version: '2.4' services: ejabberd: image: ejabberd/ecs:21.12 container_name: ejabberd hostname: ${HOSTNAME} mem_limit: 512m restart: on-failure:3 healthcheck: test: ["CMD", "/usr/bin/openssl", "s_client", "-connect", "localhost:5223", "2>/dev/null", "|", "openssl", "x509", "-noout", "-checkend", "0"] #if openssl x509 -checkend 86400 -noout -in file.pem #then # echo "Certificate is good for another day!" # else # echo "Certificate has expired or will do so within 24 hours!" # echo "(or is invalid/not found)" # fi # https://stackoverflow.com/questions/21297853/how-to-determine-ssl-cert-expiration-date-from-a-pem-encoded-certificate interval: 1d timeout: 1m retries: 3 start_period: 5m ports: - 5222:5222 #c2s stattls# - 5223:5223 #c2s ssl# - 5269:5269 #s2s# - 5280:5280 #bosh + admin# - 5443:5443 #http-upload# - 3478:3478 #stun expose: - 8080 volumes: - ./data/conf/ejabberd.yml:/home/ejabberd/conf/ejabberd.yml - ./data/database/:/home/ejabberd/database/ - ./data/backup/:/home/ejabberd/backup/ - ./data/upload/:/home/ejabberd/upload/ - ./data/cron/backup.sh:/etc/periodic/daily/backup.sh:ro - /opt/docker/proxy/data/certs/${HOSTNAME}/:/home/ejabberd/ssl/:ro - ./data/www/:/var/www/ environment: VIRTUAL_HOST: > ${HOSTNAME}, conference.${HOSTNAME}, pubsub.${HOSTNAME}, upload.${HOSTNAME}, irc.${HOSTNAME}, proxy.${HOSTNAME}, push.${HOSTNAME} VIRTUAL_PORT: 8080 LETSENCRYPT_HOST: > ${HOSTNAME}, conference.${HOSTNAME}, pubsub.${HOSTNAME}, upload.${HOSTNAME}, irc.${HOSTNAME}, proxy.${HOSTNAME}, push.${HOSTNAME} LETSENCRYPT_EMAIL: webmaster@${HOSTNAME} networks: - proxy_default - irc ejabberd-key-priv: image: alpine container_name: ejabberd-key-priv restart: on-failure:3 volumes: - /opt/docker/proxy/data/certs/${HOSTNAME}/:/home/ejabberd/ssl/ command: > sh -c 'apk add --no-cache inotify-tools && chmod -R o+r,o+X /home/ejabberd/ssl && while true; do inotifywait /home/ejabberd/ssl/key.pem --event attrib && date +%x_%r && chmod -R o+r,o+X /home/ejabberd/ssl/; done' biboumi: image: louiz/biboumi:9.0 container_name: ejabberd_biboumi mem_limit: 200m restart: on-failure:3 ports: - 113:8113 #identd, used by irc servers to differentiate user coming from one host# depends_on: - ejabberd volumes: - ./data/biboumi/database/:/var/lib/biboumi/ - ./data/biboumi/ca-bundle.crt:/etc/ssl/certs/ca-bundle.crt environment: BIBOUMI_HOSTNAME: irc.${HOSTNAME} BIBOUMI_PORT: 5347 BIBOUMI_PASSWORD: secret BIBOUMI_XMPP_SERVER_IP: ejabberd BIBOUMI_ADMIN: ircadmin@${HOSTNAME} BIBOUMI_IDENTD_PORT: 8113 ## the biboumi has not the privilege to open port 113 directly BIBOUMI_log_level: 1 ## disable logging of chat messages networks: - irc networks: proxy_default: external: true irc: