2024-11-05 07:25:41 +08:00
|
|
|
networks:
|
|
|
|
|
ecbackend:
|
|
|
|
|
|
|
|
|
|
services:
|
|
|
|
|
auth-service:
|
|
|
|
|
image: ghcr.io/element-hq/lk-jwt-service:latest-ci
|
|
|
|
|
hostname: auth-server
|
|
|
|
|
environment:
|
|
|
|
|
- LK_JWT_PORT=8080
|
|
|
|
|
- LIVEKIT_URL=ws://localhost:7880
|
|
|
|
|
- LIVEKIT_KEY=devkey
|
|
|
|
|
- LIVEKIT_SECRET=secret
|
|
|
|
|
# If the configured homeserver runs on localhost, it'll probably be using
|
|
|
|
|
# a self-signed certificate
|
|
|
|
|
- LIVEKIT_INSECURE_SKIP_VERIFY_TLS=YES_I_KNOW_WHAT_I_AM_DOING
|
|
|
|
|
deploy:
|
|
|
|
|
restart_policy:
|
|
|
|
|
condition: on-failure
|
|
|
|
|
ports:
|
|
|
|
|
# HOST_PORT:CONTAINER_PORT
|
2024-11-07 03:07:52 +08:00
|
|
|
- 8009:8080
|
2024-11-05 07:25:41 +08:00
|
|
|
networks:
|
|
|
|
|
- ecbackend
|
|
|
|
|
|
|
|
|
|
livekit:
|
|
|
|
|
image: livekit/livekit-server:latest
|
|
|
|
|
command: --dev --config /etc/livekit.yaml
|
|
|
|
|
restart: unless-stopped
|
|
|
|
|
# The SFU seems to work far more reliably when we let it share the host
|
|
|
|
|
# network rather than opening specific ports (but why?? we're not missing
|
|
|
|
|
# any…)
|
|
|
|
|
ports:
|
|
|
|
|
# HOST_PORT:CONTAINER_PORT
|
|
|
|
|
- 7880:7880/tcp
|
|
|
|
|
- 7881:7881/tcp
|
|
|
|
|
- 7882:7882/tcp
|
|
|
|
|
- 50100-50200:50100-50200/udp
|
|
|
|
|
volumes:
|
2024-11-07 02:46:59 +08:00
|
|
|
- ./backend/dev_livekit.yaml:/etc/livekit.yaml:Z
|
2024-11-05 07:25:41 +08:00
|
|
|
networks:
|
|
|
|
|
- ecbackend
|
|
|
|
|
|
|
|
|
|
redis:
|
|
|
|
|
image: redis:6-alpine
|
|
|
|
|
command: redis-server /etc/redis.conf
|
|
|
|
|
ports:
|
|
|
|
|
# HOST_PORT:CONTAINER_PORT
|
|
|
|
|
- 6379:6379
|
|
|
|
|
volumes:
|
2024-11-08 02:16:40 +08:00
|
|
|
- ./backend/redis.conf:/etc/redis.conf:Z
|
2024-11-05 07:25:41 +08:00
|
|
|
networks:
|
|
|
|
|
- ecbackend
|
|
|
|
|
|
|
|
|
|
synapse:
|
|
|
|
|
hostname: homeserver
|
|
|
|
|
image: docker.io/matrixdotorg/synapse:latest
|
|
|
|
|
environment:
|
|
|
|
|
- SYNAPSE_CONFIG_PATH=/data/cfg/homeserver.yaml
|
2024-11-06 17:55:13 +08:00
|
|
|
# Needed for rootless podman-compose such that the uid/gid mapping does
|
|
|
|
|
# fit local user uid. If the container runs as root (uid 0) it is fine as
|
|
|
|
|
# it actually maps to your non-root user on the host (e.g. 1000).
|
|
|
|
|
# Otherwise uid mapping will not match your non-root user.
|
|
|
|
|
- UID=0
|
|
|
|
|
- GID=0
|
2024-11-05 07:25:41 +08:00
|
|
|
volumes:
|
2024-11-08 02:16:48 +08:00
|
|
|
- ./backend/synapse_tmp:/data:Z
|
|
|
|
|
- ./backend/dev_homeserver.yaml:/data/cfg/homeserver.yaml:Z
|
2024-11-05 07:25:41 +08:00
|
|
|
networks:
|
|
|
|
|
- ecbackend
|
|
|
|
|
|
|
|
|
|
nginx:
|
|
|
|
|
# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout tls_localhost_key.pem -out tls_localhost_cert.pem -subj "/C=GB/ST=London/L=London/O=Alros/OU=IT Department/CN=localhost"
|
|
|
|
|
hostname: synapse.localhost
|
|
|
|
|
image: nginx:latest
|
|
|
|
|
volumes:
|
2024-11-08 02:16:55 +08:00
|
|
|
- ./backend/tls_localhost_nginx.conf:/etc/nginx/conf.d/default.conf:Z
|
|
|
|
|
- ./backend/tls_localhost_key.pem:/root/ssl/key.pem:Z
|
|
|
|
|
- ./backend/tls_localhost_cert.pem:/root/ssl/cert.pem:Z
|
2024-11-05 07:25:41 +08:00
|
|
|
ports:
|
|
|
|
|
# HOST_PORT:CONTAINER_PORT
|
|
|
|
|
- "8008:80"
|
|
|
|
|
- "4443:443"
|
|
|
|
|
depends_on:
|
|
|
|
|
- synapse
|
|
|
|
|
networks:
|
|
|
|
|
- ecbackend
|
