services: cameleer-traefik: image: ${TRAEFIK_IMAGE:-gitea.siegeln.net/cameleer/cameleer-traefik}:${VERSION:-latest} restart: unless-stopped ports: - "${HTTP_PORT:-80}:80" - "${HTTPS_PORT:-443}:443" - "${LOGTO_CONSOLE_PORT:-3002}:3002" environment: PUBLIC_HOST: ${PUBLIC_HOST:-localhost} CERT_FILE: ${CERT_FILE:-} KEY_FILE: ${KEY_FILE:-} CA_FILE: ${CA_FILE:-} volumes: - cameleer-certs:/certs - /var/run/docker.sock:/var/run/docker.sock:ro networks: - cameleer - cameleer-traefik cameleer-postgres: image: ${POSTGRES_IMAGE:-gitea.siegeln.net/cameleer/cameleer-postgres}:${VERSION:-latest} restart: unless-stopped environment: POSTGRES_DB: ${POSTGRES_DB:-cameleer_saas} POSTGRES_USER: ${POSTGRES_USER:-cameleer} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev} volumes: - cameleer-pgdata:/var/lib/postgresql/data healthcheck: test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-cameleer} -d ${POSTGRES_DB:-cameleer_saas}"] interval: 5s timeout: 5s retries: 5 networks: - cameleer cameleer-clickhouse: image: ${CLICKHOUSE_IMAGE:-gitea.siegeln.net/cameleer/cameleer-clickhouse}:${VERSION:-latest} restart: unless-stopped environment: CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD:-cameleer_ch} volumes: - cameleer-chdata:/var/lib/clickhouse healthcheck: test: ["CMD-SHELL", "clickhouse-client --password ${CLICKHOUSE_PASSWORD:-cameleer_ch} --query 'SELECT 1'"] interval: 10s timeout: 5s retries: 3 labels: - prometheus.scrape=true - prometheus.path=/metrics - prometheus.port=9363 networks: - cameleer cameleer-logto: image: ${LOGTO_IMAGE:-gitea.siegeln.net/cameleer/cameleer-logto}:${VERSION:-latest} restart: unless-stopped depends_on: cameleer-postgres: condition: service_healthy environment: DB_URL: postgres://${POSTGRES_USER:-cameleer}:${POSTGRES_PASSWORD:-cameleer_dev}@cameleer-postgres:5432/logto ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost} ADMIN_ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}:${LOGTO_CONSOLE_PORT:-3002} TRUST_PROXY_HEADER: 1 NODE_TLS_REJECT_UNAUTHORIZED: "${NODE_TLS_REJECT:-0}" LOGTO_ENDPOINT: http://cameleer-logto:3001 LOGTO_ADMIN_ENDPOINT: http://cameleer-logto:3002 LOGTO_PUBLIC_ENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost} PUBLIC_HOST: ${PUBLIC_HOST:-localhost} PUBLIC_PROTOCOL: ${PUBLIC_PROTOCOL:-https} PG_HOST: cameleer-postgres PG_USER: ${POSTGRES_USER:-cameleer} PG_PASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev} PG_DB_SAAS: ${POSTGRES_DB:-cameleer_saas} SAAS_ADMIN_USER: ${SAAS_ADMIN_USER:-admin} SAAS_ADMIN_PASS: ${SAAS_ADMIN_PASS:-admin} healthcheck: test: ["CMD-SHELL", "node -e \"require('http').get('http://localhost:3001/oidc/.well-known/openid-configuration', r => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))\" && test -f /data/logto-bootstrap.json"] interval: 10s timeout: 5s retries: 60 start_period: 30s labels: - traefik.enable=true - traefik.http.routers.cameleer-logto.rule=PathPrefix(`/`) - traefik.http.routers.cameleer-logto.priority=1 - traefik.http.routers.cameleer-logto.entrypoints=websecure - traefik.http.routers.cameleer-logto.tls=true - traefik.http.routers.cameleer-logto.service=cameleer-logto - traefik.http.routers.cameleer-logto.middlewares=cameleer-logto-cors - "traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowOriginList=${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost}:${LOGTO_CONSOLE_PORT:-3002}" - traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowMethods=GET,POST,PUT,PATCH,DELETE,OPTIONS - traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowHeaders=Authorization,Content-Type - traefik.http.middlewares.cameleer-logto-cors.headers.accessControlAllowCredentials=true - traefik.http.services.cameleer-logto.loadbalancer.server.port=3001 - traefik.http.routers.cameleer-logto-console.rule=PathPrefix(`/`) - traefik.http.routers.cameleer-logto-console.entrypoints=admin-console - traefik.http.routers.cameleer-logto-console.tls=true - traefik.http.routers.cameleer-logto-console.service=cameleer-logto-console - traefik.http.services.cameleer-logto-console.loadbalancer.server.port=3002 volumes: - cameleer-bootstrapdata:/data networks: - cameleer cameleer-saas: image: ${CAMELEER_IMAGE:-gitea.siegeln.net/cameleer/cameleer-saas}:${VERSION:-latest} restart: unless-stopped depends_on: cameleer-logto: condition: service_healthy volumes: - cameleer-bootstrapdata:/data/bootstrap:ro - cameleer-certs:/certs - /var/run/docker.sock:/var/run/docker.sock environment: # SaaS database SPRING_DATASOURCE_URL: jdbc:postgresql://cameleer-postgres:5432/${POSTGRES_DB:-cameleer_saas} SPRING_DATASOURCE_USERNAME: ${POSTGRES_USER:-cameleer} SPRING_DATASOURCE_PASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev} # Identity (Logto) CAMELEER_SAAS_IDENTITY_LOGTOENDPOINT: ${LOGTO_ENDPOINT:-http://cameleer-logto:3001} CAMELEER_SAAS_IDENTITY_LOGTOPUBLICENDPOINT: ${PUBLIC_PROTOCOL:-https}://${PUBLIC_HOST:-localhost} CAMELEER_SAAS_IDENTITY_M2MCLIENTID: ${LOGTO_M2M_CLIENT_ID:-} CAMELEER_SAAS_IDENTITY_M2MCLIENTSECRET: ${LOGTO_M2M_CLIENT_SECRET:-} # Provisioning — passed to per-tenant server containers CAMELEER_SAAS_PROVISIONING_PUBLICHOST: ${PUBLIC_HOST:-localhost} CAMELEER_SAAS_PROVISIONING_PUBLICPROTOCOL: ${PUBLIC_PROTOCOL:-https} CAMELEER_SAAS_PROVISIONING_DATASOURCEUSERNAME: ${POSTGRES_USER:-cameleer} CAMELEER_SAAS_PROVISIONING_DATASOURCEPASSWORD: ${POSTGRES_PASSWORD:-cameleer_dev} CAMELEER_SAAS_PROVISIONING_CLICKHOUSEPASSWORD: ${CLICKHOUSE_PASSWORD:-cameleer_ch} labels: - traefik.enable=true - traefik.http.routers.saas.rule=PathPrefix(`/platform`) - traefik.http.routers.saas.entrypoints=websecure - traefik.http.routers.saas.tls=true - traefik.http.services.saas.loadbalancer.server.port=8080 group_add: - "${DOCKER_GID:-0}" networks: - cameleer networks: cameleer: driver: bridge cameleer-traefik: name: cameleer-traefik driver: bridge volumes: cameleer-pgdata: cameleer-chdata: cameleer-certs: cameleer-bootstrapdata: