diff --git a/db.env b/db.env index 2c7356b..9ef3d5d 100644 --- a/db.env +++ b/db.env @@ -2,5 +2,5 @@ POSTGRES_PASSWORD=12345 POSTGRES_USER=synapse POSTGRES_DB=synapse_db PGDATA=/var/lib/postgresql/data/synapse -TZ=Europe/Athens -POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C \ No newline at end of file +TZ=Europe/Stockholm +POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C diff --git a/docker-compose.bak b/docker-compose.bak new file mode 100644 index 0000000..90b8898 --- /dev/null +++ b/docker-compose.bak @@ -0,0 +1,186 @@ +version: "3" + +networks: + db: + proxy: + bots: +volumes: + db-data: + external: true + +services: + +## PROXY + proxy: + image: traefik:v2.4 + container_name: proxy + restart: unless-stopped + command: + - --providers.docker=true + - --api.insecure=true + - --entrypoints.web.address=:80 + - --entrypoints.websecure.address=:443 + - --entrypoints.web.http.redirections.entryPoint.to=websecure + - --providers.file.filename=/root/.config/ssl.toml + - --entrypoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 + - --serverstransport.insecureskipverify=true + volumes: + - ${CONF_PATH}/proxy/traefik-ssl.toml:/root/.config/ssl.toml + - ${CERT_PATH}:/certs + - /var/run/docker.sock:/var/run/docker.sock + ports: + - 80:80 + - 443:443 + - 8080:8080 + networks: + - proxy + labels: + - traefik.docker.network=proxy + - traefik.http.routers.proxy.middlewares=proxy-https + - traefik.http.middlewares.proxy-https.redirectscheme.scheme=https + - traefik.http.routers.proxy.rule=Host(`proxy.${DOMAIN}`) + - traefik.http.services.proxy.loadbalancer.server.port=8080 + - traefik.http.routers.proxy.tls=true + +## DATABASE + db: + image: postgres:latest + container_name: db + restart: always + env_file: + - db.env + volumes: + - db-data:/var/lib/postgresql/data/synapse + networks: + - db + labels: + - traefik.enable=false + +## HOMESERVER + homeserver: + image: matrixdotorg/synapse:latest + container_name: homeserver + restart: always + depends_on: + - db + env_file: + - synapse.env + volumes: + - ${CONF_PATH}/homeserver:/data + - ${DATA_PATH}/homeserver-media_store:/media_store + - ${CERT_PATH}:/certs + - ${CONF_PATH}/telegram-bridge/registration.yaml:/app_services/telegram-registration.yaml + - ${CONF_PATH}/facebook-bridge/registration.yaml:/app_services/facebook-registration.yaml + - ${CONF_PATH}/webhooks/appservice-registration-webhooks.yaml:/app_services/webhooks-registration.yaml + networks: + - db + - proxy + - bots + labels: + - traefik.docker.network=proxy + - traefik.http.routers.homeserver.rule=Host(`matrix.${DOMAIN}`) + - traefik.http.services.homeserver.loadbalancer.server.port=8448 + - traefik.http.services.homeserver.loadbalancer.server.scheme=https + - traefik.http.middlewares.homeserver.headers.customrequestheaders.X-Forwarded-Proto=https + - traefik.http.routers.homeserver.middlewares=homeserver + - traefik.http.routers.homeserver.tls=true + + ## ELEMENT WEB CLIENT + webchat: + image: vectorim/element-web + container_name: webchat + restart: always + depends_on: + - homeserver + networks: + - proxy + labels: + - traefik.docker.network=proxy + - traefik.http.routers.webchat.rule=Host(`webchat.${DOMAIN}`) + - traefik.http.services.webchat.loadbalancer.server.port=80 + - traefik.http.middlewares.webchat.headers.customrequestheaders.X-Forwarded-Proto=https + - traefik.http.routers.webchat.middlewares=webchat + - traefik.http.routers.webchat.tls=true + +##SYNAPSE ADMIN + admin: + image: awesometechnologies/synapse-admin + container_name: admin + restart: always + networks: + - proxy + labels: + - traefik.docker.network=proxy + - traefik.http.routers.admin.rule=Host(`admin.${DOMAIN}`) + - traefik.http.services.admin.loadbalancer.server.port=80 + - traefik.http.middlewares.admin.headers.customrequestheaders.X-Forwarded-Proto=https + - traefik.http.routers.admin.middlewares=admin + - traefik.http.routers.admin.tls=true + + +# BRIDGES + telegram-bridge: + container_name: telegram-bridge + image: dock.mau.dev/mautrix/telegram:latest + restart: always + depends_on: + - homeserver + volumes: + - ${CONF_PATH}/telegram-bridge:/data + networks: + - bots + labels: + - traefik.enable=false + + facebook-bridge: + container_name: facebook-bridge + image: dock.mau.dev/mautrix/facebook:latest + restart: always + depends_on: + - homeserver + volumes: + - ${CONF_PATH}/facebook-bridge:/data + networks: + - bots + labels: + - traefik.enable=false + +##WEBHOOKS + webhook-service: + container_name: webhook-service + image: turt2live/matrix-appservice-webhooks + restart: always + depends_on: + - homeserver + volumes: + - ${CONF_PATH}/webhooks:/data + networks: + - bots + - proxy + labels: + - traefik.docker.network=proxy + - traefik.http.routers.webhook-service.rule=Host(`webhooks.${DOMAIN}`) + - traefik.http.services.webhook-service.loadbalancer.server.port=29316 + - traefik.http.middlewares.webhook-service.headers.customrequestheaders.X-Forwarded-Proto=https + - traefik.http.routers.webhook-service.middlewares=webhook-service + - traefik.http.routers.webhook-service.tls=true + +## BOTS + maubot: + image: dock.mau.dev/maubot/maubot:latest + container_name: maubot + restart: always + depends_on: + - homeserver + volumes: + - ${CONF_PATH}/maubot:/data + networks: + - bots + - proxy + labels: + - traefik.docker.network=proxy + - traefik.http.routers.maubot.rule=Host(`maubot.${DOMAIN}`) + - traefik.http.services.maubot.loadbalancer.server.port=29316 + - traefik.http.middlewares.maubot.headers.customrequestheaders.X-Forwarded-Proto=https + - traefik.http.routers.maubot.middlewares=maubot + - traefik.http.routers.maubot.tls=true diff --git a/docker-compose.yml b/docker-compose.yml index 90b8898..facf1d5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,91 +11,89 @@ volumes: services: ## PROXY - proxy: - image: traefik:v2.4 - container_name: proxy - restart: unless-stopped - command: - - --providers.docker=true - - --api.insecure=true - - --entrypoints.web.address=:80 - - --entrypoints.websecure.address=:443 - - --entrypoints.web.http.redirections.entryPoint.to=websecure - - --providers.file.filename=/root/.config/ssl.toml - - --entrypoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 - - --serverstransport.insecureskipverify=true - volumes: - - ${CONF_PATH}/proxy/traefik-ssl.toml:/root/.config/ssl.toml - - ${CERT_PATH}:/certs - - /var/run/docker.sock:/var/run/docker.sock - ports: - - 80:80 - - 443:443 - - 8080:8080 - networks: - - proxy - labels: - - traefik.docker.network=proxy - - traefik.http.routers.proxy.middlewares=proxy-https - - traefik.http.middlewares.proxy-https.redirectscheme.scheme=https - - traefik.http.routers.proxy.rule=Host(`proxy.${DOMAIN}`) - - traefik.http.services.proxy.loadbalancer.server.port=8080 - - traefik.http.routers.proxy.tls=true +# proxy: +# image: traefik:v2.4 +# container_name: proxy +# restart: unless-stopped +# command: +# - --providers.docker=true +# - --api.insecure=true +# - --entrypoints.web.address=:80 +# - --entrypoints.websecure.address=:443 +# - --entrypoints.web.http.redirections.entryPoint.to=websecure +# - --providers.file.filename=/root/.config/ssl.toml +# - --entrypoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 +# - --serverstransport.insecureskipverify=true +# volumes: +# - ${CONF_PATH}/proxy/traefik-ssl.toml:/root/.config/ssl.toml +# - ${CERT_PATH}:/certs +# - /var/run/docker.sock:/var/run/docker.sock +# ports: +# - 80:80 +# - 443:443 +# - 8080:8080 +# networks: +# - proxy +# labels: +# - traefik.docker.network=proxy +# - traefik.http.routers.proxy.middlewares=proxy-https +# - traefik.http.middlewares.proxy-https.redirectscheme.scheme=https +# - traefik.http.routers.proxy.rule=Host(`proxy.${DOMAIN}`) +# - traefik.http.services.proxy.loadbalancer.server.port=8080 +# - traefik.http.routers.proxy.tls=true ## DATABASE - db: - image: postgres:latest - container_name: db - restart: always - env_file: - - db.env - volumes: - - db-data:/var/lib/postgresql/data/synapse - networks: - - db - labels: - - traefik.enable=false - +# db: +# image: postgres:latest +# container_name: db +# restart: always +# env_file: +# - db.env +# volumes: +# - db-data:/var/lib/postgresql/data/synapse +# networks: +# - db +# labels: +# - traefik.enable=false +# ## HOMESERVER - homeserver: + synapse: image: matrixdotorg/synapse:latest - container_name: homeserver - restart: always - depends_on: - - db + container_name: synapse + restart: unless-stopped env_file: - synapse.env volumes: - - ${CONF_PATH}/homeserver:/data - - ${DATA_PATH}/homeserver-media_store:/media_store - - ${CERT_PATH}:/certs + - ${CONF_PATH}:/data + - ${DATA_PATH}/media_store:/media_store + - ${CERT_PATH}:/certs:ro - ${CONF_PATH}/telegram-bridge/registration.yaml:/app_services/telegram-registration.yaml - ${CONF_PATH}/facebook-bridge/registration.yaml:/app_services/facebook-registration.yaml - ${CONF_PATH}/webhooks/appservice-registration-webhooks.yaml:/app_services/webhooks-registration.yaml networks: - db - - proxy + - traefik-public - bots labels: - - traefik.docker.network=proxy + - traefik.docker.network=traefik-public - traefik.http.routers.homeserver.rule=Host(`matrix.${DOMAIN}`) - traefik.http.services.homeserver.loadbalancer.server.port=8448 - traefik.http.services.homeserver.loadbalancer.server.scheme=https - traefik.http.middlewares.homeserver.headers.customrequestheaders.X-Forwarded-Proto=https - traefik.http.routers.homeserver.middlewares=homeserver - traefik.http.routers.homeserver.tls=true - + ## ELEMENT WEB CLIENT webchat: image: vectorim/element-web container_name: webchat restart: always depends_on: - - homeserver + - synapse networks: - - proxy + - traefik-public labels: - - traefik.docker.network=proxy + - traefik.docker.network=traefik-public - traefik.http.routers.webchat.rule=Host(`webchat.${DOMAIN}`) - traefik.http.services.webchat.loadbalancer.server.port=80 - traefik.http.middlewares.webchat.headers.customrequestheaders.X-Forwarded-Proto=https @@ -106,11 +104,11 @@ services: admin: image: awesometechnologies/synapse-admin container_name: admin - restart: always + restart: unless-stopped networks: - - proxy + - traefik-public labels: - - traefik.docker.network=proxy + - traefik.docker.network=traefik-public - traefik.http.routers.admin.rule=Host(`admin.${DOMAIN}`) - traefik.http.services.admin.loadbalancer.server.port=80 - traefik.http.middlewares.admin.headers.customrequestheaders.X-Forwarded-Proto=https @@ -122,9 +120,9 @@ services: telegram-bridge: container_name: telegram-bridge image: dock.mau.dev/mautrix/telegram:latest - restart: always + restart: unless-stopped depends_on: - - homeserver + - synapse volumes: - ${CONF_PATH}/telegram-bridge:/data networks: @@ -133,11 +131,11 @@ services: - traefik.enable=false facebook-bridge: - container_name: facebook-bridge - image: dock.mau.dev/mautrix/facebook:latest - restart: always + container_name: meta-bridge + image: dock.mau.dev/mautrix/meta:latest + restart: unless-stopped depends_on: - - homeserver + - synapse volumes: - ${CONF_PATH}/facebook-bridge:/data networks: @@ -151,14 +149,14 @@ services: image: turt2live/matrix-appservice-webhooks restart: always depends_on: - - homeserver + - synapse volumes: - ${CONF_PATH}/webhooks:/data networks: - bots - - proxy + - traefik-public labels: - - traefik.docker.network=proxy + - traefik.docker.network=public - traefik.http.routers.webhook-service.rule=Host(`webhooks.${DOMAIN}`) - traefik.http.services.webhook-service.loadbalancer.server.port=29316 - traefik.http.middlewares.webhook-service.headers.customrequestheaders.X-Forwarded-Proto=https @@ -171,14 +169,14 @@ services: container_name: maubot restart: always depends_on: - - homeserver + - synapse volumes: - ${CONF_PATH}/maubot:/data networks: - bots - - proxy + - traefik-public labels: - - traefik.docker.network=proxy + - traefik.docker.network=traefik-public - traefik.http.routers.maubot.rule=Host(`maubot.${DOMAIN}`) - traefik.http.services.maubot.loadbalancer.server.port=29316 - traefik.http.middlewares.maubot.headers.customrequestheaders.X-Forwarded-Proto=https diff --git a/synapse.env b/synapse.env index 05cdca1..b3f060a 100644 --- a/synapse.env +++ b/synapse.env @@ -1,2 +1,2 @@ -SYNAPSE_SERVER_NAME=matrix.ms.local -TZ=Europe/Athens \ No newline at end of file +SYNAPSE_SERVER_NAME=matrix.niefelheim.com +TZ=Europe/Stockholm