|
| 1 | +version: "3.3" |
| 2 | +services: |
| 3 | + mongodb: |
| 4 | + image: "mongo" |
| 5 | + # if you get MongoDB 5.0+ require a CPU with AVX support, then try using version 4 instead |
| 6 | + # image: "mongo:4.4.8" |
| 7 | + restart: always |
| 8 | + volumes: |
| 9 | + - mongodb_data:/data/db |
| 10 | + environment: |
| 11 | + - MONGO_REPLICA_SET_NAME=rs0 |
| 12 | + # healthcheck: |
| 13 | + # test: test $$(echo "if (rs.status().codeName == 'NotYetInitialized') { rs.initiate() }; if (rs.status().codeName == 'InvalidReplicaSetConfig') { cfg = rs.conf(); cfg.members[0].host = hostname() + ':27017'; rs.reconfig(cfg, {force:true}); };" | mongo --quiet) -eq 1 |
| 14 | + # interval: 10s |
| 15 | + # start_period: 30s |
| 16 | + # healthcheck: |
| 17 | + # test: test $$(echo "if (rs.status().codeName == 'NotYetInitialized') { rs.initiate() }; if (rs.status().codeName == 'InvalidReplicaSetConfig') { cfg = rs.conf(); cfg.members[0].host = 'mongodb:27017'; rs.reconfig(cfg, {force:true}); };" | mongo --quiet) -eq 1 |
| 18 | + # interval: 10s |
| 19 | + # start_period: 30s |
| 20 | + command: "--bind_ip_all --replSet rs0" |
| 21 | + ports: |
| 22 | + - "27017:27017" |
| 23 | + mongosetup: |
| 24 | + image: "mongo" |
| 25 | + depends_on: |
| 26 | + - mongodb |
| 27 | + restart: "no" |
| 28 | + entrypoint: [ "bash", "-c", "sleep 10 && mongo --host mongodb:27017 --eval 'if (rs.status().codeName == \"NotYetInitialized\") { rs.initiate({_id: \"rs0\", version: 1, members: [ { _id: 0, host : \"mongodb:27017\" }]}) }'"] |
| 29 | + # mongoexpress: |
| 30 | + # labels: |
| 31 | + # - "traefik.enable=true" |
| 32 | + # - "traefik.http.routers.mongoexpress.rule=Host(`express.localhost.openiap.io`)" |
| 33 | + # - "traefik.http.routers.mongoexpress.entrypoints=web" |
| 34 | + # - "traefik.http.services.mongoexpress.loadbalancer.server.port=8081" |
| 35 | + # image: "mongo-express" |
| 36 | + # environment: |
| 37 | + # - ME_CONFIG_MONGODB_SERVER=mongodb |
| 38 | + traefik: |
| 39 | + image: "traefik" |
| 40 | + container_name: "traefik" |
| 41 | + command: |
| 42 | + - "--api.insecure=true" |
| 43 | + - "--providers.docker=true" |
| 44 | + - "--providers.docker.exposedbydefault=false" |
| 45 | + - "--entrypoints.web.address=:80" |
| 46 | + ports: |
| 47 | + - "80:80" |
| 48 | + volumes: |
| 49 | + - "//var/run/docker.sock:/var/run/docker.sock:ro" |
| 50 | + rabbitmq: |
| 51 | + labels: |
| 52 | + - "traefik.enable=true" |
| 53 | + - "traefik.http.routers.rabbitmq.rule=Host(`mq.localhost.openiap.io`)" |
| 54 | + - "traefik.http.routers.rabbitmq.entrypoints=web" |
| 55 | + - "traefik.http.services.rabbitmq.loadbalancer.server.port=15672" |
| 56 | + image: "rabbitmq:3-management" |
| 57 | + container_name: "rabbitmq" |
| 58 | + restart: always |
| 59 | + api: |
| 60 | + labels: |
| 61 | + - "traefik.enable=true" |
| 62 | + - "traefik.http.routers.web.rule=Host(`localhost.openiap.io`)" |
| 63 | + - "traefik.http.routers.web.entrypoints=web" |
| 64 | + - "traefik.http.services.web.loadbalancer.server.port=3000" |
| 65 | + - "traefik.frontend.passHostHeader=true" |
| 66 | + image: "openiap/openflow" |
| 67 | + deploy: |
| 68 | + replicas: 1 |
| 69 | + pull_policy: always |
| 70 | + restart: always |
| 71 | + volumes: |
| 72 | + - "//var/run/docker.sock:/var/run/docker.sock" |
| 73 | + depends_on: |
| 74 | + - rabbitmq |
| 75 | + - mongodb |
| 76 | + environment: |
| 77 | + - update_acl_based_on_groups=true |
| 78 | + - multi_tenant=false |
| 79 | + - auto_create_users=true |
| 80 | + - auto_create_domains= |
| 81 | + - allow_personal_nodered=true |
| 82 | + - auto_create_personal_nodered_group=false |
| 83 | + - tls_crt= |
| 84 | + - tls_key= |
| 85 | + - tls_ca= |
| 86 | + - tls_passphrase= |
| 87 | + - api_bypass_perm_check=false |
| 88 | + - websocket_package_size=25000 |
| 89 | + - websocket_max_package_count=1048576 |
| 90 | + - protocol=http |
| 91 | + - port=3000 |
| 92 | + - domain=localhost.openiap.io |
| 93 | + |
| 94 | + - HTTP_PROXY= |
| 95 | + - HTTPS_PROXY= |
| 96 | + - NO_PROXY= |
| 97 | + |
| 98 | + - enable_openflow_amqp=false # enable this to use the openflow amqp, only usefull when you have more than one replicas |
| 99 | + - amqp_prefetch=25 |
| 100 | + - socket_rate_limit=true |
| 101 | + - socket_rate_limit_points=1000 |
| 102 | + - socket_rate_limit_points_disconnect=2500 |
| 103 | + |
| 104 | + - nodered_images=[{"name":"Latest Plain Nodered", |
| 105 | + "image":"openiap/nodered"},{"name":"Latest Puppeteer Nodered", |
| 106 | + "image":"openiap/nodered-puppeteer"},{"name":"Latest TagUI Nodered", |
| 107 | + "image":"openiap/nodered-tagui"}] |
| 108 | + - nodered_ws_url=ws://web:3000 |
| 109 | + - saml_federation_metadata=http://web:3000/issue/FederationMetadata/2007-06/FederationMetadata.xml |
| 110 | + - amqp_url=amqp://guest:guest@rabbitmq |
| 111 | + - mongodb_url=mongodb://mongodb:27017/?replicaSet=rs0 |
| 112 | + # - mongodb_url=mongodb://mongodb:27017 |
| 113 | + |
| 114 | + - skip_history_collections=audit,openrpa_instances,workflow_instances |
| 115 | + - allow_skiphistory=false |
| 116 | + |
| 117 | + - saml_issuer=uri:localhost.openiap.io |
| 118 | + - aes_secret=7TXsxf7cn9EkUqm5h4MEWGjzkxkNCk2K |
| 119 | + - signing_crt=LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZRENDQWtpZ0F3SUJBZ0lKQUsrSll6OGQ1bURxTUEwR0NTcUdTSWIzRFFFQkN3VUFNRVV4Q3pBSkJnTlYKQkFZVEFrRlZNUk13RVFZRFZRUUlEQXBUYjIxbExWTjBZWFJsTVNFd0h3WURWUVFLREJoSmJuUmxjbTVsZENCWAphV1JuYVhSeklGQjBlU0JNZEdRd0hoY05NVGt3TnpFd01UZ3dPVEl4V2hjTk1Ua3dPREE1TVRnd09USXhXakJGCk1Rc3dDUVlEVlFRR0V3SkJWVEVUTUJFR0ExVUVDQXdLVTI5dFpTMVRkR0YwWlRFaE1COEdBMVVFQ2d3WVNXNTAKWlhKdVpYUWdWMmxrWjJsMGN5QlFkSGtnVEhSa01JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQgpDZ0tDQVFFQTZrcEo4eHFUUU9pRzVmTUt4T1U5VzZDbVVSSWJnb2ZoSHZwVVZWVDBoMnRsakFsc2Z2cWRzSk5MClZBd3dySW55V2ZNYlVHZGE3M21MTG9XdEM0L3RYUlNEQktnK2J6MXhRSHNzcjVaMmVueDhYdGtRSDVHZ1crOVQKajdhbVNZL0l0SUFiME5qL1NRaVozK0JPN0tpeTJpMWFVdlJBeVp5UVpVcyt1aWlIRkNJekhBbXltV0ovNXdrdwptb2ZUYjUxWWlqZ2xiaGdZVllUcXdVdmpscEIvbWFnWjV3VENuOWpmbG16bGY1aSs5aTAxSHU1U1RXNW9JSnovCm9oQ25Mam4wM2c4NXA5dllFaTJLUkM2dW84Nnp5Y1pxL1lKQzVNTlVPTzZRanlZYXQ4RjBYWVVQNzhzS1l2OCsKYTF3WmlDNFZhSWt2OEFaOUJua0hFbllBRnhpZ2RRSURBUUFCbzFNd1VUQWRCZ05WSFE0RUZnUVVsenEzdDBOWQowckpwSmpIMXRoQitlV0M2SGJZd0h3WURWUjBqQkJnd0ZvQVVsenEzdDBOWTBySnBKakgxdGhCK2VXQzZIYll3CkR3WURWUjBUQVFIL0JBVXdBd0VCL3pBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQW8rOHJDVllXOFc5UzZxUDQKdzVoSEMyTk5WMGJIVmgyQ3FZbmp3RXVTTjM4NWgvUWd3TmlIZE5NQzJXUHd4VytwSmZ4Q0Y1ZGZOMzUrZ085YworOTg1UHYzYVoyZ3BmcWVaRTFKZ2JqUTFiTkVWT3BqRDV0dVlNRE55YWpraS9oWVdDaVBSams5ZG1nQVV4cHdpCkZuTUdlemk4K080dXQyRW1DaHhUYlZUQ1psRnJwRWpqSTF1WUVmQ2l5NmZaUXV2bnpCeU5QZ3FUQS9RWXhMZkIKRWE4cFpOMk5LNm5IdEF0clhyRkYveFh6OHJRYWlyVFYrVm9yQXQxdzYzZ1VTWGc1VU55R2JZaDErdFRzWTdoYQpNamkwSFNYQkxtL0dHb05XaHBDVVpDVDU0NWJ6SmdJNjJwd2hKcVlyWm5jYlBDRzRaWXhHZzIxTVZLdkJaL29pCkFYcStpQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K |
| 120 | + - singing_key=LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRHFTa256R3BOQTZJYmwKOHdyRTVUMWJvS1pSRWh1Q2grRWUrbFJWVlBTSGEyV01DV3grK3Ayd2swdFVERENzaWZKWjh4dFFaMXJ2ZVlzdQpoYTBMaisxZEZJTUVxRDV2UFhGQWV5eXZsblo2Zkh4ZTJSQWZrYUJiNzFPUHRxWkpqOGkwZ0J2UTJQOUpDSm5mCjRFN3NxTExhTFZwUzlFREpuSkJsU3o2NktJY1VJak1jQ2JLWlluL25DVENhaDlOdm5WaUtPQ1Z1R0JoVmhPckIKUytPV2tIK1pxQm5uQk1LZjJOK1diT1YvbUw3MkxUVWU3bEpOYm1nZ25QK2lFS2N1T2ZUZUR6bW4yOWdTTFlwRQpMcTZqenJQSnhtcjlna0xrdzFRNDdwQ1BKaHEzd1hSZGhRL3Z5d3BpL3o1clhCbUlMaFZvaVMvd0JuMEdlUWNTCmRnQVhHS0IxQWdNQkFBRUNnZ0VBTXVEZkhrUHZKbkZZbWljbGQ0eXd2bTBzc1A1VnF3c0hBRXNzZFR0MXZ0SzcKd3FWcFFrbjZaSllZRGJCNEFZQVRlU1VxRVZQZ2s1QzVnT2pXbzJRbUQ4aWNpeTVlSUpvZk5mbUp3cmZTRXRkbAp5dE1vaFRLQ3VIUkltVFQ0OTVDWjdWakVzWjN1RWxZajFGSkowV3J4TENBZE5WYUZtMEs4dU1LV1pLYllicTUwCk40SkdBVVA4cXpzVGsxMFcwL1JsVkhjN3MxcVJMYmhUaHVmeWZqdkFsWlRDUStzNld2Z1FzNTljZis5ZkRpenEKeDlFYTRmclN4SkFzdmhEZ3lmd0FCSHVYcEl5ZGFJNEQ1UkZYRXBGQW1SYkZGRkFhNW9Zam5XT1BiQmVKUHJUUApMckxmcU03NkVaZ1pXclU5UmgwN2VXeVMwdlAyVEhmNGo4eTNYWEpFQVFLQmdRRDVyVTFnQlNLdXhxZVZkWFZRCkp1RXVIVnVFTEkzS0hITVRGb1R1cEFKU2R1b3VSMXNmYjZHc1RPQWFmamp6QlpHdFFFa3R4c3pEemFTTVh5OHYKYU5mT1QvcTlZYXFwdSt3cno5dXp4dnBhY1pQZHg3TGJUWGwwYmRKR2FPRHdNYWY3bHRDcmo1WVZ6Vk9GSGsvZgpCYndGV1ZQTUJORldCMEZMZzU1dGN6cjFGUUtCZ1FEd09UdEp2TXNtZVZFVU1aUnFnNjB0U2FyN0pjeHJKRklrCno5ZFdIUW1xS1dpNzFob3krbHBqM0FwRnhBQ3lPY2dmZE03VFQyb25rcXB1c0NUNlliZThXT3BrWWxIMGlpUmQKWkVISC9zakhySzNEaktJWEIvSEVyVEdrOVJNaTdiNUd4NGYweVVkM2hqd0E2Y2dGRDlyd0l6VyszMjM0Z2xlNwphdzlIRFpxVjRRS0JnQVBiOXVjMkRSd3dlK1NtaFNLeEJ5Z0VVaWJQM1gwelJXQVZLQWJjU0NEb0w2UjVlK0lYCmdxTThLUGFmM3RkNnpZNmxBTHlSWnhiYnRlQnBsRHdpWGJ1VnB1V0lmZS9UdE1uVWs2dkt0cEh4VVh6TEdtdWoKWGU0N3lGVklSN25PdXE3NzNNdmFFMUxROHFxTEZtYjNHcm5tY0pJbHZPcWNnQmpmdHZJd0pzZ2xBb0dBU1RtWQoyZlJEbEptOFhrUnlzamtySzdmZDk2cGc4blBpMmpmRXN3b3M3UUtzV3oxN1JQak5YczB2RUc4YnF6Z3p5V3JvCnRMN3JZOTZ3TndkWWJqNGxMTE9KMTBtbEk3Nk1NUytqWVp4SGhaNGNaWlJUd0dONmpmSWhST0F6a2gwWU9Da1EKUjB5bmpVYU11ZGFKVXdtdk9pM3hieHBhUWpzeEZQOGdiQTg0aE9FQ2dZRUExbXZjSStZeDZITW00WkVjMU9yaworNXJoUHJrdGNMT0JHR3pZZGZIZGRZMytVdFZydUpCRmt5R2pCU2t2YmVtcUZxRlluMHFZckpXZVlUS2hMbUlwClkyRk1Gd29abWxpSkpONTA1eStTemdPbUVxN2wzT1Z4R0NwTTd1ODNyWFBXRGRERnc5WVNYVU1ueFRDUGsyRW0KekEyUzVkWjlWRld2NlR6VHg3cTIyc2c9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K |
| 121 | +volumes: |
| 122 | + mongodb_data: |
| 123 | + driver: local |
| 124 | + |
| 125 | + # if you don't want to start nodered though powershell or the webinterface, you can hardcode one or more instance here |
| 126 | + # You need to pre-create the user .. in this example the user has to have username nodered1 |
| 127 | + # create a user with no password so the user cannot login, or give it a very long and complex one |
| 128 | + # nodered1: |
| 129 | + # labels: |
| 130 | + # - "traefik.enable=true" |
| 131 | + # - "traefik.http.routers.nodered.rule=Host(`nodered1.localhost.openiap.io`)" |
| 132 | + # - "traefik.http.routers.nodered.entrypoints=web" |
| 133 | + # - "traefik.http.services.nodered.loadbalancer.server.port=1880" |
| 134 | + # - "traefik.frontend.passHostHeader=true" |
| 135 | + # image: "openiap/nodered" |
| 136 | + # container_name: "nodered1" |
| 137 | + # environment: |
| 138 | + # - nodered_sa=nodered1 |
| 139 | + # - saml_federation_metadata=http://web:3000/issue/FederationMetadata/2007-06/FederationMetadata.xml |
| 140 | + # - saml_issuer=uri:localhost.openiap.io |
| 141 | + # - saml_entrypoint=http://localhost.openiap.io/issue |
| 142 | + # - saml_baseurl=http://nodered1.localhost.openiap.io/ |
| 143 | + # - port=1880 |
| 144 | + # - api_ws_url=ws://web:3000 |
| 145 | + # - api_credential_cache_seconds=300 |
| 146 | + # - api_allow_anonymous=false |
| 147 | + # # this is the "trick" to make the nodered beable to login. |
| 148 | + # # this way the nodered can create it's own token. this is VERY INSECURE DO NOT USE THIS ON A PUBLIC installation |
| 149 | + # # if you want a more secure way to login, create a jwt token using the nodered cli and set it using - jwt in this file. |
| 150 | + # - aes_secret=7TXsxf7cn9EkUqm5h4MEWGjzkxkNCk2K |
| 151 | + # - jwt= |
| 152 | +# volumes: |
| 153 | +# mongodb_data: |
| 154 | +# driver: local |
0 commit comments