version: "3.8" ####### x-healthcheck: &x-healthcheck test: curl --fail http://127.0.0.1 || exit 1 interval: 60s retries: 5 start_period: 20s timeout: 10s x-service: &x-service-base container_name: base restart: always expose: - ${SERVICE_PORT} environment: MYSQL_CONTAINER_NAME: ${MYSQL_CONTAINER_NAME} MYSQL_HOST: ${MYSQL_HOST} MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} MYSQL_DATABASE: ${MYSQL_DATABASE} MYSQL_USER: ${MYSQL_USER} MYSQL_PASSWORD: ${MYSQL_PASSWORD} DATABASE_MIGRATION: ${DATABASE_MIGRATION} APP_DOTNET_ENV: ${APP_DOTNET_ENV} APP_KNOWN_NETWORKS: ${APP_KNOWN_NETWORKS} APP_KNOWN_PROXIES: ${APP_KNOWN_PROXIES} APP_CORE_BASE_DOMAIN: ${APP_CORE_BASE_DOMAIN} APP_CORE_MACHINEKEY: ${APP_CORE_MACHINEKEY} APP_URL_PORTAL: ${APP_URL_PORTAL} INSTALLATION_TYPE: ${INSTALLATION_TYPE} OAUTH_REDIRECT_URL: ${OAUTH_REDIRECT_URL} DOCUMENT_SERVER_JWT_SECRET: ${DOCUMENT_SERVER_JWT_SECRET} DOCUMENT_SERVER_JWT_HEADER: ${DOCUMENT_SERVER_JWT_HEADER} DOCUMENT_SERVER_URL_PUBLIC: ${DOCUMENT_SERVER_URL_PUBLIC} DOCUMENT_CONTAINER_NAME: ${DOCUMENT_CONTAINER_NAME} DOCUMENT_SERVER_URL_EXTERNAL: ${DOCUMENT_SERVER_URL_EXTERNAL} # KAFKA_HOST: ${KAFKA_HOST} ELK_CONTAINER_NAME: ${ELK_CONTAINER_NAME} ELK_SHEME: ${ELK_SHEME} ELK_HOST: ${ELK_HOST} ELK_PORT: ${ELK_PORT} REDIS_CONTAINER_NAME: ${REDIS_CONTAINER_NAME} REDIS_HOST: ${REDIS_HOST} REDIS_PORT: ${REDIS_PORT} REDIS_USER_NAME: ${REDIS_USER_NAME} REDIS_PASSWORD: ${REDIS_PASSWORD} RABBIT_CONTAINER_NAME: ${RABBIT_CONTAINER_NAME} RABBIT_HOST: ${RABBIT_HOST} RABBIT_PORT: ${RABBIT_PORT} RABBIT_VIRTUAL_HOST: ${RABBIT_VIRTUAL_HOST} RABBIT_USER_NAME: ${RABBIT_USER_NAME} RABBIT_PASSWORD: ${RABBIT_PASSWORD} ROUTER_HOST: ${ROUTER_HOST} LOG_LEVEL: ${LOG_LEVEL} DEBUG_INFO: ${DEBUG_INFO} # added for STEP-CA # STEP_CA_FQDN: ${STEP_CA_FQDN} # NODE_EXTRA_CA_CERTS: ${NODE_EXTRA_CA_CERTS} volumes: - ./data/app_data:/app/onlyoffice/data # changed - files_data:/var/www/products/ASC.Files/server/ - people_data:/var/www/products/ASC.People/server/ # added for STEP-CA # - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro # - ./data/step_ca/${STEP_CA_FQDN}.crt:/usr/local/share/ca-certificates/${STEP_CA_FQDN}.crt # added depends_on: onlyoffice-migration-runner: condition: service_completed_successfully onlyoffice-mysql-server: condition: service_healthy ####### ####### services: onlyoffice-mysql-server: image: ${MYSQL_IMAGE} command: --default-authentication-plugin=caching_sha2_password cap_add: - SYS_NICE container_name: ${MYSQL_CONTAINER_NAME} restart: always # tty: true user: mysql expose: - "3306" ports: - 33060:3306 environment: MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD} MYSQL_DATABASE: ${MYSQL_DATABASE} MYSQL_USER: ${MYSQL_USER} MYSQL_PASSWORD: ${MYSQL_PASSWORD} volumes: - ./data/mysql_data:/var/lib/mysql # changed - ./config/mysql/conf.d/:/etc/mysql/conf.d # added healthcheck: test: ["CMD", "mysqladmin" ,"ping", "-h", "localhost"] timeout: 20s retries: 10 onlyoffice-migration-runner: image: "${REPO}/${DOCKER_IMAGE_PREFIX}-migration-runner:${DOCKER_TAG}" container_name: ${MIGRATION_RUNNER_HOST} restart: "no" environment: MYSQL_CONTAINER_NAME: ${MYSQL_CONTAINER_NAME} MYSQL_HOST: ${MYSQL_HOST} MYSQL_DATABASE: ${MYSQL_DATABASE} MYSQL_USER: ${MYSQL_USER} MYSQL_PASSWORD: ${MYSQL_PASSWORD} # added depends_on: onlyoffice-mysql-server: condition: service_healthy ####### ####### onlyoffice-rabbitmq: image: rabbitmq:3 container_name: ${RABBIT_CONTAINER_NAME} restart: always expose: - "5672" - "80" onlyoffice-redis: image: redis:7 container_name: ${REDIS_CONTAINER_NAME} restart: always expose: - "6379" onlyoffice-elasticsearch: image: onlyoffice/elasticsearch:${ELK_VERSION} container_name: ${ELK_CONTAINER_NAME} restart: always environment: - discovery.type=single-node - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms1g -Xmx1g -Dlog4j2.formatMsgNoLookups=true" # changed Xms4g > Xms1g - "indices.fielddata.cache.size=30%" - "indices.memory.index_buffer_size=30%" - "ingest.geoip.downloader.enabled=false" ulimits: # memlock: # changed for LXC # soft: -1 # changed for LXC # hard: -1 # changed for LXC nofile: soft: 65535 hard: 65535 volumes: - ./data/es_data:/usr/share/elasticsearch/data # changed expose: - "9200" - "9300" ####### ####### onlyoffice-backup-background-tasks: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-backup-background:${DOCKER_TAG}" container_name: ${BACKUP_BACKGRUOND_TASKS_HOST} healthcheck: <<: *x-healthcheck test: curl --fail http://${SERVICE_BACKUP_BACKGRUOND_TASKS}/health/ || exit 1 onlyoffice-backup: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-backup:${DOCKER_TAG}" container_name: ${BACKUP_HOST} healthcheck: <<: *x-healthcheck test: curl --fail http://${SERVICE_BACKUP}/health/ || exit 1 onlyoffice-clear-events: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-clear-events:${DOCKER_TAG}" container_name: ${CLEAR_EVENTS_HOST} healthcheck: <<: *x-healthcheck test: curl --fail http://${SERVICE_CLEAR_EVENTS}/health/ || exit 1 onlyoffice-files: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-files:${DOCKER_TAG}" container_name: ${FILES_HOST} healthcheck: <<: *x-healthcheck test: curl --fail http://${SERVICE_FILES}/health/ || exit 1 onlyoffice-files-services: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-files-services:${DOCKER_TAG}" container_name: ${FILES_SERVICES_HOST} healthcheck: <<: *x-healthcheck test: curl --fail http://${SERVICE_FILES_SERVICES}/health/ || exit 1 onlyoffice-people-server: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-people-server:${DOCKER_TAG}" container_name: ${PEOPLE_SERVER_HOST} healthcheck: <<: *x-healthcheck test: curl --fail http://${SERVICE_PEOPLE_SERVER}/health/ || exit 1 onlyoffice-socket: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-socket:${DOCKER_TAG}" container_name: ${SOCKET_HOST} expose: - ${SERVICE_PORT} onlyoffice-studio-notify: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-studio-notify:${DOCKER_TAG}" container_name: ${STUDIO_NOTIFY_HOST} healthcheck: <<: *x-healthcheck test: curl --fail http://${SERVICE_STUDIO_NOTIFY}/health/ || exit 1 onlyoffice-api: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-api:${DOCKER_TAG}" container_name: ${API_HOST} healthcheck: <<: *x-healthcheck test: curl --fail http://${SERVICE_API}/health/ || exit 1 onlyoffice-api-system: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-api-system:${DOCKER_TAG}" container_name: ${API_SYSTEM_HOST} healthcheck: <<: *x-healthcheck test: curl --fail http://${SERVICE_API_SYSTEM}/health/ || exit 1 onlyoffice-studio: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-studio:${DOCKER_TAG}" container_name: ${STUDIO_HOST} healthcheck: <<: *x-healthcheck test: curl --fail http://${SERVICE_STUDIO}/health/ || exit 1 onlyoffice-ssoauth: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-ssoauth:${DOCKER_TAG}" container_name: ${SSOAUTH_HOST} expose: - ${SERVICE_PORT} - "9834" onlyoffice-doceditor: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-doceditor:${DOCKER_TAG}" container_name: ${DOCEDITOR_HOST} expose: - "5013" healthcheck: <<: *x-healthcheck test: curl --fail http://${SERVICE_DOCEDITOR}/health || exit 1 onlyoffice-login: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-login:${DOCKER_TAG}" container_name: ${LOGIN_HOST} expose: - "5011" healthcheck: <<: *x-healthcheck test: curl --fail http://${SERVICE_LOGIN}/health || exit 1 ####### ####### onlyoffice-router: image: "${REPO}/${DOCKER_IMAGE_PREFIX}-router:${DOCKER_TAG}" container_name: ${ROUTER_HOST} restart: always healthcheck: <<: *x-healthcheck test: nginx -t || exit 1 expose: - "8081" - "8099" - "8092" depends_on: - onlyoffice-backup-background-tasks - onlyoffice-backup - onlyoffice-clear-events - onlyoffice-files - onlyoffice-files-services - onlyoffice-people-server - onlyoffice-socket - onlyoffice-studio-notify - onlyoffice-api - onlyoffice-api-system - onlyoffice-studio - onlyoffice-ssoauth - onlyoffice-doceditor - onlyoffice-login environment: - SERVICE_BACKUP=${SERVICE_BACKUP} - SERVICE_FILES=${SERVICE_FILES} - SERVICE_FILES_SERVICES=${SERVICE_FILES_SERVICES} - SERVICE_CLEAR_EVENTS=${SERVICE_CLEAR_EVENTS} - SERVICE_NOTIFY=${SERVICE_NOTIFY} - SERVICE_PEOPLE_SERVER=${SERVICE_PEOPLE_SERVER} - SERVICE_SOCKET=${SERVICE_SOCKET} - SERVICE_STUDIO_NOTIFY=${SERVICE_STUDIO_NOTIFY} - SERVICE_API=${SERVICE_API} - SERVICE_API_SYSTEM=${SERVICE_API_SYSTEM} - SERVICE_STUDIO=${SERVICE_STUDIO} - SERVICE_SSOAUTH=${SERVICE_SSOAUTH} - SERVICE_DOCEDITOR=${SERVICE_DOCEDITOR} - SERVICE_LOGIN=${SERVICE_LOGIN} - SERVICE_HELTHCHECKS=${SERVICE_HELTHCHECKS} - WRONG_PORTAL_NAME_URL=${WRONG_PORTAL_NAME_URL} - DOCUMENT_CONTAINER_NAME=${DOCUMENT_CONTAINER_NAME} - DOCUMENT_SERVER_URL_EXTERNAL=${DOCUMENT_SERVER_URL_EXTERNAL} - REDIS_CONTAINER_NAME=${REDIS_CONTAINER_NAME} - REDIS_HOST=${REDIS_HOST} - REDIS_PORT=${REDIS_PORT} - REDIS_PASSWORD=${REDIS_PASSWORD} - SERVICE_PORT=${SERVICE_PORT} volumes: - ./data/router_log:/var/log/nginx onlyoffice-proxy: image: nginx container_name: ${PROXY_HOST} restart: always healthcheck: <<: *x-healthcheck test: nginx -t || exit 1 ports: - ${EXTERNAL_PORT}:80 # - 443:443 # for selfsigned ssl environment: - ROUTER_HOST=${ROUTER_HOST} volumes: - ./data/webroot_path:/letsencrypt # changed - ./data/proxy_log:/var/log/nginx # changed - ./config/nginx/templates/nginx.conf.template:/etc/nginx/nginx.conf - ./config/nginx/letsencrypt.conf:/etc/nginx/includes/letsencrypt.conf - ./config/nginx/templates/proxy.upstream.conf.template:/etc/nginx/templates/proxy.upstream.conf.template:ro - ./config/nginx/onlyoffice-proxy.conf:/etc/nginx/conf.d/default.conf # - ${CERTIFICATE_PATH}:/usr/local/share/ca-certificates/tls.crt # for selfsigned ssl # - ${CERTIFICATE_KEY_PATH}:/etc/ssl/private/tls.key # for selfsigned ssl # - ${DHPARAM_PATH}:/etc/ssl/certs/dhparam.pem # for selfsigned ssl ####### ####### onlyoffice-notify: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-notify:${DOCKER_TAG}" container_name: ${NOTIFY_HOST} healthcheck: <<: *x-healthcheck test: curl --fail http://${SERVICE_NOTIFY}/health/ || exit 1 onlyoffice-health-checks-ui: <<: *x-service-base image: "${REPO}/${DOCKER_IMAGE_PREFIX}-healthchecks:${DOCKER_TAG}" container_name: ${HELTHCHECKS_HOST} ####### networks: onlyoffice: volumes: files_data: people_data: # mysql_data: # es_data: # router_log: # proxy_log: # webroot_path: # app_data: # crm_data: # project_data: # calendar_data: # mail_data: