diff --git a/compose.local-db.yml b/compose.local-db.yml index 3835cb23db..ff202ae3e5 100644 --- a/compose.local-db.yml +++ b/compose.local-db.yml @@ -27,6 +27,18 @@ services: interval: 5s retries: 20 +# db-publish: +# restart: always +# image: alpine/socat +# ports: +# - "5433:5433" +# volumes: +# - ./replication:/data +# command: [ +# "OPENSSL-LISTEN:5433,openssl-min-proto-version=TLS1.2,cert=/data/certs/server.pub.pem,key=/data/certs/server.key.pem,cafile=/data/certs/ca.pem,fork,reuseaddr", +# "TCP4:db:5432" +# ] + # meilisearch: # restart: always # image: getmeili/meilisearch:v1.3.4 diff --git a/compose_example.yml b/compose_example.yml index c4964d3d97..33c4a78760 100644 --- a/compose_example.yml +++ b/compose_example.yml @@ -2,6 +2,8 @@ services: nyuukyou: build: yume-mods/nyuukyou restart: always + user: "${MISSKEY_UID}:${MISSKEY_GID}" + profiles: [web] links: - web depends_on: @@ -16,8 +18,14 @@ services: - ./nyuukyou:/store web: - build: . + build: + context: . + args: + - UID: "${MISSKEY_UID}" + - GID: "${MISSKEY_GID}" + profiles: [web] restart: always + user: "${MISSKEY_UID}:${MISSKEY_GID}" links: - db - redis @@ -42,6 +50,7 @@ services: redis: restart: always image: redis:7-alpine + user: "${MISSKEY_UID}:${MISSKEY_GID}" networks: - internal_network volumes: @@ -54,6 +63,7 @@ services: db: restart: always image: postgres:15-alpine + user: "${MISSKEY_UID}:${MISSKEY_GID}" networks: - internal_network env_file: @@ -65,6 +75,106 @@ services: interval: 5s retries: 20 + replikey: + restart: always + image: l1drm/replikey:latest + profiles: [replikey-master] + user: "${MISSKEY_UID}:${MISSKEY_GID}" + links: + - db + - redis + networks: + - internal_network + - external_network + ports: + - "5443:5443" + volumes: + - ./replikey:/etc/replikey:ro + command: [ + "network", + "reverse-proxy", + "--listen", + "0.0.0.0:5443", + "--cert", + "/etc/replikey/cert.pem", + "--key", + "/etc/replikey/key.pem", + "--ca", + "/etc/replikey/ca.pem", + "--redis-sni", + "${MTLS_REDIS_SNI}", + "--redis-target", + "redis:6379", + "--postgres-sni", + "${MTLS_POSTGRES_SNI}", + "--postgres-target", + "db:5432", + ] + + replikey-postgres-slave: + restart: always + image: l1drm/replikey:latest + profiles: [replikey-slave] + user: "${MISSKEY_UID}:${MISSKEY_GID}" + links: + - db + - redis + networks: + - internal_network + - external_network + ports: + # - "4001:4001" + volumes: + - ./replikey:/etc/replikey:ro + command: [ + "network", + "forward-proxy", + "--listen", + "0.0.0.0:4001", + "--sni", + "${MTLS_POSTGRES_SNI}", + "--target", + "db:5432", + "--cert", + "/etc/replikey/cert.pem", + "--key", + "/etc/replikey/key.pem", + "--ca", + "/etc/replikey/ca.pem", + ] + + replikey-redis-slave: + restart: always + image: l1drm/replikey:latest + profiles: [replikey-slave] + user: "${MISSKEY_UID}:${MISSKEY_GID}" + links: + - db + - redis + networks: + - internal_network + - external_network + ports: + # - "4002:4002" + volumes: + - ./replikey:/etc/replikey:ro + command: [ + "network", + "forward-proxy", + "--listen", + "0.0.0.0:4002", + "--sni", + "${MTLS_REDIS_SNI}", + "--target", + "redis:6379", + "--cert", + "/etc/replikey/cert.pem", + "--key", + "/etc/replikey/key.pem", + "--ca", + "/etc/replikey/ca.pem", + ] + # mcaptcha: # restart: always # image: mcaptcha/mcaptcha:latest