-
Notifications
You must be signed in to change notification settings - Fork 2
/
docker-compose.yml
101 lines (91 loc) · 3.32 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
version: '3.4'
services:
# SSL PART
# In order to serve /.well-known files for Matrix and Synapse
# You need an extra webserver... ugh...
# While Synapse can handle ACME challenges, it doesn't seem
# to handle the one for Matrix servers. Yes you read it right.
# Note : If you ALREADY have a webserver and can handle serving
# one static file and one file generated by ACME Let's Encrypt
# scripts (or already have SSL certificates), remove this part
# and then :
# * Either edit haproxy.cfg to redirect to your own webserver for
# static files handling, while letting it manage the whole
# SSL sessions for the Synapse server.
# * Remove haproxy from this configuration and do the whole
# redirection / SSL session management for the synapse server
# on port 8008 yourself.
nginx:
image: nginx:alpine # A container that exposes an API to show its IP address
volumes:
- "./static:/usr/share/nginx/website:ro"
- "./nginx/conf/nginx.conf:/etc/nginx/nginx.conf:ro"
- "./nginx/cache:/var/cache/nginx"
- "./nginx/run:/var/run"
- "./nginx/logs:/var/log/nginx"
restart: always
postgresql:
image: postgres
volumes:
- pgdata:/var/lib/postgresql/data
env_file:
- "./env/postgres.env"
restart: always
coturn:
build:
context: ./build/coturn
network: host
image: myy/coturn:latest
restart: always
volumes:
- "./coturn/conf/turnserver.conf:/etc/turnserver.conf:ro"
- "./coturn/data:/srv/coturn"
# You could use "docker secrets" instead
# Be sure to edit ./coturn/conf/turnserver.conf afterwards if
# you use "docker secrets" or change these paths
- ./ssl/turn.yourdomain.com/fullchain.pem:/etc/ssl/fullchain.pem:ro
- ./ssl/turn.yourdomain.com/privkey.pem:/etc/ssl/privkey.pem:ro
network_mode: host
synapse:
image: myy/synapse:latest-intel
build:
context: ./build/synapse
volumes:
- "./synapse/conf:/etc/synapse"
- "./synapse/data:/data"
env_file:
- "./env/postgres.env" # Reuse the PostgreSQL configuration
environment:
- SYNAPSE_SERVER_NAME=matrix.yourdomain.com
- SYNAPSE_SERVER_ADDRESS=https://matrix.yourdomain.com
- SYNAPSE_REPORT_STATS=yes # Can be set to "no"
- SYNAPSE_DATABASE_BACKEND=postgresql # The backend name : postgresql or sqlite
- SYNAPSE_POSTGRES_DBADDR=postgresql # The network alias we provided to our postgresql server
# PostgreSQL configuration is inherited from the postgres.env env_file
# TURN Servers must have URL reachable from the outside
- SYNAPSE_VOIP_TURN_MAIN_URL=stun:turn.yourdomain.com:5349
- SYNAPSE_VOIP_TURN_USERNAME=${turn_username}
- SYNAPSE_VOIP_TURN_PASSWORD=${turn_password}
depends_on:
- postgresql # For the data
- coturn # For the VOIP
restart: always
haproxy:
image: haproxy:latest
volumes:
- "./haproxy/conf:/usr/local/etc/haproxy:ro"
- "./ssl/matrix.yourdomain.com/complete.pem:/etc/ssl/complete.pem:ro"
# Redirecting HAProxy logs can be troublesome
# The container /dev/log to host /dev/log does
# the trick, though.
- "/dev/log:/dev/log"
restart: always
ports:
- 80:80
- 443:443
- 8448:8448
depends_on:
- nginx
- synapse
volumes:
pgdata: