init_guac

guacamole_test_11_26/docker-compose.yml

@@ -0,0 +1,170 @@
+version: '3.3'
+
+services:
+  # Redis for session storage and rate limiting
+  redis:
+    image: redis:7-alpine
+    container_name: guacamole_redis
+    command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD}
+    volumes:
+      - redis_data_t:/data
+    networks:
+      - backend_net
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "redis-cli", "--raw", "incr", "ping"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+  # PostgreSQL database for Guacamole
+  postgres:
+    image: postgres:13
+    container_name: guacamole_postgres
+    environment:
+      POSTGRES_DB: ${POSTGRES_DB}
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+    volumes:
+      - postgres_data_t:/var/lib/postgresql/data
+      - ./001-create-schema.sql:/docker-entrypoint-initdb.d/001-create-schema.sql
+      - ./002-create-admin-user.sql:/docker-entrypoint-initdb.d/002-create-admin-user.sql
+      - ./003-create-api-schema.sql:/docker-entrypoint-initdb.d/003-create-api-schema.sql
+    networks:
+      - db_net
+    restart: unless-stopped
+
+  # Guacamole Daemon (guacd)
+  guacd:
+    image: guacamole/guacd:latest
+    container_name: guacamole_daemon
+    networks:
+      - frontend_net
+      - backend_net
+    restart: unless-stopped
+
+  # Guacamole Web Application
+  guacamole:
+    image: guacamole/guacamole:latest
+    container_name: guacamole_web
+    depends_on:
+      - postgres
+      - guacd
+    environment:
+      GUACD_HOSTNAME: guacd
+      GUACD_PORT: 4822
+      POSTGRESQL_HOSTNAME: postgres
+      POSTGRESQL_DATABASE: ${POSTGRES_DB}
+      POSTGRESQL_USERNAME: ${POSTGRES_USER}  
+      POSTGRESQL_PASSWORD: ${POSTGRES_PASSWORD}
+      # WebSocket and session settings for nginx
+      WEBSOCKET_TUNNEL_READ_TIMEOUT: 7200000
+      WEBSOCKET_TUNNEL_WRITE_TIMEOUT: 7200000
+      API_SESSION_TIMEOUT: 7200
+      # Security settings
+      EXTENSION_PRIORITY: postgresql
+    # Ports removed - access through nginx only
+    networks:
+      - frontend_net
+      - backend_net
+      - db_net  
+    restart: unless-stopped
+
+  # Custom API Service
+  remote_access_api:
+    build:
+      context: ./api
+      dockerfile: Dockerfile
+    container_name: remote_access_api
+    depends_on:
+      - guacamole
+      - redis
+    environment:
+      # Guacamole URLs
+      GUACAMOLE_URL: ${GUACAMOLE_URL:-http://guacamole:8080}
+      GUACAMOLE_PUBLIC_URL: ${GUACAMOLE_PUBLIC_URL:-http://localhost:8080}
+      
+      # Redis Configuration
+      REDIS_HOST: redis
+      REDIS_PORT: 6379
+      REDIS_PASSWORD: ${REDIS_PASSWORD}
+      REDIS_DB: 0
+      
+      # PostgreSQL Configuration
+      POSTGRES_HOST: ${POSTGRES_HOST:-postgres}
+      POSTGRES_PORT: ${POSTGRES_PORT:-5432}
+      POSTGRES_DB: ${POSTGRES_DB:-mc_db}
+      POSTGRES_USER: ${POSTGRES_USER:-mc_db_user}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      
+      # System Admin Account
+      SYSTEM_ADMIN_USERNAME: ${SYSTEM_ADMIN_USERNAME}
+      SYSTEM_ADMIN_PASSWORD: ${SYSTEM_ADMIN_PASSWORD}
+      
+      # JWT Configuration
+      JWT_SECRET_KEY: ${JWT_SECRET_KEY}
+      JWT_ALGORITHM: ${JWT_ALGORITHM:-HS256}
+      JWT_ACCESS_TOKEN_EXPIRE_MINUTES: ${JWT_ACCESS_TOKEN_EXPIRE_MINUTES:-60}
+      JWT_REFRESH_TOKEN_EXPIRE_DAYS: ${JWT_REFRESH_TOKEN_EXPIRE_DAYS:-7}
+      
+      # Security Settings
+      REQUIRE_AUTHENTICATION: ${REQUIRE_AUTHENTICATION:-true}
+      DEFAULT_USER_ROLE: ${DEFAULT_USER_ROLE:-USER}
+      
+      # Password Encryption
+      PASSWORD_ENCRYPTION_KEY: ${PASSWORD_ENCRYPTION_KEY:-}
+      
+      # API Settings
+      LOG_LEVEL: ${LOG_LEVEL:-INFO}
+      LOG_FORMAT: ${LOG_FORMAT:-json}
+      RATE_LIMIT_ENABLED: ${RATE_LIMIT_ENABLED:-true}
+      RATE_LIMIT_REQUESTS: ${RATE_LIMIT_REQUESTS:-10}
+      RATE_LIMIT_WINDOW: ${RATE_LIMIT_WINDOW:-60}
+      
+      ALLOWED_ORIGINS: ${ALLOWED_ORIGINS}
+      
+      ENABLE_DOCS: ${ENABLE_DOCS:-true}
+      
+      ED25519_SIGNING_KEY_PATH: /app/secrets/ed25519_signing_key.pem
+    
+    volumes:
+      - signing_keys_t:/app/secrets
+    
+    networks:
+      - backend_net
+      - db_net
+    restart: unless-stopped
+
+  nginx:
+    image: nginx:alpine
+    container_name: remote_access_nginx
+    depends_on:
+      - remote_access_api
+      - guacamole
+    ports:
+      - "8443:8443"  # Только порт для внешнего nginx
+    volumes:
+      - ./nginx/mc.exbytestudios.com.conf:/etc/nginx/conf.d/default.conf
+      - ./nginx/logs:/var/log/nginx
+    networks:
+      - frontend_net
+      - backend_net
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "nginx", "-t"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+volumes:
+  postgres_data_t:
+  redis_data_t:
+  signing_keys_t:  
+
+networks:
+  frontend_net:
+    driver: bridge
+  backend_net:
+    driver: bridge
+  db_net:
+    driver: bridge