Browse Source

cleaned to working minimum

root 1 year ago
parent
commit
48f32a6431
1 changed files with 9 additions and 72 deletions
  1. 9 72
      docker-compose.yml

+ 9 - 72
docker-compose.yml

@@ -1,4 +1,4 @@
-version: '2.4'
+version: '3'
 services:
   ejabberd:
     image: ejabberd/ecs:21.12
@@ -7,39 +7,24 @@ services:
     mem_limit: 512m
     restart: on-failure:3
 
-    healthcheck:
-      test: ["CMD", "/usr/bin/openssl", "s_client", "-connect", "localhost:5223", "2>/dev/null", "|", "openssl", "x509", "-noout", "-checkend", "0"]
-      #if openssl x509 -checkend 86400 -noout -in file.pem
-      #then
-      #  echo "Certificate is good for another day!"
-      #  else
-      #    echo "Certificate has expired or will do so within 24 hours!"
-      #      echo "(or is invalid/not found)"
-      #      fi
-      #      https://stackoverflow.com/questions/21297853/how-to-determine-ssl-cert-expiration-date-from-a-pem-encoded-certificate
-      interval: 1d
-      timeout: 1m
-      retries: 3
-      start_period: 5m
-
     ports:
       - 5222:5222 #c2s stattls#
       - 5223:5223 #c2s ssl#
       - 5269:5269 #s2s#
       - 5280:5280 #bosh + admin#
       - 5443:5443 #http-upload#
-      - 3478:3478 #stun
-
-    expose:
-      - 8080
+      - 3478:3478/udp #stun/turn
+      - 5349:5349/tcp #stuns/turns
+#      - 80:8080/tcp #acme
 
     volumes:
-      - ./data/conf/ejabberd.yml:/home/ejabberd/conf/ejabberd.yml
+      - ./data/conf/ejabberd.yml:/home/ejabberd/conf/ejabberd.yml:ro
+      - ./data/conf/conf.d:/home/ejabberd/conf/conf.d:ro
       - ./data/database/:/home/ejabberd/database/
       - ./data/backup/:/home/ejabberd/backup/
       - ./data/upload/:/home/ejabberd/upload/
       - ./data/cron/backup.sh:/etc/periodic/daily/backup.sh:ro
-      - /opt/docker/proxy/data/certs/${HOSTNAME}/:/home/ejabberd/ssl/:ro
+      - /opt/docker/reverse-proxy/data/certs/${HOSTNAME}:/etc/ssl/ejabberd:ro
       - ./data/www/:/var/www/
 
     environment:
@@ -51,7 +36,6 @@ services:
                     irc.${HOSTNAME},
                     proxy.${HOSTNAME},
                     push.${HOSTNAME}
-      VIRTUAL_PORT: 8080 
       LETSENCRYPT_HOST: >
                         ${HOSTNAME},
                         conference.${HOSTNAME},
@@ -63,55 +47,8 @@ services:
       LETSENCRYPT_EMAIL: webmaster@${HOSTNAME}
 
     networks:
-      - proxy_default
-      - irc 
-
-
-  ejabberd-key-priv:
-    image: alpine
-    container_name: ejabberd-key-priv
-    restart: on-failure:3
-
-    volumes:
-      - /opt/docker/proxy/data/certs/${HOSTNAME}/:/home/ejabberd/ssl/
-
-    command: >
-              sh -c 'apk add --no-cache inotify-tools
-              && chmod -R o+r,o+X /home/ejabberd/ssl
-              && while true;
-              do inotifywait /home/ejabberd/ssl/key.pem  --event attrib
-              && date +%x_%r && chmod -R o+r,o+X /home/ejabberd/ssl/; done'
-
-
-  biboumi:
-    image: louiz/biboumi:9.0
-    container_name: ejabberd_biboumi
-    mem_limit: 200m
-    restart: on-failure:3
-
-    ports:
-      - 113:8113  #identd, used by irc servers to differentiate user coming from one host#
-
-    depends_on:
-      - ejabberd
-
-    volumes:
-      - ./data/biboumi/database/:/var/lib/biboumi/
-      - ./data/biboumi/ca-bundle.crt:/etc/ssl/certs/ca-bundle.crt
-
-    environment:
-      BIBOUMI_HOSTNAME: irc.${HOSTNAME}
-      BIBOUMI_PORT: 5347
-      BIBOUMI_PASSWORD: secret
-      BIBOUMI_XMPP_SERVER_IP: ejabberd 
-      BIBOUMI_ADMIN: ircadmin@${HOSTNAME}
-      BIBOUMI_IDENTD_PORT: 8113 ## the biboumi has not the privilege to open port 113 directly
-      BIBOUMI_log_level: 1 ## disable logging of chat messages
-
-    networks:
-      - irc
+      - reverse-proxy_default
 
 networks:
-  proxy_default:
+  reverse-proxy_default:
     external: true
-  irc: