c29add0748
- Add snikket_turn service (coturn/coturn) with STUN/TURN/TURNS support - Mount snikket_data volume read-only for TLS certificates from snikket_certs - Add TURN_SECRET to secrets.env.example - Enable mod_external_services in Prosody and configure STUN/TURN/TURNS endpoints so clients receive time-limited credentials via XMPP IQ Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
109 lines
2.6 KiB
YAML
109 lines
2.6 KiB
YAML
version: "3.3"
|
|
|
|
services:
|
|
snikket_proxy:
|
|
container_name: snikket-proxy
|
|
image: snikket/snikket-web-proxy:stable
|
|
env_file: snikket.conf
|
|
network_mode: host
|
|
volumes:
|
|
- snikket_data:/snikket
|
|
- acme_challenges:/var/www/html/.well-known/acme-challenge
|
|
restart: "unless-stopped"
|
|
depends_on:
|
|
- snikket_server
|
|
|
|
snikket_certs:
|
|
container_name: snikket-certs
|
|
image: snikket/snikket-cert-manager:stable
|
|
env_file: snikket.conf
|
|
network_mode: host
|
|
volumes:
|
|
- snikket_data:/snikket
|
|
- acme_challenges:/var/www/.well-known/acme-challenge
|
|
restart: "unless-stopped"
|
|
|
|
snikket_portal:
|
|
container_name: snikket-portal
|
|
image: snikket/snikket-web-portal:stable
|
|
env_file: snikket.conf
|
|
network_mode: host
|
|
restart: "unless-stopped"
|
|
depends_on:
|
|
- snikket_server
|
|
|
|
snikket_server:
|
|
container_name: snikket
|
|
image: snikket/snikket-server:stable
|
|
env_file:
|
|
- snikket.conf
|
|
- secrets.env
|
|
network_mode: host
|
|
volumes:
|
|
- snikket_data:/snikket
|
|
- ./prosody.cfg.lua:/etc/prosody/conf.d/custom.cfg.lua:ro
|
|
restart: "unless-stopped"
|
|
depends_on:
|
|
- postgres
|
|
- s3_upload_handler
|
|
|
|
s3_upload_handler:
|
|
container_name: snikket-s3-upload
|
|
build: ./s3-upload-handler
|
|
network_mode: host
|
|
env_file:
|
|
- secrets.env
|
|
environment:
|
|
S3_BUCKET: "jabogram"
|
|
S3_REGION: "ru-msk"
|
|
# For MinIO or other S3-compatible storage, uncomment:
|
|
S3_ENDPOINT: "https://hb.vkcloud-storage.ru"
|
|
PRESIGN_EXPIRE: "3600"
|
|
restart: "unless-stopped"
|
|
|
|
snikket_turn:
|
|
container_name: snikket-turn
|
|
image: coturn/coturn:latest
|
|
network_mode: host
|
|
env_file:
|
|
- snikket.conf
|
|
- secrets.env
|
|
volumes:
|
|
- snikket_data:/snikket:ro
|
|
entrypoint: ["/bin/sh", "-c"]
|
|
command: >-
|
|
turnserver
|
|
--use-auth-secret
|
|
--static-auth-secret=$TURN_SECRET
|
|
--realm=$SNIKKET_DOMAIN
|
|
--listening-port=3478
|
|
--tls-listening-port=5349
|
|
--cert=/snikket/letsencrypt/live/$SNIKKET_DOMAIN/fullchain.pem
|
|
--pkey=/snikket/letsencrypt/live/$SNIKKET_DOMAIN/privkey.pem
|
|
--min-port=49152
|
|
--max-port=65535
|
|
--fingerprint
|
|
--no-cli
|
|
--log-file=stdout
|
|
restart: "unless-stopped"
|
|
depends_on:
|
|
- snikket_certs
|
|
|
|
postgres:
|
|
container_name: snikket-postgres
|
|
image: postgres:17
|
|
env_file:
|
|
- secrets.env
|
|
environment:
|
|
POSTGRES_DB: snikket
|
|
POSTGRES_USER: snikket
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
network_mode: host
|
|
restart: "unless-stopped"
|
|
|
|
volumes:
|
|
acme_challenges:
|
|
snikket_data:
|
|
postgres_data:
|