matrix-server/docker-compose.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

version: "3.8"
services:
  postgres:
    image: postgres:13-alpine
    networks:
      - dbnet
    volumes:
      - db-data:/var/lib/postgresql/13/
    ports:
      - "5432:5432"
    environment:
      - POSTGRES_PASSWORD_FILE=/run/secrets/pg_pass_secret
      - POSTGRES_USER_FILE=/run/secrets/pg_user_secret
      - POSTGRES_INITDB_ARGS_FILE=/run/secrets/pg_initdb_args_secret
      - POSTGRES_DB_FILE=/run/secrets/pg_db_secret
    secrets:
      - pg_pass_secret
      - pg_user_secret
      - pg_initdb_args_secret
      - pg_db_secret
  synapse:
    image: synapse
    build:
      context: ./synapse/
    networks:
      - matrixnet
      - certnet
      - dbnet
    volumes:
      - synapse-data:/data/
      - cert-data:/etc/letsencrypt/live/
      - ./synapse/homeserver.yaml:/data/homeserver.yaml:ro
    depends_on:
      - postgres
      - haproxy
    ports:
      - "8008:8008"
      - "8484:8484/tcp"
      - "8443:443"
    environment:
      - SYNAPSE_DATA_DIR=/data/
      - SYNAPSE_CONFIG_DIR=/data/
      - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
      - TZ=Tehran/Asia
    healthcheck:
      test: ["CMD", "curl", "-fSs", "http://localhost:8008/health"]
      interval: 1m
      timeout: 10s
      retries: 3
  haproxy:
    image: haproxy:lts-alpine
    ports:
      - "9080:80"
      - "443:443"
      - "9999:9999"
    networks:
      - matrixnet
      - turnnet
    volumes:
      - ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
      - cert-data:/usr/local/etc/haproxy/certificates:ro
    depends_on:
      - certbot
    restart: on-failure
  certbot:
    image: certbot
    build:
      context: ./certbot
    ports:
      - "80:80"
      - "9443:443"
    networks:
      - certnet
    volumes:
      - cert-data:/etc/certificates
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do . /etc/scripts/renew-certificates.sh ; sleep 12h & wait $${!}; done;'"
    restart: always
  coturn:
    image: coturn/coturn:latest
    networks:
      - turnnet
    volumes:
      - ./coturn/turnserver.conf:/etc/turnserver.conf:ro
    ports:
      - "3478:3478"
      - "5349:5349"
    depends_on:
      - synapse
networks:
  matrixnet:
  certnet:
  dbnet:
  turnnet:
volumes:
  db-data:
  synapse-data:
  cert-data:
secrets:
  pg_pass_secret:
    file: ./postgres/pg_pass_secret
  pg_user_secret:
    file: ./postgres/pg_user_secret
  pg_initdb_args_secret:
    file: ./postgres/pg_initdb_args_secret
  pg_db_secret:
    file: ./postgres/pg_db_secret