diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4904dfc --- /dev/null +++ b/.gitignore @@ -0,0 +1,16 @@ +# RabbitMQ data files +rabbitmq/data/ +rabbitmq/logs/ + +# Traefik temporary files +traefik/*~* +traefik/AEEB2D~O + +# Any temporary/lock files +*~* +*.tmp +*.lock + +# Log files +*.log +logs/ diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..8114aaa --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,173 @@ +networks: + traefik-public: + driver: bridge + +services: + traefik: + networks: + - traefik-public + + image: traefik:latest + restart: always + command: + - "--api.dashboard=true" + - "--api.insecure=false" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--providers.file.directory=/etc/traefik" + - "--providers.file.watch=true" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--entrypoints.websecure.http.tls=true" + - "--entrypoints.websecure.http.tls.certresolver=letsencrypt" + - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" + - "--certificatesresolvers.letsencrypt.acme.email=robert@wellnuo.com" + - "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme.json" + - "--api.dashboard=true" + - "--api.insecure=true" + - "--entrypoints.amqp.address=:5672" + - "--log.level=DEBUG" + ports: + - "80:80" + - "443:443" + - "8080:8080" # Add this line for dashboard internal access + + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./traefik/config:/etc/traefik + - ./traefik/acme.json:/etc/traefik/acme.json + + labels: + - "traefik.enable=true" + # Dashboard + - "traefik.http.routers.dashboard.rule=Host(`traefik.eluxnetworks.net`)" + - "traefik.http.routers.dashboard.service=api@internal" + - "traefik.http.routers.dashboard.entrypoints=websecure" + - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt" + - "traefik.http.routers.dashboard.middlewares=auth" + - "traefik.http.middlewares.auth.basicauth.users=admin:$$apr1$$mG0yHveI$$y2hSROLHtMbuWFK4F.p2c1" + + nginx: + build: + context: ./nginx + dockerfile: Dockerfile + restart: always + networks: + - traefik-public + volumes: + - /home/ubuntu/www:/usr/share/nginx/html + - /mnt/data/well_tests:/usr/share/nginx/html/well_tests + - /mnt/data/shared:/usr/share/nginx/html/shared + - /home/ubuntu/server-setup/well_mob_pwa/build:/usr/share/nginx/html/react + - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro + - ./nginx/conf.d:/etc/nginx/conf.d:ro + - ./nginx/.htpasswd:/etc/nginx/.htpasswd:ro + labels: + - "traefik.enable=true" + # Main website + - "traefik.http.routers.nginx-web.rule=Host(`eluxnetworks.net`)" + - "traefik.http.routers.nginx-web.entrypoints=websecure" + - "traefik.http.routers.nginx-web.tls.certresolver=letsencrypt" + # React app + - "traefik.http.routers.nginx-react.rule=Host(`react.eluxnetworks.net`)" + - "traefik.http.routers.nginx-react.entrypoints=websecure" + - "traefik.http.routers.nginx-react.tls.certresolver=letsencrypt" + - "traefik.http.middlewares.security-headers.headers.stsSeconds=31536000" + - "traefik.http.middlewares.security-headers.headers.forceSTSHeader=true" + - "traefik.http.routers.nginx-web.middlewares=security-headers" + - "traefik.http.routers.nginx-react.middlewares=security-headers" + - "traefik.http.services.nginx-react.loadbalancer.server.port=80" + + rabbitmq: + networks: + - traefik-public + user: "999:65534" + image: rabbitmq:3.13-management + restart: always + hostname: "rabbitmq" # Add this line + environment: + - RABBITMQ_DEFAULT_USER=admin + - RABBITMQ_DEFAULT_PASS=Cbx696969! + - RABBITMQ_NODENAME=rabbit@rabbitmq # Add this line + - RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS=-rabbit log_levels [{connection,error}] + - RABBITMQ_MNESIA_DIR=/var/lib/rabbitmq/mnesia + volumes: + - /mnt/data/rabbitmq:/var/lib/rabbitmq + + ports: + - "5672:5672" # AMQP port + - "15672:15672" # Management UI + expose: + - 5672 + - 15672 + labels: + - "traefik.enable=true" + - "traefik.http.routers.rabbitmq.rule=Host(`rabbitmq.eluxnetworks.net`)" + - "traefik.http.routers.rabbitmq.entrypoints=websecure" + - "traefik.http.routers.rabbitmq.tls.certresolver=letsencrypt" + - "traefik.http.services.rabbitmq.loadbalancer.server.port=15672" + + + minio: + image: minio/minio:latest + restart: always + command: server /data --console-address ":9001" --address ":9000" + environment: + # Admin credentials for console login + - MINIO_ROOT_USER=admin + - MINIO_ROOT_PASSWORD=Cbx696969! + # Access keys for API access + - MINIO_ACCESS_KEY=well_pipe + - MINIO_SECRET_KEY=WellNuo_2024 + # Optional: Force all credentials to be set before starting + - MINIO_SITE_REGION=us-east-1 + - MINIO_BROWSER_REDIRECT_URL=https://minio-console.eluxnetworks.net + ports: + - "9000:9000" + - "9001:9001" # Adding explicit port mapping for debugging + volumes: + - /mnt/data/minio:/data + networks: + - traefik-public + labels: + - "traefik.enable=true" + # API Service + - "traefik.http.routers.minio-api.rule=Host(`minio.eluxnetworks.net`)" + - "traefik.http.routers.minio-api.entrypoints=websecure" + - "traefik.http.routers.minio-api.tls.certresolver=letsencrypt" + - "traefik.http.services.minio-api-service.loadbalancer.server.port=9000" + - "traefik.http.routers.minio-api.service=minio-api-service" + + # Console Service + - "traefik.http.routers.minio-console.rule=Host(`minio-console.eluxnetworks.net`)" + - "traefik.http.routers.minio-console.entrypoints=websecure" + - "traefik.http.routers.minio-console.tls.certresolver=letsencrypt" + - "traefik.http.services.minio-console-service.loadbalancer.server.port=9001" + - "traefik.http.routers.minio-console.service=minio-console-service" + + registry: + image: registry:latest + restart: always + ports: + - "5000:5000" + networks: + - traefik-public + labels: + - "traefik.enable=true" + - "traefik.http.routers.registry.rule=Host(`repo.eluxnetworks.net`)" + - "traefik.http.routers.registry.entrypoints=websecure" + - "traefik.http.routers.registry.tls.certresolver=letsencrypt" + - "traefik.http.services.registry.loadbalancer.server.port=5000" + + redis: + image: redis:alpine + restart: always + networks: + - traefik-public + volumes: + - /mnt/data/redis:/data + ports: + - "6379:6379" + command: redis-server --appendonly yes + labels: + - "traefik.enable=false" # No need to expose Redis to the internet diff --git a/rabbitmq/definitions.json b/rabbitmq/definitions.json new file mode 100644 index 0000000..ee24b03 --- /dev/null +++ b/rabbitmq/definitions.json @@ -0,0 +1,38 @@ +{ + "users": [ + { + "name": "admin", + "password_hash": "YX91m9ZBhL8oXzpxcrYtVAOv4vgTDfS0YCCYJA1UDPPbNJ+m", + "hashing_algorithm": "rabbit_password_hashing_sha256", + "tags": ["administrator"] + }, + { + "name": "well_pipe", + "password_hash": "AzdMI/4joetKPS2J5AsBOVKMZzW6Dp/ov6xal8vFbLpal43F", + "hashing_algorithm": "rabbit_password_hashing_sha256", + "tags": ["api_user"] + } + ], + "vhosts": [ + { + "name": "/" + } + ], + "permissions": [ + { + "user": "admin", + "vhost": "/", + "configure": ".*", + "write": ".*", + "read": ".*" + }, + { + "user": "well_pipe", + "vhost": "/", + "configure": ".*", + "write": ".*", + "read": ".*" + } + ] +} +