|
@@ -1,4 +1,4 @@
|
|
|
-version: '2.4'
|
|
|
+version: '3'
|
|
|
services:
|
|
|
ejabberd:
|
|
|
image: ejabberd/ecs:21.12
|
|
@@ -7,39 +7,24 @@ services:
|
|
|
mem_limit: 512m
|
|
|
restart: on-failure:3
|
|
|
|
|
|
- healthcheck:
|
|
|
- test: ["CMD", "/usr/bin/openssl", "s_client", "-connect", "localhost:5223", "2>/dev/null", "|", "openssl", "x509", "-noout", "-checkend", "0"]
|
|
|
- #if openssl x509 -checkend 86400 -noout -in file.pem
|
|
|
- #then
|
|
|
- # echo "Certificate is good for another day!"
|
|
|
- # else
|
|
|
- # echo "Certificate has expired or will do so within 24 hours!"
|
|
|
- # echo "(or is invalid/not found)"
|
|
|
- # fi
|
|
|
- # https://stackoverflow.com/questions/21297853/how-to-determine-ssl-cert-expiration-date-from-a-pem-encoded-certificate
|
|
|
- interval: 1d
|
|
|
- timeout: 1m
|
|
|
- retries: 3
|
|
|
- start_period: 5m
|
|
|
-
|
|
|
ports:
|
|
|
- 5222:5222 #c2s stattls#
|
|
|
- 5223:5223 #c2s ssl#
|
|
|
- 5269:5269 #s2s#
|
|
|
- 5280:5280 #bosh + admin#
|
|
|
- 5443:5443 #http-upload#
|
|
|
- - 3478:3478 #stun
|
|
|
-
|
|
|
- expose:
|
|
|
- - 8080
|
|
|
+ - 3478:3478/udp #stun/turn
|
|
|
+ - 5349:5349/tcp #stuns/turns
|
|
|
+# - 80:8080/tcp #acme
|
|
|
|
|
|
volumes:
|
|
|
- - ./data/conf/ejabberd.yml:/home/ejabberd/conf/ejabberd.yml
|
|
|
+ - ./data/conf/ejabberd.yml:/home/ejabberd/conf/ejabberd.yml:ro
|
|
|
+ - ./data/conf/conf.d:/home/ejabberd/conf/conf.d:ro
|
|
|
- ./data/database/:/home/ejabberd/database/
|
|
|
- ./data/backup/:/home/ejabberd/backup/
|
|
|
- ./data/upload/:/home/ejabberd/upload/
|
|
|
- ./data/cron/backup.sh:/etc/periodic/daily/backup.sh:ro
|
|
|
- - /opt/docker/proxy/data/certs/${HOSTNAME}/:/home/ejabberd/ssl/:ro
|
|
|
+ - /opt/docker/reverse-proxy/data/certs/${HOSTNAME}:/etc/ssl/ejabberd:ro
|
|
|
- ./data/www/:/var/www/
|
|
|
|
|
|
environment:
|
|
@@ -51,7 +36,6 @@ services:
|
|
|
irc.${HOSTNAME},
|
|
|
proxy.${HOSTNAME},
|
|
|
push.${HOSTNAME}
|
|
|
- VIRTUAL_PORT: 8080
|
|
|
LETSENCRYPT_HOST: >
|
|
|
${HOSTNAME},
|
|
|
conference.${HOSTNAME},
|
|
@@ -63,55 +47,8 @@ services:
|
|
|
LETSENCRYPT_EMAIL: webmaster@${HOSTNAME}
|
|
|
|
|
|
networks:
|
|
|
- - proxy_default
|
|
|
- - irc
|
|
|
-
|
|
|
-
|
|
|
- ejabberd-key-priv:
|
|
|
- image: alpine
|
|
|
- container_name: ejabberd-key-priv
|
|
|
- restart: on-failure:3
|
|
|
-
|
|
|
- volumes:
|
|
|
- - /opt/docker/proxy/data/certs/${HOSTNAME}/:/home/ejabberd/ssl/
|
|
|
-
|
|
|
- command: >
|
|
|
- sh -c 'apk add --no-cache inotify-tools
|
|
|
- && chmod -R o+r,o+X /home/ejabberd/ssl
|
|
|
- && while true;
|
|
|
- do inotifywait /home/ejabberd/ssl/key.pem --event attrib
|
|
|
- && date +%x_%r && chmod -R o+r,o+X /home/ejabberd/ssl/; done'
|
|
|
-
|
|
|
-
|
|
|
- biboumi:
|
|
|
- image: louiz/biboumi:9.0
|
|
|
- container_name: ejabberd_biboumi
|
|
|
- mem_limit: 200m
|
|
|
- restart: on-failure:3
|
|
|
-
|
|
|
- ports:
|
|
|
- - 113:8113 #identd, used by irc servers to differentiate user coming from one host#
|
|
|
-
|
|
|
- depends_on:
|
|
|
- - ejabberd
|
|
|
-
|
|
|
- volumes:
|
|
|
- - ./data/biboumi/database/:/var/lib/biboumi/
|
|
|
- - ./data/biboumi/ca-bundle.crt:/etc/ssl/certs/ca-bundle.crt
|
|
|
-
|
|
|
- environment:
|
|
|
- BIBOUMI_HOSTNAME: irc.${HOSTNAME}
|
|
|
- BIBOUMI_PORT: 5347
|
|
|
- BIBOUMI_PASSWORD: secret
|
|
|
- BIBOUMI_XMPP_SERVER_IP: ejabberd
|
|
|
- BIBOUMI_ADMIN: ircadmin@${HOSTNAME}
|
|
|
- BIBOUMI_IDENTD_PORT: 8113 ## the biboumi has not the privilege to open port 113 directly
|
|
|
- BIBOUMI_log_level: 1 ## disable logging of chat messages
|
|
|
-
|
|
|
- networks:
|
|
|
- - irc
|
|
|
+ - reverse-proxy_default
|
|
|
|
|
|
networks:
|
|
|
- proxy_default:
|
|
|
+ reverse-proxy_default:
|
|
|
external: true
|
|
|
- irc:
|