docker-compose.yml 3.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117
  1. version: '2.4'
  2. services:
  3. ejabberd:
  4. image: ejabberd/ecs:21.12
  5. container_name: ejabberd
  6. hostname: ${HOSTNAME}
  7. mem_limit: 512m
  8. restart: on-failure:3
  9. healthcheck:
  10. test: ["CMD", "/usr/bin/openssl", "s_client", "-connect", "localhost:5223", "2>/dev/null", "|", "openssl", "x509", "-noout", "-checkend", "0"]
  11. #if openssl x509 -checkend 86400 -noout -in file.pem
  12. #then
  13. # echo "Certificate is good for another day!"
  14. # else
  15. # echo "Certificate has expired or will do so within 24 hours!"
  16. # echo "(or is invalid/not found)"
  17. # fi
  18. # https://stackoverflow.com/questions/21297853/how-to-determine-ssl-cert-expiration-date-from-a-pem-encoded-certificate
  19. interval: 1d
  20. timeout: 1m
  21. retries: 3
  22. start_period: 5m
  23. ports:
  24. - 5222:5222 #c2s stattls#
  25. - 5223:5223 #c2s ssl#
  26. - 5269:5269 #s2s#
  27. - 5280:5280 #bosh + admin#
  28. - 5443:5443 #http-upload#
  29. - 3478:3478 #stun
  30. expose:
  31. - 8080
  32. volumes:
  33. - ./data/conf/ejabberd.yml:/home/ejabberd/conf/ejabberd.yml
  34. - ./data/database/:/home/ejabberd/database/
  35. - ./data/backup/:/home/ejabberd/backup/
  36. - ./data/upload/:/home/ejabberd/upload/
  37. - ./data/cron/backup.sh:/etc/periodic/daily/backup.sh:ro
  38. - /opt/docker/proxy/data/certs/${HOSTNAME}/:/home/ejabberd/ssl/:ro
  39. - ./data/www/:/var/www/
  40. environment:
  41. VIRTUAL_HOST: >
  42. ${HOSTNAME},
  43. conference.${HOSTNAME},
  44. pubsub.${HOSTNAME},
  45. upload.${HOSTNAME},
  46. irc.${HOSTNAME},
  47. proxy.${HOSTNAME},
  48. push.${HOSTNAME}
  49. VIRTUAL_PORT: 8080
  50. LETSENCRYPT_HOST: >
  51. ${HOSTNAME},
  52. conference.${HOSTNAME},
  53. pubsub.${HOSTNAME},
  54. upload.${HOSTNAME},
  55. irc.${HOSTNAME},
  56. proxy.${HOSTNAME},
  57. push.${HOSTNAME}
  58. LETSENCRYPT_EMAIL: webmaster@${HOSTNAME}
  59. networks:
  60. - proxy_default
  61. - irc
  62. ejabberd-key-priv:
  63. image: alpine
  64. container_name: ejabberd-key-priv
  65. restart: on-failure:3
  66. volumes:
  67. - /opt/docker/proxy/data/certs/${HOSTNAME}/:/home/ejabberd/ssl/
  68. command: >
  69. sh -c 'apk add --no-cache inotify-tools
  70. && chmod -R o+r,o+X /home/ejabberd/ssl
  71. && while true;
  72. do inotifywait /home/ejabberd/ssl/key.pem --event attrib
  73. && date +%x_%r && chmod -R o+r,o+X /home/ejabberd/ssl/; done'
  74. biboumi:
  75. image: louiz/biboumi:9.0
  76. container_name: ejabberd_biboumi
  77. mem_limit: 200m
  78. restart: on-failure:3
  79. ports:
  80. - 113:8113 #identd, used by irc servers to differentiate user coming from one host#
  81. depends_on:
  82. - ejabberd
  83. volumes:
  84. - ./data/biboumi/database/:/var/lib/biboumi/
  85. - ./data/biboumi/ca-bundle.crt:/etc/ssl/certs/ca-bundle.crt
  86. environment:
  87. BIBOUMI_HOSTNAME: irc.${HOSTNAME}
  88. BIBOUMI_PORT: 5347
  89. BIBOUMI_PASSWORD: secret
  90. BIBOUMI_XMPP_SERVER_IP: ejabberd
  91. BIBOUMI_ADMIN: ircadmin@${HOSTNAME}
  92. BIBOUMI_IDENTD_PORT: 8113 ## the biboumi has not the privilege to open port 113 directly
  93. BIBOUMI_log_level: 1 ## disable logging of chat messages
  94. networks:
  95. - irc
  96. networks:
  97. proxy_default:
  98. external: true
  99. irc: