@mirzak Sure, here it is (but with some of the sensitive data such as hostnames and auth keys replaced):
# this is a template file for production setup, consult
# https://docs.docker.com/compose/compose-file/ for details on syntax and usage
#
# Notes:
# - integration/docker-compose.yml file is assumed to be included
# - integration/docker-compose.storage.minio.yml is assumed to be included
# - all services are part of `mender` network (service names are unchanged)
# - keys and certificates are generated using keygen utility from integration
# repository, keys and certificates are stored in ./keys-generated directory
# - certificates and key are mounted into containers using volumes
# - minio artifacts are stored in a named volume `mender-artifacts`; volume
# needs to be created manually using `docker volume create mender-artifacts`
# - paths need to be adjusted, ie, replace /production/ with production directory
# (see list of compose bugs)
# related compose bugs:
# - https://github.com/docker/compose/issues/3874
# - https://github.com/docker/compose/issues/3568
# - https://github.com/docker/compose/issues/3219
version: '2'
services:
mender-useradm:
command: server --automigrate
volumes:
- /etc/letsencrypt/live/my.mender.server/privkey.rsa:/etc/useradm/rsa/private.pem:ro
logging:
options:
max-file: "10"
max-size: "50m"
mender-device-auth:
command: server --automigrate
volumes:
- /etc/letsencrypt/live/my.mender.server/privkey.rsa:/etc/deviceauth/rsa/private.pem:ro
logging:
options:
max-file: "10"
max-size: "50m"
environment:
DEVICEAUTH_MAX_DEVICES_LIMIT_DEFAULT: 15
mender-inventory:
command: server --automigrate
logging:
options:
max-file: "10"
max-size: "50m"
mender-api-gateway:
ports:
# list of ports API gateway is made available on
- "443:443"
networks:
- mender
volumes:
- /etc/letsencrypt/live/my.mender.server/fullchain.pem:/var/www/mendersoftware/cert/cert.crt:ro
- /etc/letsencrypt/live/my.mender.server/privkey.rsa:/var/www/mendersoftware/cert/private.key:ro
logging:
options:
max-file: "10"
max-size: "50m"
environment:
ALLOWED_HOSTS: my.mender.server
# storage-proxy:
# ports:
# # outside port mapping for artifact storage (note that storage-proxy listens on port 9000)
# - "9000:9000"
# networks:
# mender:
# aliases:
# # change the alias to DNS name that storage will be
# # available on, for instance if devices will access storage
# # using https://s3.acme.org:9000, then set this to
# # s3.acme.org
# - my.minio.server
# environment:
# # use nginx syntax for rate limiting, see
# # https://nginx.org/en/docs/http/ngx_http_core_module.html#limit_rate
# # Examples:
# # 1m - 1MB/s
# # 512k - 512kB/s
# DOWNLOAD_SPEED: 1m
# MAX_CONNECTIONS: 100
# volumes:
# - /etc/letsencrypt/live/my.minio.server/fullchain.pem:/var/www/storage-proxy/cert/cert.crt:ro
# - /etc/letsencrypt/live/my.minio.server/privkey.rsa:/var/www/storage-proxy/cert/private.key:ro
# - ./storage-proxy/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf
mender-deployments:
command: server --automigrate
volumes:
- /etc/letsencrypt/live/my.mender.server/fullchain.pem:/var/www/storage-proxy/cert/cert.crt:ro
environment:
STORAGE_BACKEND_CERT: /etc/ssl/certs/storage-proxy.crt
DEPLOYMENTS_AWS_AUTH_KEY: MY-AUTH-KEY
DEPLOYMENTS_AWS_AUTH_SECRET: MY-SECRET-KEY
# deployments service uses signed URLs, hence it needs to access
# storage-proxy using exactly the same name as devices will; if
# devices will access storage using https://s3.acme.org:9000, then
# set this to https://s3.acme.org:9000
DEPLOYMENTS_AWS_URI: https://s3-eu-west-2.amazonaws.com
logging:
options:
max-file: "10"
max-size: "50m"
# minio:
# environment:
# # access key
# MINIO_ACCESS_KEY: MINIO-ACCESS-KEY
# # secret
# MINIO_SECRET_KEY: MINIO-SECRET-KEY
# volumes:
# # mounts a docker volume named `mender-artifacts` as /export directory
# - mender-artifacts:/export:rw
# - /etc/letsencrypt/live/my.minio.server/fullchain.pem:/root/.minio/certs/public.key:ro
# - /etc/letsencrypt/live/my.minio.server/privkey.rsa:/root/.minio/certs/public.key:ro
mender-conductor:
volumes:
- ./conductor/server/config:/app/config
environment:
- CONFIG_PROP=config.properties
mender-mongo:
volumes:
- mender-db:/data/db:rw
mender-elasticsearch:
volumes:
- mender-elasticsearch-db:/usr/share/elasticsearch/data:rw
- ./conductor/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
mender-redis:
volumes:
- mender-redis-db:/var/lib/redis:rw
- ./conductor/redis/redis.conf:/etc/redis/redis.conf
- ./conductor/redis/entrypoint.sh:/redis/entrypoint.sh
entrypoint: /redis/entrypoint.sh
volumes:
# mender artifacts storage
mender-artifacts:
external:
# use external volume created manually
name: mender-artifacts
# mongo service database
mender-db:
external:
# use external volume created manually
name: mender-db
# elasticsearch database
mender-elasticsearch-db:
external:
# use external volume created manually
name: mender-elasticsearch-db
# redis database
mender-redis-db:
external:
# use external volume created manually
name: mender-redis-db