Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
172 lines (166 sloc) 6.94 KB
version: "3"
services:
# Create keys:
# - ./.acrakeys/acra-server/${ACRA_CLIENT_ID}_server
# - ./.acrakeys/acra-connector/${ACRA_CLIENT_ID}_server.pub
acra-keymaker_server:
# You can specify docker image tag in the environment
# variable ACRA_DOCKER_IMAGE_TAG or run by default with 'latest' images
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-latest}"
# We do not need network for keys' generation at all
network_mode: "none"
environment:
# INSECURE!!! You MUST define your own ACRA_MASTER_KEY
# The default is only for testing purposes
ACRA_MASTER_KEY: ${ACRA_MASTER_KEY:-UHZ3VUNNeTJ0SEFhbWVjNkt4eDdVYkc2WnNpUTlYa0E=}
volumes:
# Mount the whole ./.acrakeys directory to be able generate keys and
# place them in services' subdirectories
- ./.acrakeys:/keys
# Please specify ACRA_CLIENT_ID environment variable, otherwise run with
# default 'testclientid' client id
command: >-
--client_id=${ACRA_CLIENT_ID:-testclientid}
--generate_acraserver_keys
--keys_output_dir=/keys/acra-server
--keys_public_output_dir=/keys/acra-connector
# Create keys:
# - ./.acrakeys/acra-connector/${ACRA_CLIENT_ID}
# - ./.acrakeys/acra-server/${ACRA_CLIENT_ID}.pub
acra-keymaker_connector:
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-latest}"
network_mode: "none"
environment:
ACRA_MASTER_KEY: ${ACRA_MASTER_KEY:-UHZ3VUNNeTJ0SEFhbWVjNkt4eDdVYkc2WnNpUTlYa0E=}
volumes:
- ./.acrakeys:/keys
command: >-
--client_id=${ACRA_CLIENT_ID:-testclientid}
--generate_acraconnector_keys
--keys_output_dir=/keys/acra-connector
--keys_public_output_dir=/keys/acra-server
# Create keys:
# - ./.acrakeys/acra-server/${ACRA_CLIENT_ID}_storage
# - ./.acrakeys/acra-writer/${ACRA_CLIENT_ID}_storage.pub
acra-keymaker_writer:
image: "cossacklabs/acra-keymaker:${ACRA_DOCKER_IMAGE_TAG:-latest}"
network_mode: "none"
environment:
ACRA_MASTER_KEY: ${ACRA_MASTER_KEY:-UHZ3VUNNeTJ0SEFhbWVjNkt4eDdVYkc2WnNpUTlYa0E=}
volumes:
- ./.acrakeys:/keys
command: >-
--client_id=${ACRA_CLIENT_ID:-testclientid}
--generate_acrawriter_keys
--keys_output_dir=/keys/acra-server
--keys_public_output_dir=/keys/acra-writer
# MySQL container
mysql:
# Build and run container based on official mysql image
# with enabled SSL and included SSL certificates
build:
context: ../
dockerfile: docker/mysql-ssl.dockerfile
# INSECURE!!! You MUST define your own DB name and credentials
environment:
MYSQL_ONETIME_PASSWORD: ${MYSQL_ONETIME_PASSWORD:-urLK7YJPndDWsnJC}
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD:-hy53uBLmBuihUK29}
MYSQL_DATABASE: ${MYSQL_DATABASE:-test}
MYSQL_USER: ${MYSQL_USER:-test}
MYSQL_PASSWORD: ${MYSQL_PASSWORD:-test}
# Open the port outside for writer
ports:
- "3306:3306"
# We use internal 'server-mysql' network for AcraServer and
# DB interconnection and external network 'world' for port exposing
networks:
- server-mysql
- world
acra-server:
image: "cossacklabs/acra-server:${ACRA_DOCKER_IMAGE_TAG:-latest}"
# Restart server after correct termination, for example after the config
# was changed through the API
restart: always
depends_on:
- acra-keymaker_server
- acra-keymaker_connector
- acra-keymaker_writer
- mysql
environment:
ACRA_MASTER_KEY: ${ACRA_MASTER_KEY:-UHZ3VUNNeTJ0SEFhbWVjNkt4eDdVYkc2WnNpUTlYa0E=}
# We use internal networks:
# - 'server-mysql' - for AcraServer and DB interconnection
# - 'connector-server' - for AcraServer and AcraConnector interconnection
networks:
- connector-server
- server-mysql
volumes:
# Mount the directory with only the keys for this service. Must be
# rewriteable in case of using API, otherwise should be read-only.
- ./.acrakeys/acra-server:/keys
# Directory with configuration, rewriteable
- ./.acraconfigs/acra-server:/config
# Mount directories with SSL certificates
- ./ssl/ca:/ssl.ca:ro
- ./ssl/acra-server:/ssl.server:ro
command: >-
--mysql_enable
--db_host=mysql
--db_port=3306
--keys_dir=/keys
--client_id=${ACRA_CLIENT_ID:-testclientid}
--auth_keys=/keys/httpauth.accounts
--http_api_enable
--incoming_connection_api_string=tcp://0.0.0.0:9090
--config_file=/config/acra-server.yaml
--acraconnector_tls_transport_enable
--tls_ca=/ssl.ca/example.cossacklabs.com.crt
--tls_cert=/ssl.server/acra-server.crt
--tls_key=/ssl.server/acra-server.key
--tls_db_sni=mysql
--acraconnector_transport_encryption_disable
-v
acra-connector:
image: "cossacklabs/acra-connector:${ACRA_DOCKER_IMAGE_TAG:-latest}"
restart: always
depends_on:
- acra-keymaker_server
- acra-keymaker_connector
- acra-server
# Open the port outside for client application
ports:
- "9494:9494"
environment:
ACRA_MASTER_KEY: ${ACRA_MASTER_KEY:-UHZ3VUNNeTJ0SEFhbWVjNkt4eDdVYkc2WnNpUTlYa0E=}
# We use internal networks:
# - 'connector-server' - for interconnection with AcraServer
# and external network 'world' for port exposing
networks:
- connector-server
- world
volumes:
# Mount the directory with only the keys for this service
- ./.acrakeys/acra-connector:/keys:ro
# Mount directories with SSL certificates
- ./ssl/ca:/ssl.ca:ro
- ./ssl/acra-connector:/ssl.proxy:ro
command: >-
--acraserver_connection_host=acra-server
--keys_dir=/keys
--client_id=${ACRA_CLIENT_ID:-testclientid}
--incoming_connection_string=tcp://0.0.0.0:9494
--http_api_enable
--incoming_connection_api_string=tcp://0.0.0.0:9191
--acraserver_tls_transport_enable
--tls_ca=/ssl.ca/example.cossacklabs.com.crt
--tls_cert=/ssl.proxy/acra-connector.crt
--tls_key=/ssl.proxy/acra-connector.key
--tls_acraserver_sni=acra-server
--acraserver_transport_encryption_disable
-v
networks:
world:
connector-server:
internal: true
server-mysql:
internal: true
You can’t perform that action at this time.