bvn13/jabogram
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
jabogram/server/docker-compose.yml
bvn13 d932935dcf fix coturn command variable escaping in docker-compose.yml 
Use $$ instead of $ so Docker Compose does not interpolate TURN_SECRET
and SNIKKET_DOMAIN from the host environment. The container shell
expands them at runtime from env_file, which is both correct and avoids
exposing secret values in docker inspect output.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-28 09:40:15 +03:00

109 lines
2.6 KiB
YAML
Raw Blame History

version: "3.3"
services:
snikket_proxy:
container_name: snikket-proxy
image: snikket/snikket-web-proxy:stable
env_file: snikket.conf
network_mode: host
volumes:
- snikket_data:/snikket
- acme_challenges:/var/www/html/.well-known/acme-challenge
restart: "unless-stopped"
depends_on:
- snikket_server
snikket_certs:
container_name: snikket-certs
image: snikket/snikket-cert-manager:stable
env_file: snikket.conf
network_mode: host
volumes:
- snikket_data:/snikket
- acme_challenges:/var/www/.well-known/acme-challenge
restart: "unless-stopped"
snikket_portal:
container_name: snikket-portal
image: snikket/snikket-web-portal:stable
env_file: snikket.conf
network_mode: host
restart: "unless-stopped"
depends_on:
- snikket_server
snikket_server:
container_name: snikket
image: snikket/snikket-server:stable
env_file:
- snikket.conf
- secrets.env
network_mode: host
volumes:
- snikket_data:/snikket
- ./prosody.cfg.lua:/etc/prosody/conf.d/custom.cfg.lua:ro
restart: "unless-stopped"
depends_on:
- postgres
- s3_upload_handler
s3_upload_handler:
container_name: snikket-s3-upload
build: ./s3-upload-handler
network_mode: host
env_file:
- secrets.env
environment:
S3_BUCKET: "jabogram"
S3_REGION: "ru-msk"
# For MinIO or other S3-compatible storage, uncomment:
S3_ENDPOINT: "https://hb.vkcloud-storage.ru"
PRESIGN_EXPIRE: "3600"
restart: "unless-stopped"
snikket_turn:
container_name: snikket-turn
image: coturn/coturn:latest
network_mode: host
env_file:
- snikket.conf
- secrets.env
volumes:
- snikket_data:/snikket:ro
entrypoint: ["/bin/sh", "-c"]
command: >-
turnserver
--use-auth-secret
--static-auth-secret=$$TURN_SECRET
--realm=$$SNIKKET_DOMAIN
--listening-port=3478
--tls-listening-port=5349
--cert=/snikket/letsencrypt/live/$$SNIKKET_DOMAIN/fullchain.pem
--pkey=/snikket/letsencrypt/live/$$SNIKKET_DOMAIN/privkey.pem
--min-port=49152
--max-port=65535
--fingerprint
--no-cli
--log-file=stdout
restart: "unless-stopped"
depends_on:
- snikket_certs
postgres:
container_name: snikket-postgres
image: postgres:17
env_file:
- secrets.env
environment:
POSTGRES_DB: snikket
POSTGRES_USER: snikket
volumes:
- postgres_data:/var/lib/postgresql/data
network_mode: host
restart: "unless-stopped"
volumes:
acme_challenges:
snikket_data:
postgres_data:
Reference in New Issue View Git Blame Copy Permalink