yanistyle/element-docker-demo
1
0
Fork 0
mirror of https://github.com/element-hq/element-docker-demo.git synced 2026-01-25 06:26:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

sort out the network

Browse Source
This commit is contained in:
Matthew Hodgson
2024-11-04 22:33:46 +00:00
parent 1ad060cc0f
commit ec2cacdb47
5 changed files with 53 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
.env-sample
View File

@@ -1,3 +1,4 @@
#!/usr/bin/bash
# These env vars get templated into the configs in the respective containers via init scripts. # These env vars get templated into the configs in the respective containers via init scripts.
# #
# If you want to make more customisations then either edit the templates to add more env variables below # If you want to make more customisations then either edit the templates to add more env variables below
@@ -8,21 +9,24 @@
VOLUME_PATH=. VOLUME_PATH=.
DOMAIN=example.com DOMAIN=example.com
HOMESERVER_FQDN=matrix.example.com HOMESERVER_FQDN=matrix.$DOMAIN
ELEMENT_WEB_FQDN=element.example.com ELEMENT_WEB_FQDN=element.$DOMAIN
ELEMENT_CALL_FQDN=call.example.com ELEMENT_CALL_FQDN=call.$DOMAIN
MAS_FQDN=auth.example.com MAS_FQDN=auth.$DOMAIN
REPORT_STATS=yes REPORT_STATS=yes
IDENTITY_SERVER_URL=https://vector.im IDENTITY_SERVER_URL=https://vector.im
MAIL_NOTIF_FROM_ADDRESS=noreply@example.com MAIL_NOTIF_FROM_ADDRESS=noreply@$DOMAIN
ABUSE_SUPPORT_EMAIL=abuse@example.com ABUSE_SUPPORT_EMAIL=abuse@$DOMAIN
SECURITY_SUPPORT_EMAIL=security@example.com SECURITY_SUPPORT_EMAIL=security@$DOMAIN
MAS_CLIENT_ID="0000000000000000000SYNAPSE" MAS_CLIENT_ID="0000000000000000000SYNAPSE"
MAS_EMAIL_FROM='"Authentication Service" <support@example.com>' MAS_EMAIL_FROM='"Matrix Authentication Service" <support@${DOMAIN}>'
MAS_EMAIL_REPLY_TO='"Authentication Service" <support@example.com>' MAS_EMAIL_REPLY_TO='"Matrix Authentication Service" <support@${DOMAIN}>'
COUNTRY=GB COUNTRY=GB
# as a convenience for creating /etc/hosts
DOMAINS=($DOMAIN $HOMESERVER_FQDN $ELEMENT_WEB_FQDN $ELEMENT_CALL_FQDN $MAS_FQDN)

40
compose.yml
View File

@@ -58,6 +58,8 @@ services:
- "80:80" - "80:80"
- "443:443" - "443:443"
- "8448:8448" - "8448:8448"
# shutdown fast so we can iterate rapidly on compose.yml
stop_grace_period: 0s
volumes: volumes:
- ${VOLUME_PATH}/data/nginx/conf.d:/etc/nginx/conf.d - ${VOLUME_PATH}/data/nginx/conf.d:/etc/nginx/conf.d
- ${VOLUME_PATH}/data/nginx/www:/var/www - ${VOLUME_PATH}/data/nginx/www:/var/www
@@ -65,9 +67,23 @@ services:
# - ${VOLUME_PATH}/data/certbot/conf:/etc/letsencrypt # - ${VOLUME_PATH}/data/certbot/conf:/etc/letsencrypt
# - ${VOLUME_PATH}/data/certbot/www:/var/www/certbot # - ${VOLUME_PATH}/data/certbot/www:/var/www/certbot
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
networks:
- backend
depends_on: depends_on:
init: init:
condition: service_completed_successfully condition: service_completed_successfully
# synapse:
# condition: service_started
# synapse-generic-worker-1:
# condition: service_started
# synapse-federation-sender-1:
# condition: service_started
# matrix-authentication-service:
# condition: service_started
# element-web:
# condition: service_started
# element-call:
# condition: service_started
# certbot: # certbot:
# image: certbot/certbot:latest # image: certbot/certbot:latest
@@ -115,8 +131,8 @@ services:
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ${VOLUME_PATH}/data/synapse:/data:rw - ${VOLUME_PATH}/data/synapse:/data:rw
ports: # ports:
- 8008:8008 # - 8008:8008
networks: networks:
- backend - backend
environment: environment:
@@ -147,8 +163,8 @@ services:
SYNAPSE_WORKER: synapse.app.generic_worker SYNAPSE_WORKER: synapse.app.generic_worker
# Expose port if required so your reverse proxy can send requests to this worker # Expose port if required so your reverse proxy can send requests to this worker
# Port configuration will depend on how the http listener is defined in the worker configuration file # Port configuration will depend on how the http listener is defined in the worker configuration file
ports: # ports:
- 8081:8081 # - 8081:8081
secrets: secrets:
- synapse_signing_key - synapse_signing_key
depends_on: depends_on:
@@ -166,6 +182,8 @@ services:
- ${VOLUME_PATH}/data/synapse:/data:rw # Replace VOLUME_PATH with the path to your Synapse volume - ${VOLUME_PATH}/data/synapse:/data:rw # Replace VOLUME_PATH with the path to your Synapse volume
environment: environment:
SYNAPSE_WORKER: synapse.app.federation_sender SYNAPSE_WORKER: synapse.app.federation_sender
# ports:
# - 8082:8082
secrets: secrets:
- synapse_signing_key - synapse_signing_key
depends_on: depends_on:
@@ -174,8 +192,8 @@ services:
matrix-authentication-service: matrix-authentication-service:
image: ghcr.io/element-hq/matrix-authentication-service:latest image: ghcr.io/element-hq/matrix-authentication-service:latest
restart: unless-stopped restart: unless-stopped
ports: # ports:
- 8083:8080 # - 8083:8080
volumes: volumes:
- ${VOLUME_PATH}/data/mas:/data:rw - ${VOLUME_PATH}/data/mas:/data:rw
networks: networks:
@@ -194,15 +212,15 @@ services:
restart: unless-stopped restart: unless-stopped
ports: ports:
- 8025:8025 - 8025:8025
- 1025:1025 # - 1025:1025
networks: networks:
- backend - backend
element-web: element-web:
image: vectorim/element-web:latest image: vectorim/element-web:latest
restart: unless-stopped restart: unless-stopped
ports: # ports:
- 8080:80 # - 8080:80
healthcheck: healthcheck:
test: ["CMD-SHELL", "curl -fSs http://localhost:8080/version || exit 1"] test: ["CMD-SHELL", "curl -fSs http://localhost:8080/version || exit 1"]
start_period: "5s" start_period: "5s"
@@ -219,8 +237,8 @@ services:
element-call: element-call:
image: ghcr.io/element-hq/element-call image: ghcr.io/element-hq/element-call
restart: unless-stopped restart: unless-stopped
ports: # ports:
- 8082:80 # - 8082:80
networks: networks:
- backend - backend
volumes: volumes:

8
data-template/nginx/conf.d/app.conf
View File

@@ -25,7 +25,7 @@ server {
include /etc/nginx/conf.d/include/ssl.conf; include /etc/nginx/conf.d/include/ssl.conf;
location / { location / {
proxy_pass http://element-web:8080; proxy_pass http://element-web;
} }
} }
@@ -36,7 +36,7 @@ server {
include /etc/nginx/conf.d/include/ssl.conf; include /etc/nginx/conf.d/include/ssl.conf;
location / { location / {
proxy_pass http://element-call:8082; proxy_pass http://element-call;
} }
} }
@@ -47,7 +47,7 @@ server {
include /etc/nginx/conf.d/include/ssl.conf; include /etc/nginx/conf.d/include/ssl.conf;
location / { location / {
proxy_pass http://auth:8083; proxy_pass http://matrix-authentication-service:8080;
} }
} }
@@ -62,7 +62,7 @@ server {
listen [::]:8448 ssl default_server; listen [::]:8448 ssl default_server;
# pass auth to MAS # pass auth to MAS
location ~ ^/_matrix/client/(.*)/(login|logout|refresh) { proxy_pass http://auth:8083; } location ~ ^/_matrix/client/(.*)/(login|logout|refresh) { proxy_pass http://matrix-authentication-service:8080; }
# use the generic worker as a synchrotron: # use the generic worker as a synchrotron:
# taken from https://element-hq.github.io/synapse/latest/workers.html#synapseappgeneric_worker # taken from https://element-hq.github.io/synapse/latest/workers.html#synapseappgeneric_worker

2
data-template/nginx/conf.d/include/ssl.conf
View File

@@ -6,5 +6,5 @@
# include /etc/letsencrypt/options-ssl-nginx.conf; # include /etc/letsencrypt/options-ssl-nginx.conf;
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_certificate /etc/nginx/ssl/client.pem; ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem; ssl_certificate_key /etc/nginx/ssl/key.pem;

7
data-template/synapse/homeserver.yaml
View File

@@ -64,6 +64,11 @@ redis:
host: redis host: redis
port: 6379 port: 6379
# as we want our first launch and subsequent upgrades to go as fast
# as possible don't sleep between background updates
background_updates:
sleep_enabled: false
email: email:
smtp_host: mailhog smtp_host: mailhog
smtp_port: 1025 smtp_port: 1025
@@ -90,7 +95,7 @@ email:
experimental_features: experimental_features:
msc3861: # OIDC msc3861: # OIDC
enabled: true enabled: true
issuer: http://localhost:8080/ issuer: http://matrix-authentication-service:8080/
client_id: ${MAS_CLIENT_ID} client_id: ${MAS_CLIENT_ID}
client_auth_method: client_secret_basic client_auth_method: client_secret_basic
client_secret: '${SECRETS_MAS_CLIENT_SECRET}' client_secret: '${SECRETS_MAS_CLIENT_SECRET}'