_SSL_CERT: ${SMQ_CHANNELS_DB_SSL_CERT}
|
|
SMQ_CHANNELS_DB_SSL_KEY: ${SMQ_CHANNELS_DB_SSL_KEY}
|
|
SMQ_CHANNELS_DB_SSL_ROOT_CERT: ${SMQ_CHANNELS_DB_SSL_ROOT_CERT}
|
|
SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
|
|
SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
|
|
SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL}
|
|
SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT}
|
|
SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
SMQ_GROUPS_GRPC_URL: ${SMQ_GROUPS_GRPC_URL}
|
|
SMQ_GROUPS_GRPC_TIMEOUT: ${SMQ_GROUPS_GRPC_TIMEOUT}
|
|
SMQ_GROUPS_GRPC_CLIENT_CERT: ${SMQ_GROUPS_GRPC_CLIENT_CERT:+/groups-grpc-client.crt}
|
|
SMQ_GROUPS_GRPC_CLIENT_KEY: ${SMQ_GROUPS_GRPC_CLIENT_KEY:+/groups-grpc-client.key}
|
|
SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt}
|
|
SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL}
|
|
SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT}
|
|
SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY}
|
|
SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST}
|
|
SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT}
|
|
SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE}
|
|
ports:
|
|
- ${SMQ_CHANNELS_HTTP_PORT}:${SMQ_CHANNELS_HTTP_PORT}
|
|
- ${SMQ_CHANNELS_GRPC_PORT}:${SMQ_CHANNELS_GRPC_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT:-ssl/certs/dummy/server_ca}
|
|
target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /groups-grpc-client${SMQ_GROUPS_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /groups-grpc-client${SMQ_GROUPS_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_GROUPS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_ca}
|
|
target: /groups-grpc-server-ca${SMQ_GROUPS_GRPC_SERVER_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_CERT:-ssl/certs/dummy/server_ca}
|
|
target: /channels-grpc-server${SMQ_CHANNELS_GRPC_SERVER_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_KEY:-ssl/certs/dummy/server_key}
|
|
target: /channels-grpc-server${SMQ_CHANNELS_GRPC_SERVER_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca}
|
|
target: /channels-grpc-client-ca${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
|
|
users-db:
|
|
image: postgres:16.2-alpine
|
|
container_name: magistrala-users-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${SMQ_USERS_DB_USER}
|
|
POSTGRES_PASSWORD: ${SMQ_USERS_DB_PASS}
|
|
POSTGRES_DB: ${SMQ_USERS_DB_NAME}
|
|
SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS}
|
|
ports:
|
|
- 6002:5432
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-users-db-volume:/var/lib/postgresql/data
|
|
|
|
users:
|
|
image: supermq/users:${MG_RELEASE_TAG}
|
|
container_name: magistrala-users
|
|
depends_on:
|
|
- users-db
|
|
- auth
|
|
- nats
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_USERS_LOG_LEVEL: ${SMQ_USERS_LOG_LEVEL}
|
|
SMQ_USERS_SECRET_KEY: ${SMQ_USERS_SECRET_KEY}
|
|
SMQ_USERS_ADMIN_EMAIL: ${SMQ_USERS_ADMIN_EMAIL}
|
|
SMQ_USERS_ADMIN_PASSWORD: ${SMQ_USERS_ADMIN_PASSWORD}
|
|
SMQ_USERS_ADMIN_USERNAME: ${SMQ_USERS_ADMIN_USERNAME}
|
|
SMQ_USERS_ADMIN_FIRST_NAME: ${SMQ_USERS_ADMIN_FIRST_NAME}
|
|
SMQ_USERS_ADMIN_LAST_NAME: ${SMQ_USERS_ADMIN_LAST_NAME}
|
|
SMQ_USERS_PASS_REGEX: ${SMQ_USERS_PASS_REGEX}
|
|
SMQ_USERS_ACCESS_TOKEN_DURATION: ${SMQ_USERS_ACCESS_TOKEN_DURATION}
|
|
SMQ_USERS_REFRESH_TOKEN_DURATION: ${SMQ_USERS_REFRESH_TOKEN_DURATION}
|
|
SMQ_TOKEN_RESET_ENDPOINT: ${SMQ_TOKEN_RESET_ENDPOINT}
|
|
SMQ_USERS_HTTP_HOST: ${SMQ_USERS_HTTP_HOST}
|
|
SMQ_USERS_HTTP_PORT: ${SMQ_USERS_HTTP_PORT}
|
|
SMQ_USERS_HTTP_SERVER_CERT: ${SMQ_USERS_HTTP_SERVER_CERT}
|
|
SMQ_USERS_HTTP_SERVER_KEY: ${SMQ_USERS_HTTP_SERVER_KEY}
|
|
SMQ_USERS_DB_HOST: ${SMQ_USERS_DB_HOST}
|
|
SMQ_USERS_DB_PORT: ${SMQ_USERS_DB_PORT}
|
|
SMQ_USERS_DB_USER: ${SMQ_USERS_DB_USER}
|
|
SMQ_USERS_DB_PASS: ${SMQ_USERS_DB_PASS}
|
|
SMQ_USERS_DB_NAME: ${SMQ_USERS_DB_NAME}
|
|
SMQ_USERS_DB_SSL_MODE: ${SMQ_USERS_DB_SSL_MODE}
|
|
SMQ_USERS_DB_SSL_CERT: ${SMQ_USERS_DB_SSL_CERT}
|
|
SMQ_USERS_DB_SSL_KEY: ${SMQ_USERS_DB_SSL_KEY}
|
|
SMQ_USERS_DB_SSL_ROOT_CERT: ${SMQ_USERS_DB_SSL_ROOT_CERT}
|
|
SMQ_USERS_ALLOW_SELF_REGISTER: ${SMQ_USERS_ALLOW_SELF_REGISTER}
|
|
SMQ_EMAIL_HOST: ${SMQ_EMAIL_HOST}
|
|
SMQ_EMAIL_PORT: ${SMQ_EMAIL_PORT}
|
|
SMQ_EMAIL_USERNAME: ${SMQ_EMAIL_USERNAME}
|
|
SMQ_EMAIL_PASSWORD: ${SMQ_EMAIL_PASSWORD}
|
|
SMQ_EMAIL_FROM_ADDRESS: ${SMQ_EMAIL_FROM_ADDRESS}
|
|
SMQ_EMAIL_FROM_NAME: ${SMQ_EMAIL_FROM_NAME}
|
|
SMQ_EMAIL_TEMPLATE: ${SMQ_EMAIL_TEMPLATE}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
|
|
SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
|
|
SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL}
|
|
SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT}
|
|
SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
SMQ_GOOGLE_CLIENT_ID: ${SMQ_GOOGLE_CLIENT_ID}
|
|
SMQ_GOOGLE_CLIENT_SECRET: ${SMQ_GOOGLE_CLIENT_SECRET}
|
|
SMQ_GOOGLE_REDIRECT_URL: ${SMQ_GOOGLE_REDIRECT_URL}
|
|
SMQ_GOOGLE_STATE: ${SMQ_GOOGLE_STATE}
|
|
SMQ_OAUTH_UI_REDIRECT_URL: ${SMQ_OAUTH_UI_REDIRECT_URL}
|
|
SMQ_OAUTH_UI_ERROR_URL: ${SMQ_OAUTH_UI_ERROR_URL}
|
|
SMQ_USERS_DELETE_INTERVAL: ${SMQ_USERS_DELETE_INTERVAL}
|
|
SMQ_USERS_DELETE_AFTER: ${SMQ_USERS_DELETE_AFTER}
|
|
SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY}
|
|
SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST}
|
|
SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT}
|
|
ports:
|
|
- ${SMQ_USERS_HTTP_PORT}:${SMQ_USERS_HTTP_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./templates/${SMQ_USERS_RESET_PWD_TEMPLATE}:/email.tmpl
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
|
|
groups-db:
|
|
image: postgres:16.2-alpine
|
|
container_name: magistrala-groups-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${SMQ_GROUPS_DB_USER}
|
|
POSTGRES_PASSWORD: ${SMQ_GROUPS_DB_PASS}
|
|
POSTGRES_DB: ${SMQ_GROUPS_DB_NAME}
|
|
SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS}
|
|
ports:
|
|
- 6004:5432
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-groups-db-volume:/var/lib/postgresql/data
|
|
|
|
groups:
|
|
image: supermq/groups:${MG_RELEASE_TAG}
|
|
container_name: magistrala-groups
|
|
depends_on:
|
|
- groups-db
|
|
- auth
|
|
- nats
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_GROUPS_LOG_LEVEL: ${SMQ_GROUPS_LOG_LEVEL}
|
|
SMQ_GROUPS_HTTP_HOST: ${SMQ_GROUPS_HTTP_HOST}
|
|
SMQ_GROUPS_HTTP_PORT: ${SMQ_GROUPS_HTTP_PORT}
|
|
SMQ_GROUPS_HTTP_SERVER_CERT: ${SMQ_GROUPS_HTTP_SERVER_CERT}
|
|
SMQ_GROUPS_HTTP_SERVER_KEY: ${SMQ_GROUPS_HTTP_SERVER_KEY}
|
|
SMQ_GROUPS_GRPC_HOST: ${SMQ_GROUPS_GRPC_HOST}
|
|
SMQ_GROUPS_GRPC_PORT: ${SMQ_GROUPS_GRPC_PORT}
|
|
## Compose supports parameter expansion in environment,
|
|
## Eg: ${VAR:+replacement} or ${VAR+replacement} -> replacement if VAR is set and non-empty, otherwise empty
|
|
## Eg :${VAR:-default} or ${VAR-default} -> value of VAR if set and non-empty, otherwise default
|
|
SMQ_GROUPS_GRPC_SERVER_CERT: ${SMQ_GROUPS_GRPC_SERVER_CERT:+/groups-grpc-server.crt}
|
|
SMQ_GROUPS_GRPC_SERVER_KEY: ${SMQ_GROUPS_GRPC_SERVER_KEY:+/groups-grpc-server.key}
|
|
SMQ_GROUPS_GRPC_SERVER_CA_CERTS: ${SMQ_GROUPS_GRPC_SERVER_CA_CERTS:+/groups-grpc-server-ca.crt}
|
|
SMQ_GROUPS_GRPC_CLIENT_CA_CERTS: ${SMQ_GROUPS_GRPC_CLIENT_CA_CERTS:+/groups-grpc-client-ca.crt}
|
|
SMQ_GROUPS_DB_HOST: ${SMQ_GROUPS_DB_HOST}
|
|
SMQ_GROUPS_DB_PORT: ${SMQ_GROUPS_DB_PORT}
|
|
SMQ_GROUPS_DB_USER: ${SMQ_GROUPS_DB_USER}
|
|
SMQ_GROUPS_DB_PASS: ${SMQ_GROUPS_DB_PASS}
|
|
SMQ_GROUPS_DB_NAME: ${SMQ_GROUPS_DB_NAME}
|
|
SMQ_GROUPS_DB_SSL_MODE: ${SMQ_GROUPS_DB_SSL_MODE}
|
|
SMQ_GROUPS_DB_SSL_CERT: ${SMQ_GROUPS_DB_SSL_CERT}
|
|
SMQ_GROUPS_DB_SSL_KEY: ${SMQ_GROUPS_DB_SSL_KEY}
|
|
SMQ_GROUPS_DB_SSL_ROOT_CERT: ${SMQ_GROUPS_DB_SSL_ROOT_CERT}
|
|
SMQ_CHANNELS_URL: ${SMQ_CHANNELS_URL}
|
|
SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL}
|
|
SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT}
|
|
SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL}
|
|
SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT}
|
|
SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL}
|
|
SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT}
|
|
SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
|
|
SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
|
|
SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY}
|
|
SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST}
|
|
SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT}
|
|
SMQ_SPICEDB_SCHEMA_FILE: ${SMQ_SPICEDB_SCHEMA_FILE}
|
|
ports:
|
|
- ${SMQ_GROUPS_HTTP_PORT}:${SMQ_GROUPS_HTTP_PORT}
|
|
- ${SMQ_GROUPS_GRPC_PORT}:${SMQ_GROUPS_GRPC_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- ./spicedb/schema.zed:${SMQ_SPICEDB_SCHEMA_FILE}
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
|
|
jaeger:
|
|
image: jaegertracing/all-in-one:1.60
|
|
container_name: magistrala-jaeger
|
|
environment:
|
|
COLLECTOR_OTLP_ENABLED: ${SMQ_JAEGER_COLLECTOR_OTLP_ENABLED}
|
|
command: --memory.max-traces ${SMQ_JAEGER_MEMORY_MAX_TRACES}
|
|
ports:
|
|
- ${SMQ_JAEGER_FRONTEND}:${SMQ_JAEGER_FRONTEND}
|
|
- ${SMQ_JAEGER_OLTP_HTTP}:${SMQ_JAEGER_OLTP_HTTP}
|
|
networks:
|
|
- magistrala-base-net
|
|
|
|
mqtt-adapter:
|
|
image: supermq/mqtt:${MG_RELEASE_TAG}
|
|
container_name: magistrala-mqtt
|
|
depends_on:
|
|
- clients
|
|
- nats
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_MQTT_ADAPTER_LOG_LEVEL: ${SMQ_MQTT_ADAPTER_LOG_LEVEL}
|
|
SMQ_MQTT_ADAPTER_MQTT_PORT: ${SMQ_MQTT_ADAPTER_MQTT_PORT}
|
|
SMQ_MQTT_ADAPTER_MQTT_TARGET_HOST: ${SMQ_MQTT_ADAPTER_MQTT_TARGET_HOST}
|
|
SMQ_MQTT_ADAPTER_MQTT_TARGET_PORT: ${SMQ_MQTT_ADAPTER_MQTT_TARGET_PORT}
|
|
SMQ_MQTT_ADAPTER_MQTT_TARGET_HEALTH_CHECK: ${SMQ_MQTT_ADAPTER_MQTT_TARGET_HEALTH_CHECK}
|
|
SMQ_MQTT_ADAPTER_WS_PORT: ${SMQ_MQTT_ADAPTER_WS_PORT}
|
|
SMQ_MQTT_ADAPTER_INSTANCE_ID: ${SMQ_MQTT_ADAPTER_INSTANCE_ID}
|
|
SMQ_MQTT_ADAPTER_WS_TARGET_HOST: ${SMQ_MQTT_ADAPTER_WS_TARGET_HOST}
|
|
SMQ_MQTT_ADAPTER_WS_TARGET_PORT: ${SMQ_MQTT_ADAPTER_WS_TARGET_PORT}
|
|
SMQ_MQTT_ADAPTER_INSTANCE: ${SMQ_MQTT_ADAPTER_INSTANCE}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL}
|
|
SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT}
|
|
SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL}
|
|
SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT}
|
|
SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_MESSAGE_BROKER_URL: ${SMQ_MESSAGE_BROKER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
# Clients gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
# Channels gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
|
|
http-adapter:
|
|
image: supermq/http:${MG_RELEASE_TAG}
|
|
container_name: magistrala-http
|
|
depends_on:
|
|
- clients
|
|
- nats
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_HTTP_ADAPTER_LOG_LEVEL: ${SMQ_HTTP_ADAPTER_LOG_LEVEL}
|
|
SMQ_HTTP_ADAPTER_HOST: ${SMQ_HTTP_ADAPTER_HOST}
|
|
SMQ_HTTP_ADAPTER_PORT: ${SMQ_HTTP_ADAPTER_PORT}
|
|
SMQ_HTTP_ADAPTER_SERVER_CERT: ${SMQ_HTTP_ADAPTER_SERVER_CERT}
|
|
SMQ_HTTP_ADAPTER_SERVER_KEY: ${SMQ_HTTP_ADAPTER_SERVER_KEY}
|
|
SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL}
|
|
SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT}
|
|
SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL}
|
|
SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT}
|
|
SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
|
|
SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
|
|
SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_MESSAGE_BROKER_URL: ${SMQ_MESSAGE_BROKER_URL}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_HTTP_ADAPTER_INSTANCE_ID: ${SMQ_HTTP_ADAPTER_INSTANCE_ID}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
ports:
|
|
- ${SMQ_HTTP_ADAPTER_PORT}:${SMQ_HTTP_ADAPTER_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
# Clients gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
# Channels gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
# Auth gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
|
|
coap-adapter:
|
|
image: supermq/coap:${MG_RELEASE_TAG}
|
|
container_name: magistrala-coap
|
|
depends_on:
|
|
- clients
|
|
- nats
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_COAP_ADAPTER_LOG_LEVEL: ${SMQ_COAP_ADAPTER_LOG_LEVEL}
|
|
SMQ_COAP_ADAPTER_HOST: ${SMQ_COAP_ADAPTER_HOST}
|
|
SMQ_COAP_ADAPTER_PORT: ${SMQ_COAP_ADAPTER_PORT}
|
|
SMQ_COAP_ADAPTER_SERVER_CERT: ${SMQ_COAP_ADAPTER_SERVER_CERT}
|
|
SMQ_COAP_ADAPTER_SERVER_KEY: ${SMQ_COAP_ADAPTER_SERVER_KEY}
|
|
SMQ_COAP_ADAPTER_HTTP_HOST: ${SMQ_COAP_ADAPTER_HTTP_HOST}
|
|
SMQ_COAP_ADAPTER_HTTP_PORT: ${SMQ_COAP_ADAPTER_HTTP_PORT}
|
|
SMQ_COAP_ADAPTER_HTTP_SERVER_CERT: ${SMQ_COAP_ADAPTER_HTTP_SERVER_CERT}
|
|
SMQ_COAP_ADAPTER_HTTP_SERVER_KEY: ${SMQ_COAP_ADAPTER_HTTP_SERVER_KEY}
|
|
SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL}
|
|
SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT}
|
|
SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL}
|
|
SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT}
|
|
SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
SMQ_MESSAGE_BROKER_URL: ${SMQ_MESSAGE_BROKER_URL}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_COAP_ADAPTER_INSTANCE_ID: ${SMQ_COAP_ADAPTER_INSTANCE_ID}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
ports:
|
|
- ${SMQ_COAP_ADAPTER_PORT}:${SMQ_COAP_ADAPTER_PORT}/udp
|
|
- ${SMQ_COAP_ADAPTER_HTTP_PORT}:${SMQ_COAP_ADAPTER_HTTP_PORT}/tcp
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
# Clients gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
# Channels gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:-ssl/certs/dummy/client_ca}
|
|
target: /channels-grpc-client-ca${SMQ_CHANNELS_GRPC_CLIENT_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
|
|
ws-adapter:
|
|
image: supermq/ws:${MG_RELEASE_TAG}
|
|
container_name: magistrala-ws
|
|
depends_on:
|
|
- clients
|
|
- nats
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_WS_ADAPTER_LOG_LEVEL: ${SMQ_WS_ADAPTER_LOG_LEVEL}
|
|
SMQ_WS_ADAPTER_HTTP_HOST: ${SMQ_WS_ADAPTER_HTTP_HOST}
|
|
SMQ_WS_ADAPTER_HTTP_PORT: ${SMQ_WS_ADAPTER_HTTP_PORT}
|
|
SMQ_WS_ADAPTER_HTTP_SERVER_CERT: ${SMQ_WS_ADAPTER_HTTP_SERVER_CERT}
|
|
SMQ_WS_ADAPTER_HTTP_SERVER_KEY: ${SMQ_WS_ADAPTER_HTTP_SERVER_KEY}
|
|
SMQ_CLIENTS_AUTH_GRPC_URL: ${SMQ_CLIENTS_AUTH_GRPC_URL}
|
|
SMQ_CLIENTS_AUTH_GRPC_TIMEOUT: ${SMQ_CLIENTS_AUTH_GRPC_TIMEOUT}
|
|
SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+/clients-grpc-client.crt}
|
|
SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+/clients-grpc-client.key}
|
|
SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+/clients-grpc-server-ca.crt}
|
|
SMQ_CHANNELS_GRPC_URL: ${SMQ_CHANNELS_GRPC_URL}
|
|
SMQ_CHANNELS_GRPC_TIMEOUT: ${SMQ_CHANNELS_GRPC_TIMEOUT}
|
|
SMQ_CHANNELS_GRPC_CLIENT_CERT: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:+/channels-grpc-client.crt}
|
|
SMQ_CHANNELS_GRPC_CLIENT_KEY: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:+/channels-grpc-client.key}
|
|
SMQ_CHANNELS_GRPC_SERVER_CA_CERTS: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+/channels-grpc-server-ca.crt}
|
|
SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
|
|
SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
|
|
SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_MESSAGE_BROKER_URL: ${SMQ_MESSAGE_BROKER_URL}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_WS_ADAPTER_INSTANCE_ID: ${SMQ_WS_ADAPTER_INSTANCE_ID}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
ports:
|
|
- ${SMQ_WS_ADAPTER_HTTP_PORT}:${SMQ_WS_ADAPTER_HTTP_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
# Clients gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /clients-grpc-client${SMQ_CLIENTS_AUTH_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /clients-grpc-server-ca${SMQ_CLIENTS_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
# Channels gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /channels-grpc-client${SMQ_CHANNELS_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /channels-grpc-server-ca${SMQ_CHANNELS_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
# Auth gRPC mTLS client certificates
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
|
|
nats:
|
|
image: nats:2.10.9-alpine
|
|
container_name: magistrala-nats
|
|
restart: on-failure
|
|
command: "--config=/etc/nats/nats.conf"
|
|
environment:
|
|
- SMQ_NATS_PORT=${SMQ_NATS_PORT}
|
|
- SMQ_NATS_HTTP_PORT=${SMQ_NATS_HTTP_PORT}
|
|
- SMQ_NATS_JETSTREAM_KEY=${SMQ_NATS_JETSTREAM_KEY}
|
|
ports:
|
|
- ${SMQ_NATS_PORT}:${SMQ_NATS_PORT}
|
|
- ${SMQ_NATS_HTTP_PORT}:${SMQ_NATS_HTTP_PORT}
|
|
volumes:
|
|
- magistrala-broker-volume:/data
|
|
- ./nats:/etc/nats
|
|
networks:
|
|
- magistrala-base-net
|
|
|
|
journal-db:
|
|
image: postgres:16.2-alpine
|
|
container_name: magistrala-journal-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${SMQ_JOURNAL_DB_USER}
|
|
POSTGRES_PASSWORD: ${SMQ_JOURNAL_DB_PASS}
|
|
POSTGRES_DB: ${SMQ_JOURNAL_DB_NAME}
|
|
SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-journal-volume:/var/lib/postgresql/data
|
|
|
|
journal:
|
|
image: supermq/journal:${MG_RELEASE_TAG}
|
|
container_name: magistrala-journal
|
|
depends_on:
|
|
- journal-db
|
|
restart: on-failure
|
|
environment:
|
|
SMQ_JOURNAL_LOG_LEVEL: ${SMQ_JOURNAL_LOG_LEVEL}
|
|
SMQ_JOURNAL_HTTP_HOST: ${SMQ_JOURNAL_HTTP_HOST}
|
|
SMQ_JOURNAL_HTTP_PORT: ${SMQ_JOURNAL_HTTP_PORT}
|
|
SMQ_JOURNAL_HTTP_SERVER_CERT: ${SMQ_JOURNAL_HTTP_SERVER_CERT}
|
|
SMQ_JOURNAL_HTTP_SERVER_KEY: ${SMQ_JOURNAL_HTTP_SERVER_KEY}
|
|
SMQ_JOURNAL_DB_HOST: ${SMQ_JOURNAL_DB_HOST}
|
|
SMQ_JOURNAL_DB_PORT: ${SMQ_JOURNAL_DB_PORT}
|
|
SMQ_JOURNAL_DB_USER: ${SMQ_JOURNAL_DB_USER}
|
|
SMQ_JOURNAL_DB_PASS: ${SMQ_JOURNAL_DB_PASS}
|
|
SMQ_JOURNAL_DB_NAME: ${SMQ_JOURNAL_DB_NAME}
|
|
SMQ_JOURNAL_DB_SSL_MODE: ${SMQ_JOURNAL_DB_SSL_MODE}
|
|
SMQ_JOURNAL_DB_SSL_CERT: ${SMQ_JOURNAL_DB_SSL_CERT}
|
|
SMQ_JOURNAL_DB_SSL_KEY: ${SMQ_JOURNAL_DB_SSL_KEY}
|
|
SMQ_JOURNAL_DB_SSL_ROOT_CERT: ${SMQ_JOURNAL_DB_SSL_ROOT_CERT}
|
|
SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
|
|
SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
|
|
SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_ES_URL: ${SMQ_ES_URL}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_JOURNAL_INSTANCE_ID: ${SMQ_JOURNAL_INSTANCE_ID}
|
|
SMQ_DOMAINS_GRPC_URL: ${SMQ_DOMAINS_GRPC_URL}
|
|
SMQ_DOMAINS_GRPC_TIMEOUT: ${SMQ_DOMAINS_GRPC_TIMEOUT}
|
|
SMQ_DOMAINS_GRPC_CLIENT_CERT: ${SMQ_DOMAINS_GRPC_CLIENT_CERT:+/domains-grpc-client.crt}
|
|
SMQ_DOMAINS_GRPC_CLIENT_KEY: ${SMQ_DOMAINS_GRPC_CLIENT_KEY:+/domains-grpc-client.key}
|
|
SMQ_DOMAINS_GRPC_SERVER_CA_CERTS: ${SMQ_DOMAINS_GRPC_SERVER_CA_CERTS:+/domains-grpc-server-ca.crt}
|
|
ports:
|
|
- ${SMQ_JOURNAL_HTTP_PORT}:${SMQ_JOURNAL_HTTP_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
|
|
ui:
|
|
image: ghcr.io/absmach/magistrala/ui-mg:latest
|
|
container_name: magistrala-ui
|
|
ports:
|
|
- 3000:3000
|
|
networks:
|
|
- magistrala-base-net
|
|
environment:
|
|
MG_DOMAINS_URL: ${MG_DOMAINS_URL}
|
|
MG_USERS_URL: ${MG_USERS_URL}
|
|
MG_CLIENTS_URL: ${MG_CLIENTS_URL}
|
|
MG_CHANNELS_URL: ${MG_CHANNELS_URL}
|
|
MG_GROUPS_URL: ${MG_GROUPS_URL}
|
|
MG_BOOTSTRAP_URL: ${MG_BOOTSTRAP_URL}
|
|
MG_CERTS_URL: ${MG_CERTS_URL}
|
|
MG_HTTP_ADAPTER_URL: ${MG_HTTP_ADAPTER_URL}
|
|
MG_READER_URL: ${MG_READER_URL}
|
|
MG_BACKEND_URL: ${MG_UI_BACKEND_URL}
|
|
MG_JOURNAL_URL: ${MG_JOURNAL_URL}
|
|
MG_BILLING_URL: ${MG_BILLING_URL}
|
|
MG_RE_URL: ${MG_RE_URL}
|
|
MG_PROFILE_PICTURE_URL: ${MG_PROFILE_PICTURE_URL}
|
|
MG_GOOGLE_CLIENT_ID: ${MG_GOOGLE_CLIENT_ID}
|
|
MG_GOOGLE_CLIENT_SECRET: ${MG_GOOGLE_CLIENT_SECRET}
|
|
MG_GOOGLE_REDIRECT_URL: ${MG_GOOGLE_REDIRECT_URL}
|
|
MG_GOOGLE_STATE: ${MG_GOOGLE_STATE}
|
|
MG_UI_NAME: ${MG_UI_NAME}
|
|
MG_UI_BASE_PATH: ${MG_UI_BASE_PATH}
|
|
NEXT_PUBLIC_MG_UI_BASE_PATH: ${NEXT_PUBLIC_MG_UI_BASE_PATH}
|
|
MG_UI_TYPE: mg
|
|
NEXT_PUBLIC_BACKEND_URL: ${NEXT_PUBLIC_BACKEND_URL}
|
|
NEXTAUTH_SECRET: ${NEXTAUTH_SECRET}
|
|
RUNTIME_ENV: ${RUNTIME_ENV}
|
|
MG_UI_DOCKER_ACCEPT_EULA: ${MG_UI_DOCKER_ACCEPT_EULA}
|
|
|
|
ui-backend:
|
|
image: ghcr.io/absmach/magistrala/ui-backend:latest
|
|
container_name: magistrala-ui-backend
|
|
ports:
|
|
- ${MG_UI_BACKEND_HTTP_PORT}:${MG_UI_BACKEND_HTTP_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
restart: on-failure:3
|
|
environment:
|
|
MG_BACKEND_LOG_LEVEL: ${MG_UI_BACKEND_LOG_LEVEL}
|
|
MG_BACKEND_HTTP_HOST: ${MG_UI_BACKEND_HTTP_HOST}
|
|
MG_BACKEND_HTTP_PORT: ${MG_UI_BACKEND_HTTP_PORT}
|
|
MG_BACKEND_HTTP_SERVER_CERT: ${MG_UI_BACKEND_HTTP_SERVER_CERT}
|
|
MG_BACKEND_HTTP_SERVER_KEY: ${MG_UI_BACKEND_HTTP_SERVER_KEY}
|
|
MG_BACKEND_DB_HOST: ${MG_UI_BACKEND_DB_HOST}
|
|
MG_BACKEND_DB_PORT: ${MG_UI_BACKEND_DB_PORT}
|
|
MG_BACKEND_DB_USER: ${MG_UI_BACKEND_DB_USER}
|
|
MG_BACKEND_DB_PASS: ${MG_UI_BACKEND_DB_PASS}
|
|
MG_BACKEND_DB_NAME: ${MG_UI_BACKEND_DB_NAME}
|
|
MG_BACKEND_DB_SSL_MODE: ${MG_UI_BACKEND_DB_SSL_MODE}
|
|
MG_BACKEND_DB_SSL_CERT: ${MG_UI_BACKEND_DB_SSL_CERT}
|
|
MG_BACKEND_DB_SSL_KEY: ${MG_UI_BACKEND_DB_SSL_KEY}
|
|
MG_BACKEND_DB_SSL_ROOT_CERT: ${MG_UI_BACKEND_DB_SSL_ROOT_CERT}
|
|
MG_BACKEND_INSTANCE_ID: ${MG_UI_BACKEND_INSTANCE_ID}
|
|
MG_AUTH_GRPC_URL: ${MG_AUTH_GRPC_URL}
|
|
MG_AUTH_GRPC_TIMEOUT: ${MG_AUTH_GRPC_TIMEOUT}
|
|
MG_AUTH_GRPC_CLIENT_CERT: ${MG_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
MG_AUTH_GRPC_CLIENT_KEY: ${MG_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
MG_AUTH_GRPC_SERVER_CA_CERTS: ${MG_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
MG_UI_VERIFICATION_TLS: ${MG_UI_VERIFICATION_TLS}
|
|
MG_UI_CONTENT_TYPE: ${MG_UI_CONTENT_TYPE}
|
|
MG_READER_URL: ${MG_READER_URL}
|
|
MG_PROFILE_PICTURE_URL: ${MG_PROFILE_PICTURE_URL}
|
|
MG_UI_DOCKER_ACCEPT_EULA: ${MG_UI_DOCKER_ACCEPT_EULA}
|
|
depends_on:
|
|
- ui-backend-db
|
|
volumes:
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /auth-grpc-client${MG_AUTH_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${MG_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /auth-grpc-server-ca${MG_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
|
|
ui-backend-db:
|
|
image: postgres:16.2-alpine
|
|
container_name: magistrala-ui-backend-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${MG_UI_BACKEND_DB_USER}
|
|
POSTGRES_PASSWORD: ${MG_UI_BACKEND_DB_PASS}
|
|
POSTGRES_DB: ${MG_UI_BACKEND_DB_NAME}
|
|
SMQ_POSTGRES_MAX_CONNECTIONS: ${SMQ_POSTGRES_MAX_CONNECTIONS}
|
|
ports:
|
|
- 6008:5432
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-ui-backend-db-volume:/var/lib/postgresql/data
|
|
|
|
re-db:
|
|
image: postgres:16.2-alpine
|
|
container_name: magistrala-re-db
|
|
restart: on-failure
|
|
command: postgres -c "max_connections=${SMQ_POSTGRES_MAX_CONNECTIONS}"
|
|
environment:
|
|
POSTGRES_USER: ${MG_RE_DB_USER}
|
|
POSTGRES_PASSWORD: ${MG_RE_DB_PASS}
|
|
POSTGRES_DB: ${MG_RE_DB_NAME}
|
|
ports:
|
|
- 6009:5432
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
- magistrala-re-db-volume:/var/lib/postgresql/data
|
|
|
|
re:
|
|
image: ghcr.io/absmach/magistrala/re:${MG_RELEASE_TAG}
|
|
container_name: magistrala-re
|
|
depends_on:
|
|
- re-db
|
|
restart: on-failure
|
|
environment:
|
|
MG_RE_LOG_LEVEL: ${MG_RE_LOG_LEVEL}
|
|
MG_RE_HTTP_PORT: ${MG_RE_HTTP_PORT}
|
|
MG_RE_HTTP_HOST: ${MG_RE_HTTP_HOST}
|
|
MG_RE_HTTP_SERVER_CERT: ${MG_RE_HTTP_SERVER_CERT}
|
|
MG_RE_HTTP_SERVER_KEY: ${MG_RE_HTTP_SERVER_KEY}
|
|
MG_RE_DB_HOST: ${MG_RE_DB_HOST}
|
|
MG_RE_DB_PORT: ${MG_RE_DB_PORT}
|
|
MG_RE_DB_USER: ${MG_RE_DB_USER}
|
|
MG_RE_DB_PASS: ${MG_RE_DB_PASS}
|
|
MG_RE_DB_NAME: ${MG_RE_DB_NAME}
|
|
MG_RE_DB_SSL_MODE: ${MG_RE_DB_SSL_MODE}
|
|
MG_RE_DB_SSL_CERT: ${MG_RE_DB_SSL_CERT}
|
|
MG_RE_DB_SSL_KEY: ${MG_RE_DB_SSL_KEY}
|
|
MG_RE_DB_SSL_ROOT_CERT: ${MG_RE_DB_SSL_ROOT_CERT}
|
|
SMQ_MESSAGE_BROKER_URL: ${SMQ_MESSAGE_BROKER_URL}
|
|
SMQ_JAEGER_URL: ${SMQ_JAEGER_URL}
|
|
SMQ_JAEGER_TRACE_RATIO: ${SMQ_JAEGER_TRACE_RATIO}
|
|
SMQ_SEND_TELEMETRY: ${SMQ_SEND_TELEMETRY}
|
|
SMQ_AUTH_GRPC_URL: ${SMQ_AUTH_GRPC_URL}
|
|
SMQ_AUTH_GRPC_TIMEOUT: ${SMQ_AUTH_GRPC_TIMEOUT}
|
|
SMQ_AUTH_GRPC_CLIENT_CERT: ${SMQ_AUTH_GRPC_CLIENT_CERT:+/auth-grpc-client.crt}
|
|
SMQ_AUTH_GRPC_CLIENT_KEY: ${SMQ_AUTH_GRPC_CLIENT_KEY:+/auth-grpc-client.key}
|
|
SMQ_AUTH_GRPC_SERVER_CA_CERTS: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+/auth-grpc-server-ca.crt}
|
|
SMQ_SPICEDB_PRE_SHARED_KEY: ${SMQ_SPICEDB_PRE_SHARED_KEY}
|
|
SMQ_SPICEDB_HOST: ${SMQ_SPICEDB_HOST}
|
|
SMQ_SPICEDB_PORT: ${SMQ_SPICEDB_PORT}
|
|
MG_RE_INSTANCE_ID: ${MG_RE_INSTANCE_ID}
|
|
ports:
|
|
- ${MG_RE_HTTP_PORT}:${MG_RE_HTTP_PORT}
|
|
networks:
|
|
- magistrala-base-net
|
|
volumes:
|
|
# Auth gRPC client certificates
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_CERT:-ssl/certs/dummy/client_cert}
|
|
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_CERT:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_CLIENT_KEY:-ssl/certs/dummy/client_key}
|
|
target: /auth-grpc-client${SMQ_AUTH_GRPC_CLIENT_KEY:+.key}
|
|
bind:
|
|
create_host_path: true
|
|
- type: bind
|
|
source: ${SMQ_AUTH_GRPC_SERVER_CA_CERTS:-ssl/certs/dummy/server_ca}
|
|
target: /auth-grpc-server-ca${SMQ_AUTH_GRPC_SERVER_CA_CERTS:+.crt}
|
|
bind:
|
|
create_host_path: true
|
|
- ./config.toml:/config.toml
|