yanistyle/element-docker-demo
1
0
Fork 0
mirror of https://github.com/element-hq/element-docker-demo.git synced 2026-01-25 06:26:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

sort out the network

Browse Source
This commit is contained in:
Matthew Hodgson
2024-11-04 22:33:46 +00:00
parent 1ad060cc0f
commit ec2cacdb47
5 changed files with 53 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
.env-sample
View File

@@ -1,3 +1,4 @@
#!/usr/bin/bash
# These env vars get templated into the configs in the respective containers via init scripts.
#
# If you want to make more customisations then either edit the templates to add more env variables below
@@ -8,21 +9,24 @@
VOLUME_PATH=.
DOMAIN=example.com
HOMESERVER_FQDN=matrix.example.com
ELEMENT_WEB_FQDN=element.example.com
ELEMENT_CALL_FQDN=call.example.com
MAS_FQDN=auth.example.com
HOMESERVER_FQDN=matrix.$DOMAIN
ELEMENT_WEB_FQDN=element.$DOMAIN
ELEMENT_CALL_FQDN=call.$DOMAIN
MAS_FQDN=auth.$DOMAIN
REPORT_STATS=yes
IDENTITY_SERVER_URL=https://vector.im
MAIL_NOTIF_FROM_ADDRESS=noreply@example.com
ABUSE_SUPPORT_EMAIL=abuse@example.com
SECURITY_SUPPORT_EMAIL=security@example.com
MAIL_NOTIF_FROM_ADDRESS=noreply@$DOMAIN
ABUSE_SUPPORT_EMAIL=abuse@$DOMAIN
SECURITY_SUPPORT_EMAIL=security@$DOMAIN
MAS_CLIENT_ID="0000000000000000000SYNAPSE"
MAS_EMAIL_FROM='"Authentication Service" <support@example.com>'
MAS_EMAIL_REPLY_TO='"Authentication Service" <support@example.com>'
MAS_EMAIL_FROM='"Matrix Authentication Service" <support@${DOMAIN}>'
MAS_EMAIL_REPLY_TO='"Matrix Authentication Service" <support@${DOMAIN}>'
COUNTRY=GB
# as a convenience for creating /etc/hosts
DOMAINS=($DOMAIN $HOMESERVER_FQDN $ELEMENT_WEB_FQDN $ELEMENT_CALL_FQDN $MAS_FQDN)

40
compose.yml
View File

@@ -58,6 +58,8 @@ services:
- "80:80"
- "443:443"
- "8448:8448"
# shutdown fast so we can iterate rapidly on compose.yml
stop_grace_period: 0s
volumes:
- ${VOLUME_PATH}/data/nginx/conf.d:/etc/nginx/conf.d
- ${VOLUME_PATH}/data/nginx/www:/var/www
@@ -65,9 +67,23 @@ services:
# - ${VOLUME_PATH}/data/certbot/conf:/etc/letsencrypt
# - ${VOLUME_PATH}/data/certbot/www:/var/www/certbot
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
networks:
- backend
depends_on:
init:
condition: service_completed_successfully
# synapse:
# condition: service_started
# synapse-generic-worker-1:
# condition: service_started
# synapse-federation-sender-1:
# condition: service_started
# matrix-authentication-service:
# condition: service_started
# element-web:
# condition: service_started
# element-call:
# condition: service_started
# certbot:
# image: certbot/certbot:latest
@@ -115,8 +131,8 @@ services:
restart: unless-stopped
volumes:
- ${VOLUME_PATH}/data/synapse:/data:rw
ports:
- 8008:8008
# ports:
# - 8008:8008
networks:
- backend
environment:
@@ -147,8 +163,8 @@ services:
SYNAPSE_WORKER: synapse.app.generic_worker
# Expose port if required so your reverse proxy can send requests to this worker
# Port configuration will depend on how the http listener is defined in the worker configuration file
ports:
- 8081:8081
# ports:
# - 8081:8081
secrets:
- synapse_signing_key
depends_on:
@@ -166,6 +182,8 @@ services:
- ${VOLUME_PATH}/data/synapse:/data:rw # Replace VOLUME_PATH with the path to your Synapse volume
environment:
SYNAPSE_WORKER: synapse.app.federation_sender
# ports:
# - 8082:8082
secrets:
- synapse_signing_key
depends_on:
@@ -174,8 +192,8 @@ services:
matrix-authentication-service:
image: ghcr.io/element-hq/matrix-authentication-service:latest
restart: unless-stopped
ports:
- 8083:8080
# ports:
# - 8083:8080
volumes:
- ${VOLUME_PATH}/data/mas:/data:rw
networks:
@@ -194,15 +212,15 @@ services:
restart: unless-stopped
ports:
- 8025:8025
- 1025:1025
# - 1025:1025
networks:
- backend
element-web:
image: vectorim/element-web:latest
restart: unless-stopped
ports:
- 8080:80
# ports:
# - 8080:80
healthcheck:
test: ["CMD-SHELL", "curl -fSs http://localhost:8080/version || exit 1"]
start_period: "5s"
@@ -219,8 +237,8 @@ services:
element-call:
image: ghcr.io/element-hq/element-call
restart: unless-stopped
ports:
- 8082:80
# ports:
# - 8082:80
networks:
- backend
volumes:

8
data-template/nginx/conf.d/app.conf
View File

@@ -25,7 +25,7 @@ server {
include /etc/nginx/conf.d/include/ssl.conf;
location / {
proxy_pass http://element-web:8080;
proxy_pass http://element-web;
}
}
@@ -36,7 +36,7 @@ server {
include /etc/nginx/conf.d/include/ssl.conf;
location / {
proxy_pass http://element-call:8082;
proxy_pass http://element-call;
}
}
@@ -47,7 +47,7 @@ server {
include /etc/nginx/conf.d/include/ssl.conf;
location / {
proxy_pass http://auth:8083;
proxy_pass http://matrix-authentication-service:8080;
}
}
@@ -62,7 +62,7 @@ server {
listen [::]:8448 ssl default_server;
# pass auth to MAS
location ~ ^/_matrix/client/(.*)/(login|logout|refresh) { proxy_pass http://auth:8083; }
location ~ ^/_matrix/client/(.*)/(login|logout|refresh) { proxy_pass http://matrix-authentication-service:8080; }
# use the generic worker as a synchrotron:
# taken from https://element-hq.github.io/synapse/latest/workers.html#synapseappgeneric_worker

2
data-template/nginx/conf.d/include/ssl.conf
View File

@@ -6,5 +6,5 @@
# include /etc/letsencrypt/options-ssl-nginx.conf;
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_certificate /etc/nginx/ssl/client.pem;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;

7
data-template/synapse/homeserver.yaml
View File

@@ -64,6 +64,11 @@ redis:
host: redis
port: 6379
# as we want our first launch and subsequent upgrades to go as fast
# as possible don't sleep between background updates
background_updates:
sleep_enabled: false
email:
smtp_host: mailhog
smtp_port: 1025
@@ -90,7 +95,7 @@ email:
experimental_features:
msc3861: # OIDC
enabled: true
issuer: http://localhost:8080/
issuer: http://matrix-authentication-service:8080/
client_id: ${MAS_CLIENT_ID}
client_auth_method: client_secret_basic
client_secret: '${SECRETS_MAS_CLIENT_SECRET}'