Skip to content

Commit

Permalink
Archive more services moved to Kubernetes
Browse files Browse the repository at this point in the history
  • Loading branch information
Brutus5000 committed Sep 22, 2024
1 parent 1e47ef7 commit a8da6d8
Show file tree
Hide file tree
Showing 2 changed files with 248 additions and 248 deletions.
247 changes: 0 additions & 247 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,210 +36,6 @@ services:
restart: "no"
env_file: ./config/faf-db-migrations/faf-db-migrations.env

#
# FAF game server for clients to connect to.
#
faf-python-server:
container_name: faf-python-server
image: faforever/faf-python-server:v1.14.0
user: ${FAF_PYTHON_SERVER_USER}
networks:
faf:
aliases:
- "faf-python-server"
restart: unless-stopped
env_file: ./config/faf-python-server/faf-python-server.env
volumes:
- ./config/faf-python-server/dynamic:/code/config
ulimits:
nproc: 65535
nofile:
soft: 100000
hard: 200000
expose:
- "8003" # Websocket Server UTF8 Json
ports:
- "8001:8001" # Server QDataStream
- "8002:8002" # Server UTF8 Json
- "127.0.0.1:4000:4000" # Control server
labels:
- "loki_retention=long"

#
# FAF game server for clients to connect to.
#
faf-ws-bridge:
container_name: faf-ws-bridge
image: faforever/ws_bridge_rs:0.1.4
user: rust
networks:
faf:
aliases:
- "faf-ws-bridge"
restart: unless-stopped
expose:
- "8003"
command: ws_to_tcp -vvv --proxy faf-ws-bridge:8003 --proxy-header-name "CF-Connecting-IP" faf-python-server:8003
labels:
- "traefik.enable=true"
- "traefik.http.routers.faf-ws-bridge.rule=Host(`ws.${DOMAINNAME}`)"
- "traefik.http.routers.faf-ws-bridge.entryPoints=websecure"
- "traefik.http.services.faf-ws-bridge.loadbalancer.server.port=8003"

#
# FAF JSON-API to provide data over HTTP.
#
faf-java-api:
container_name: faf-java-api
image: faforever/faf-java-api:v3.4.4
user: ${FAF_JAVA_API_USER}
networks:
faf:
aliases:
- "faf-java-api"
restart: unless-stopped
env_file: ./config/faf-java-api/faf-java-api.env
volumes:
- ./config/faf-java-api/pki:/pki
- ./config/faf-java-api/mail:/config/mail
- ./data/maps:/maps
- ./data/mods:/mods
- ./data/legacy-featured-mod-files:/legacy-featured-mod-files
- ./data/content:/content
- ./data/faf-java-api/logs:/logs
- ./data/faf-java-api/repositories:/repositories
expose:
- "8010" # HTTP API
- "8011" # HTTP Management API
ports:
- "127.0.0.1:8010:8010" # For internal testing only
labels:
- "loki_retention=long"
- "traefik.enable=true"
- "traefik.http.routers.faf-java-api.rule=Host(`api.${DOMAINNAME}`)"
- "traefik.http.routers.faf-java-api.entryPoints=websecure"
- "traefik.http.services.faf-java-api.loadbalancer.server.port=8010"
# TODO move to Dockerfile
healthcheck:
test: "wget -q -O /dev/null http://localhost:8011/actuator/health"
interval: 30s
timeout: 5s
retries: 3
logging:
driver: "json-file"
options:
max-size: "100m"

#
# IRC for FAF chat.
#
ergochat:
init: true
image: ghcr.io/ergochat/ergo:v2.13.0-rc1
volumes:
- ./config/ergochat:/ircd
- ./data/ergochat:/data
networks:
- faf
restart: unless-stopped
expose:
- "8097"
ports:
- "6667:6667/tcp"
- "6697:6697/tcp"
labels:
- "traefik.enable=true"
- "traefik.http.routers.ergochat.rule=Host(`chat.${DOMAINNAME}`)"
- "traefik.http.routers.ergochat.entryPoints=websecure"
- "traefik.http.services.ergochat.loadbalancer.server.port=8097"

#
# The content management system which is still being used as a backend for the website. The website accesses
# Wordpress over a JSON API plugin.
#
faf-wordpress:
container_name: faf-wordpress
image: wordpress
user: ${FAF_WORDPRESS_USER}
restart: unless-stopped
volumes:
- ./data/faf-wordpress/wp-content:/var/www/html/wp-content/:rw
networks:
faf:
aliases:
- "faf-wordpress"
env_file: ./config/faf-wordpress/faf-wordpress.env
labels:
- "traefik.enable=true"
- "traefik.http.routers.faf-wordpress.rule=Host(`direct.${DOMAINNAME}`)"
- "traefik.http.routers.faf-wordpress.entryPoints=websecure"
- "traefik.http.routers.faf-wordpress-http.rule=Host(`direct.${DOMAINNAME}`)"
- "traefik.http.routers.faf-wordpress-http.entryPoints=web"

#
# Serves static files such as maps, mods, game files etc.
#
faf-content:
container_name: faf-content
image: nginx:1.25
restart: unless-stopped
volumes:
- ./data/maps:/usr/share/nginx/html/maps
- ./data/mods:/usr/share/nginx/html/mods
- ./data/replays:/usr/share/nginx/html/replays
- ./data/legacy-featured-mod-files:/usr/share/nginx/html/legacy-featured-mod-files
- ./data/content:/usr/share/nginx/html
- ./config/faf-content/default.conf:/etc/nginx/conf.d/default.conf:ro
networks:
- faf
env_file: ./config/faf-content/faf-content.env
labels:
- "traefik.enable=true"
- "traefik.http.routers.faf-content.rule=Host(`content.${DOMAINNAME}`) || Host(`replay.${DOMAINNAME}`)"
- "traefik.http.routers.faf-content.entryPoints=websecure"
- "traefik.http.routers.faf-content.middlewares=redirect-replay-subdomain, cors"
- "traefik.http.middlewares.redirect-replay-subdomain.redirectregex.regex=^(http|https)://replay.${DOMAINNAME}/(\\d+)"
- "traefik.http.middlewares.redirect-replay-subdomain.redirectregex.replacement=$${1}://api.${DOMAINNAME}/game/$${2}/replay"
- "traefik.http.middlewares.cors.headers.accesscontrolallowmethods=GET"
- "traefik.http.middlewares.cors.headers.accesscontrolalloworiginlist=*"
- "traefik.http.middlewares.cors.headers.accesscontrolmaxage=60"
- "traefik.http.middlewares.cors.headers.addvaryheader=false"


# The third version of the "live replay" server, in Rust.
faf-rust-replayserver:
container_name: faf-rust-replayserver
image: faforever/faf-rust-replayserver:0.3.2
user: ${FAF_AIO_REPLAYSERVER_USER}
restart: unless-stopped
volumes:
- ./data/replays:/content/replays
- ./config/faf-rust-replayserver:/config
networks:
- faf
env_file: ./config/faf-rust-replayserver/faf-rust-replayserver.env
ports:
- "15000:15000"
labels:
- "loki_retention=long"

faf-policy-server:
container_name: faf-policy-server
image: faforever/faf-policy-server:v1.22
env_file: ./config/faf-policy-server/faf-policy-server.env
user: ${FAF_POLICY_SERVER_USER}
restart: unless-stopped
networks:
faf:
aliases:
- "faf-policy-server"
expose:
- "8097"
volumes:
- ./data/faf-policy-server/faf-uid-verifier/verifier:/app/verifier
labels:
- "loki_retention=long"

#
# RabbitMQ is open source message broker software (sometimes called message-oriented middleware) that implements the
# Advanced Message Queuing Protocol (AMQP).
Expand Down Expand Up @@ -267,49 +63,6 @@ services:
- "traefik.http.routers.faf-rabbitmq.entryPoints=websecure"
- "traefik.http.services.faf-rabbitmq.loadbalancer.server.port=15672"

#
# OAuth2 service
#
faf-ory-hydra:
container_name: faf-ory-hydra
image: oryd/hydra:v1.11.10
# We consider the Docker network safe since we are on a single host.
# If someone gains access to network, he has root access and can turn off the security anyway.
# This can be improved once the login stack was moved outside the main host.
command: serve all -c /hydra.yaml --dangerous-force-http
networks:
faf:
aliases:
- "faf-ory-hydra"
volumes:
- ./config/faf-ory-hydra/hydra.yaml:/hydra.yaml
restart: unless-stopped
ports:
- "127.0.0.1:4445:4445" # only for testing
- "127.0.0.1:4444:4444" # only for testing
labels:
# Traefik endpoint disabled (moved to K8s), only internal admin endpoint is required
- "traefik.enable=false"
- "traefik.http.routers.faf-ory-hydra.rule=Host(`hydra.${DOMAINNAME}`)"
- "traefik.http.routers.faf-ory-hydra.entryPoints=websecure"
- "traefik.http.routers.faf-ory-hydra.tls.certresolver=default"
- "traefik.http.services.faf-ory-hydra.loadbalancer.server.port=4444"

#
# FAF Telemetry Server collecting ICE adapter telemetry
#
faf-telemetry-server:
container_name: faf-telemetry-server
image: faforever/faf-telemetry-server:main
restart: unless-stopped
labels:
- "loki_retention=long"
- "traefik.enable=true"
- "traefik.http.routers.faf-telemetry-server.rule=Host(`ice-telemetry.${DOMAINNAME}`)"
- "traefik.http.routers.faf-telemetry-server.entryPoints=websecure"
- "traefik.http.routers.faf-telemetry-server.tls.certresolver=default"
- "traefik.http.services.faf-telemetry-server.loadbalancer.server.port=8080"

networks:
faf:
driver: bridge
Expand Down
Loading

0 comments on commit a8da6d8

Please sign in to comment.