version: '2.4' volumes: proxy-data: deployment-data: postgresql-data: manager-data: # Add an NFS volume to the stack efs-data: driver: local driver_opts: type: nfs o: "addr=${EFS_DNS?DNS must be set to mount NFS volume},rw,nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport" device: ":/" x-logging: &awslogs logging: driver: awslogs options: awslogs-region: ${AWS_REGION:-eu-west-2} awslogs-group: ${DOMAINNAME} awslogs-create-group: 'true' tag: "{{.Name}}/{{.ID}}" services: # This service will only populate an empty volume on startup and then exit. # If the volume already contains data, it exits immediately. deployment: image: softwareclever/deployment${DEPLOYMENT_VERSION?DEPLOYMENT_VERSION must be set} volumes: - deployment-data:/deployment proxy: image: openremote/proxy:${PROXY_VERSION:-latest} restart: always depends_on: manager: condition: service_healthy ports: - "80:80" - "${OR_SSL_PORT:-443}:443" - "8883:8883" volumes: - proxy-data:/deployment - deployment-data:/data environment: LE_EMAIL: ${OR_EMAIL_ADMIN:-} #DOMAINNAME: ${DOMAINNAME:-localhost} #DOMAINNAMES: ${DOMAINNAMES:-} DOMAINNAME: ${OR_HOSTNAME?OR_HOSTNAME must be set} DOMAINNAMES: ${OR_ADDITIONAL_HOSTNAMES:-} PROXY_LOGLEVEL: ${PROXY_LOGLEVEL:-debug} # Enable --staging will manage fake certificates, so avoid hitting the rate limits of Let's Encrypt # when testing (this is important, you are limited to 5 duplicate certificates per week!) # e.g. '--staging' LE_EXTRA_ARGS: ${PROXY_EXTRA_ARGS:-} # The proxy supports up to 10 custom redirects from hostname to any path on the # manager service. # e.g. PROXY_HOST_REDIRECT_1_NAME: www.my-console-master.tld # PROXY_HOST_REDIRECT_1_TARGET: /console/master PROXY_HOST_REDIRECT_1_NAME: PROXY_HOST_REDIRECT_1_TARGET: PROXY_HOST_REDIRECT_2_NAME: PROXY_HOST_REDIRECT_2_TARGET: PROXY_HOST_REDIRECT_3_NAME: PROXY_HOST_REDIRECT_3_TARGET: PROXY_HOST_REDIRECT_4_NAME: PROXY_HOST_REDIRECT_4_TARGET: PROXY_HOST_REDIRECT_5_NAME: PROXY_HOST_REDIRECT_5_TARGET: PROXY_HOST_REDIRECT_6_NAME: PROXY_HOST_REDIRECT_6_TARGET: PROXY_HOST_REDIRECT_7_NAME: PROXY_HOST_REDIRECT_7_TARGET: PROXY_HOST_REDIRECT_8_NAME: PROXY_HOST_REDIRECT_8_TARGET: PROXY_HOST_REDIRECT_9_NAME: PROXY_HOST_REDIRECT_9_TARGET: PROXY_HOST_REDIRECT_10_NAME: PROXY_HOST_REDIRECT_10_TARGET: <<: *awslogs postgresql: image: openremote/postgresql${POSTGRESQL_VERSION:-:latest} restart: always volumes: - postgresql-data:/var/lib/postgresql/data - manager-data:/storage <<: *awslogs keycloak: image: openremote/keycloak${KEYCLOAK_VERSION:-:latest} restart: always depends_on: postgresql: condition: service_healthy volumes: - deployment-data:/deployment environment: TZ: ${TZ:-Europe/London} # Switch to debug to diagnose Keycloak problems; default: KC_LOG_LEVEL: ${KC_LOG_LEVEL:-debug} # Configure how Keycloak connects to the database KC_DB_URL_HOST: ${KC_DB_URL_HOST:-postgresql} KC_DB_URL_PORT: ${KC_DB_URL_PORT:-5432} KC_DB_URL_DATABASE: ${KC_DB_URL_DATABASE:-openremote} KC_DB_SCHEMA: ${KC_DB_SCHEMA:-public} KC_DB_USERNAME: ${KC_DB_USERNAME:-postgres} KC_DB_PASSWORD: ${KC_DB_PASSWORD:-postgres} # Configure web server KEYCLOAK_ADMIN_PASSWORD: ${OR_ADMIN_PASSWORD:?OR_ADMIN_PASSWORD must be set} KC_HOSTNAME: ${OR_HOSTNAME:-localhost} KC_HOSTNAME_PORT: ${OR_SSL_PORT:--1} <<: *awslogs manager: image: softwareclever/manager${MANAGER_VERSION:-latest} restart: always depends_on: keycloak: condition: service_healthy volumes: - manager-data:/storage - deployment-data:/deployment - efs-data:/efs # Map data should be accessed from a volume mount # 1). Host filesystem - /deployment.local:/deployment.local # 2) NFS/EFS network mount - efs-data:/efs environment: # It is important that all services have the same timezone and are time synchronized. # Bearer tokens are only valid for minutes, and authentication fails if Keycloak drifts TZ: ${TZ:-Europe/London} OR_ADMIN_PASSWORD: ${OR_ADMIN_PASSWORD?OR_ADMIN_PASSWORD must be set} # This value is passed to SetupTasks can be used to determine what assets etc. should be setup for this deployment # the available values and general use of this is dependent on the actual SetupTasks available in the instance # being deployed some basic recommendations are 'production', 'staging' OR_SETUP_TYPE: ${OR_SETUP_TYPE} # The public HOSTNAME and SSL PORT of this manager OR_SSL_PORT: ${OR_SSL_PORT:--1} OR_HOSTNAME: ${OR_HOSTNAME?OR_HOSTNAME must be set} # Additional hostnames that should be allowed to access the auth server OR_ADDITIONAL_HOSTNAMES: ${OR_ADDITIONAL_HOSTNAMES:-} # Configure Email, SMTP server to send password reset emails etc. OR_EMAIL_HOST: OR_EMAIL_USER: OR_EMAIL_PASSWORD: OR_EMAIL_PORT: ${OR_EMAIL_PORT} OR_EMAIL_TLS: ${OR_EMAIL_TLS} OR_EMAIL_X_HEADERS: ${OR_EMAIL_X_HEADERS:-} # Headers to set on all outbound emails OR_EMAIL_PROTOCOL: ${OR_EMAIL_PROTOCOL} # smtp or smtps for SSL (if TLS not set or is true then smtp is assumed) # Where to send admin emails to OR_EMAIL_ADMIN: ${OR_EMAIL_ADMIN} # From address for emails sent by the system OR_EMAIL_FROM: ${OR_EMAIL_FROM} # Developer mode (see code for usages of OR_DEV_MODE flag) OR_DEV_MODE: ${OR_DEV_MODE:-false} # !! WARNING: This will wipe your database !! # Force a full clean and setup on startup irrespective of whether there is existing data # Default behaviour is false unless OR_DEV_MODE = true or openremote database doesn't already exist OR_SETUP_RUN_ON_RESTART: ${OR_SETUP_RUN_ON_RESTART:-false} # Map related settings. # Provide a path to the map tiles database file (see https://openmaptiles.com/). OR_MAP_TILES_PATH: ${OR_MAP_TILES_PATH?OR_MAP_TILES_PATH must be set} # Override the map settings such as center location and zoom when opening the # manager's map, as well as other style details and colours. OR_MAP_SETTINGS_PATH: ${OR_MAP_SETTINGS_PATH:-/deployment/map/mapsettings.json} <<: *awslogs