123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117 |
- version: '2.4'
- services:
- ejabberd:
- image: ejabberd/ecs:21.12
- container_name: ejabberd
- hostname: ${HOSTNAME}
- mem_limit: 512m
- restart: on-failure:3
- healthcheck:
- test: ["CMD", "/usr/bin/openssl", "s_client", "-connect", "localhost:5223", "2>/dev/null", "|", "openssl", "x509", "-noout", "-checkend", "0"]
- #if openssl x509 -checkend 86400 -noout -in file.pem
- #then
- # echo "Certificate is good for another day!"
- # else
- # echo "Certificate has expired or will do so within 24 hours!"
- # echo "(or is invalid/not found)"
- # fi
- # https://stackoverflow.com/questions/21297853/how-to-determine-ssl-cert-expiration-date-from-a-pem-encoded-certificate
- interval: 1d
- timeout: 1m
- retries: 3
- start_period: 5m
- ports:
- - 5222:5222 #c2s stattls#
- - 5223:5223 #c2s ssl#
- - 5269:5269 #s2s#
- - 5280:5280 #bosh + admin#
- - 5443:5443 #http-upload#
- - 3478:3478 #stun
- expose:
- - 8080
- volumes:
- - ./data/conf/ejabberd.yml:/home/ejabberd/conf/ejabberd.yml
- - ./data/database/:/home/ejabberd/database/
- - ./data/backup/:/home/ejabberd/backup/
- - ./data/upload/:/home/ejabberd/upload/
- - ./data/cron/backup.sh:/etc/periodic/daily/backup.sh:ro
- - /opt/docker/proxy/data/certs/${HOSTNAME}/:/home/ejabberd/ssl/:ro
- - ./data/www/:/var/www/
- environment:
- VIRTUAL_HOST: >
- ${HOSTNAME},
- conference.${HOSTNAME},
- pubsub.${HOSTNAME},
- upload.${HOSTNAME},
- irc.${HOSTNAME},
- proxy.${HOSTNAME},
- push.${HOSTNAME}
- VIRTUAL_PORT: 8080
- LETSENCRYPT_HOST: >
- ${HOSTNAME},
- conference.${HOSTNAME},
- pubsub.${HOSTNAME},
- upload.${HOSTNAME},
- irc.${HOSTNAME},
- proxy.${HOSTNAME},
- push.${HOSTNAME}
- LETSENCRYPT_EMAIL: webmaster@${HOSTNAME}
- networks:
- - proxy_default
- - irc
- ejabberd-key-priv:
- image: alpine
- container_name: ejabberd-key-priv
- restart: on-failure:3
- volumes:
- - /opt/docker/proxy/data/certs/${HOSTNAME}/:/home/ejabberd/ssl/
- command: >
- sh -c 'apk add --no-cache inotify-tools
- && chmod -R o+r,o+X /home/ejabberd/ssl
- && while true;
- do inotifywait /home/ejabberd/ssl/key.pem --event attrib
- && date +%x_%r && chmod -R o+r,o+X /home/ejabberd/ssl/; done'
- biboumi:
- image: louiz/biboumi:9.0
- container_name: ejabberd_biboumi
- mem_limit: 200m
- restart: on-failure:3
- ports:
- - 113:8113 #identd, used by irc servers to differentiate user coming from one host#
- depends_on:
- - ejabberd
- volumes:
- - ./data/biboumi/database/:/var/lib/biboumi/
- - ./data/biboumi/ca-bundle.crt:/etc/ssl/certs/ca-bundle.crt
- environment:
- BIBOUMI_HOSTNAME: irc.${HOSTNAME}
- BIBOUMI_PORT: 5347
- BIBOUMI_PASSWORD: secret
- BIBOUMI_XMPP_SERVER_IP: ejabberd
- BIBOUMI_ADMIN: ircadmin@${HOSTNAME}
- BIBOUMI_IDENTD_PORT: 8113 ## the biboumi has not the privilege to open port 113 directly
- BIBOUMI_log_level: 1 ## disable logging of chat messages
- networks:
- - irc
- networks:
- proxy_default:
- external: true
- irc:
|