version: '3.3' services: # Redis for session storage and rate limiting redis: image: redis:7-alpine container_name: guacamole_redis command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD} volumes: - redis_data_t:/data networks: - backend_net restart: unless-stopped healthcheck: test: ["CMD", "redis-cli", "--raw", "incr", "ping"] interval: 30s timeout: 10s retries: 3 # PostgreSQL database for Guacamole postgres: image: postgres:13 container_name: guacamole_postgres environment: POSTGRES_DB: ${POSTGRES_DB} POSTGRES_USER: ${POSTGRES_USER} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} volumes: - postgres_data_t:/var/lib/postgresql/data - ./001-create-schema.sql:/docker-entrypoint-initdb.d/001-create-schema.sql - ./002-create-admin-user.sql:/docker-entrypoint-initdb.d/002-create-admin-user.sql - ./003-create-api-schema.sql:/docker-entrypoint-initdb.d/003-create-api-schema.sql networks: - db_net restart: unless-stopped # Guacamole Daemon (guacd) guacd: image: guacamole/guacd:latest container_name: guacamole_daemon networks: - frontend_net - backend_net restart: unless-stopped # Guacamole Web Application guacamole: image: guacamole/guacamole:latest container_name: guacamole_web depends_on: - postgres - guacd environment: GUACD_HOSTNAME: guacd GUACD_PORT: 4822 POSTGRESQL_HOSTNAME: postgres POSTGRESQL_DATABASE: ${POSTGRES_DB} POSTGRESQL_USERNAME: ${POSTGRES_USER} POSTGRESQL_PASSWORD: ${POSTGRES_PASSWORD} # WebSocket and session settings for nginx WEBSOCKET_TUNNEL_READ_TIMEOUT: 7200000 WEBSOCKET_TUNNEL_WRITE_TIMEOUT: 7200000 API_SESSION_TIMEOUT: 7200 # Security settings EXTENSION_PRIORITY: postgresql # Ports removed - access through nginx only networks: - frontend_net - backend_net - db_net restart: unless-stopped # Custom API Service remote_access_api: build: context: ./api dockerfile: Dockerfile container_name: remote_access_api depends_on: - guacamole - redis environment: # Guacamole URLs GUACAMOLE_URL: ${GUACAMOLE_URL:-http://guacamole:8080} GUACAMOLE_PUBLIC_URL: ${GUACAMOLE_PUBLIC_URL:-http://localhost:8080} # Redis Configuration REDIS_HOST: redis REDIS_PORT: 6379 REDIS_PASSWORD: ${REDIS_PASSWORD} REDIS_DB: 0 # PostgreSQL Configuration POSTGRES_HOST: ${POSTGRES_HOST:-postgres} POSTGRES_PORT: ${POSTGRES_PORT:-5432} POSTGRES_DB: ${POSTGRES_DB:-mc_db} POSTGRES_USER: ${POSTGRES_USER:-mc_db_user} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} # System Admin Account SYSTEM_ADMIN_USERNAME: ${SYSTEM_ADMIN_USERNAME} SYSTEM_ADMIN_PASSWORD: ${SYSTEM_ADMIN_PASSWORD} # JWT Configuration JWT_SECRET_KEY: ${JWT_SECRET_KEY} JWT_ALGORITHM: ${JWT_ALGORITHM:-HS256} JWT_ACCESS_TOKEN_EXPIRE_MINUTES: ${JWT_ACCESS_TOKEN_EXPIRE_MINUTES:-60} JWT_REFRESH_TOKEN_EXPIRE_DAYS: ${JWT_REFRESH_TOKEN_EXPIRE_DAYS:-7} # Security Settings REQUIRE_AUTHENTICATION: ${REQUIRE_AUTHENTICATION:-true} DEFAULT_USER_ROLE: ${DEFAULT_USER_ROLE:-USER} # Password Encryption PASSWORD_ENCRYPTION_KEY: ${PASSWORD_ENCRYPTION_KEY:-} # API Settings LOG_LEVEL: ${LOG_LEVEL:-INFO} LOG_FORMAT: ${LOG_FORMAT:-json} RATE_LIMIT_ENABLED: ${RATE_LIMIT_ENABLED:-true} RATE_LIMIT_REQUESTS: ${RATE_LIMIT_REQUESTS:-10} RATE_LIMIT_WINDOW: ${RATE_LIMIT_WINDOW:-60} ALLOWED_ORIGINS: ${ALLOWED_ORIGINS} ENABLE_DOCS: ${ENABLE_DOCS:-true} ED25519_SIGNING_KEY_PATH: /app/secrets/ed25519_signing_key.pem volumes: - signing_keys_t:/app/secrets networks: - backend_net - db_net restart: unless-stopped nginx: image: nginx:alpine container_name: remote_access_nginx depends_on: - remote_access_api - guacamole ports: - "8443:8443" # Только порт для внешнего nginx volumes: - ./nginx/mc.exbytestudios.com.conf:/etc/nginx/conf.d/default.conf - ./nginx/logs:/var/log/nginx networks: - frontend_net - backend_net restart: unless-stopped healthcheck: test: ["CMD", "nginx", "-t"] interval: 30s timeout: 10s retries: 3 volumes: postgres_data_t: redis_data_t: signing_keys_t: networks: frontend_net: driver: bridge backend_net: driver: bridge db_net: driver: bridge