Made on
Tilda
# Docker Compose file version
version: '3.8'
services:
# Nginx web server and reverse proxy (primary instance)
nginx-1:
build:
# Build context - current directory
context: .
# Dockerfile location for building the nginx image
dockerfile: ./frontend/Dockerfile
# Build arguments passed to the Dockerfile
args:
# Keycloak server URL for authentication
VITE_KEYCLOAK_URL: https://localhost
# Base URL for HTTP client requests
VITE_HTTP_CLIENT_BASE_URL: https://localhost
# Specification server URL for API documentation
VITE_SPECIFICATION_SERVER_URL: https://localhost
# Container name for easy identification
container_name: nginx-1
# Hostname inside the container network
hostname: nginx-1
# Port mappings: host:container
ports:
- "80:80" # HTTP port
- "443:443" # HTTPS port
# Volume mounts for configuration and SSL certificates
volumes:
- nginx-config:/shared/nginx:ro # Nginx configuration (read-only)
- ssl-certs:/shared/ssl:ro # SSL certificates (read-only)
# Environment variables for nginx
environment:
- NGINX_HEALTHCHECK_URL=http://localhost:80/
# Command to copy config and start nginx
command: ["sh", "-c", "cp /shared/nginx/nginx.conf /etc/nginx/nginx.conf && nginx -g 'daemon off;'"]
# Service dependencies - wait for services-init to complete
depends_on:
- services-init
# Restart policy - restart unless manually stopped
restart: unless-stopped
# Extra host mappings for Docker Desktop compatibility
extra_hosts:
- "host.docker.internal:host-gateway"
# Network configuration
networks:
- sbrs-network
# Nginx web server and reverse proxy (secondary instance)
nginx-2:
build:
# Build context - current directory
context: .
# Dockerfile location for building the nginx image
dockerfile: ./frontend/Dockerfile
# Build arguments passed to the Dockerfile
args:
# Keycloak server URL for authentication
VITE_KEYCLOAK_URL: https://localhost:8443
# Base URL for HTTP client requests
VITE_HTTP_CLIENT_BASE_URL: https://localhost:8443
# Specification server URL for API documentation
VITE_SPECIFICATION_SERVER_URL: https://localhost:8443
# Container name for easy identification
container_name: nginx-2
# Hostname inside the container network
hostname: nginx-2
# Port mappings: host:container (alternative ports to avoid conflicts)
ports:
- "8081:80" # HTTP port (alternative)
- "8443:443" # HTTPS port (alternative)
# Volume mounts for configuration and SSL certificates
volumes:
- nginx-config:/shared/nginx:ro # Nginx configuration (read-only)
- ssl-certs:/shared/ssl:ro # SSL certificates (read-only)
# Environment variables for nginx
environment:
- NGINX_HEALTHCHECK_URL=http://localhost:80/
# Command to copy config and start nginx
command: ["sh", "-c", "cp /shared/nginx/nginx.conf /etc/nginx/nginx.conf && nginx -g 'daemon off;'"]
# Service dependencies - wait for services-init to complete
depends_on:
- services-init
# Restart policy - restart unless manually stopped
restart: unless-stopped
# Extra host mappings for Docker Desktop compatibility
extra_hosts:
- "host.docker.internal:host-gateway"
# Network configuration
networks:
- sbrs-network
# PostgreSQL database for Keycloak authentication service
keycloak-db:
# Official PostgreSQL image version 17.5
image: postgres:17.5
# Container name for easy identification
container_name: keycloak-db
# Environment variables for database configuration
environment:
# Database name for Keycloak
POSTGRES_DB: keycloak
# Database user for Keycloak
POSTGRES_USER: keycloak
# Database password for Keycloak
POSTGRES_PASSWORD: keycloak
# Port mapping: host:container (5433 to avoid conflicts with local PostgreSQL)
ports:
- "5433:5432"
# Volume for persistent database storage
volumes:
- keycloak-db-data:/var/lib/postgresql/data
# Network configuration
networks:
- sbrs-network
# MongoDB Config Servers
mongodb-config1:
# Official MongoDB image version 8.0
image: mongo:8.0
# Container name for easy identification
container_name: mongodb-config1
# Hostname inside the container network
hostname: mongodb-config1
# Port mapping: host:container (27019 to avoid conflicts)
ports:
- "27019:27017"
# Volume for persistent database storage
volumes:
- mongodb_config1_data:/data/db
# Command to start MongoDB as config server with replica set
command: ["--configsvr", "--replSet", "configrs", "--bind_ip_all", "--port", "27017"]
# Network configuration
networks:
- sbrs-network
mongodb-config2:
# Official MongoDB image version 8.0
image: mongo:8.0
# Container name for easy identification
container_name: mongodb-config2
# Hostname inside the container network
hostname: mongodb-config2
# Port mapping: host:container (27020 to avoid conflicts)
ports:
- "27020:27017"
# Volume for persistent database storage
volumes:
- mongodb_config2_data:/data/db
# Command to start MongoDB as config server with replica set
command: ["--configsvr", "--replSet", "configrs", "--bind_ip_all", "--port", "27017"]
# Network configuration
networks:
- sbrs-network
mongodb-config3:
# Official MongoDB image version 8.0
image: mongo:8.0
# Container name for easy identification
container_name: mongodb-config3
# Hostname inside the container network
hostname: mongodb-config3
# Port mapping: host:container (27021 to avoid conflicts)
ports:
- "27021:27017"
# Volume for persistent database storage
volumes:
- mongodb_config3_data:/data/db
# Command to start MongoDB as config server with replica set
command: ["--configsvr", "--replSet", "configrs", "--bind_ip_all", "--port", "27017"]
# Network configuration
networks:
- sbrs-network
# MongoDB Router (mongos)
mongodb-router:
# Official MongoDB image version 8.0
image: mongo:8.0
# Container name for easy identification
container_name: mongodb-router
# Hostname inside the container network
hostname: mongodb-router
# Port mapping: host:container (27018 to avoid conflicts)
ports:
- "27018:27017"
# Command to start MongoDB router with config servers
command: ["mongos", "--configdb", "configrs/mongodb-config1:27017,mongodb-config2:27017,mongodb-config3:27017", "--bind_ip_all", "--port", "27017"]
# Service dependencies - wait for config servers to be ready
depends_on:
- mongodb-config1
- mongodb-config2
- mongodb-config3
# Network configuration
networks:
- sbrs-network
# Shard 1 Replica Set
mongodb-shard1-primary:
# Official MongoDB image version 8.0
image: mongo:8.0
# Container name for easy identification
container_name: mongodb-shard1-primary
# Hostname inside the container network
hostname: mongodb-shard1-primary
# Port mapping: host:container (27022 to avoid conflicts)
ports:
- "27022:27017"
# Volume for persistent database storage
volumes:
- mongodb_shard1_primary_data:/data/db
# Command to start MongoDB as shard server with replica set
command: ["--shardsvr", "--replSet", "shard1rs", "--bind_ip_all", "--port", "27017"]
# Network configuration
networks:
- sbrs-network
mongodb-shard1-secondary1:
# Official MongoDB image version 8.0
image: mongo:8.0
# Container name for easy identification
container_name: mongodb-shard1-secondary1
# Hostname inside the container network
hostname: mongodb-shard1-secondary1
# Port mapping: host:container (27023 to avoid conflicts)
ports:
- "27023:27017"
# Volume for persistent database storage
volumes:
- mongodb_shard1_secondary1_data:/data/db
# Command to start MongoDB as shard server with replica set
command: ["--shardsvr", "--replSet", "shard1rs", "--bind_ip_all", "--port", "27017"]
# Network configuration
networks:
- sbrs-network
mongodb-shard1-secondary2:
# Official MongoDB image version 8.0
image: mongo:8.0
# Container name for easy identification
container_name: mongodb-shard1-secondary2
# Hostname inside the container network
hostname: mongodb-shard1-secondary2
# Port mapping: host:container (27024 to avoid conflicts)
ports:
- "27024:27017"
# Volume for persistent database storage
volumes:
- mongodb_shard1_secondary2_data:/data/db
# Command to start MongoDB as shard server with replica set
command: ["--shardsvr", "--replSet", "shard1rs", "--bind_ip_all", "--port", "27017"]
# Network configuration
networks:
- sbrs-network
# Shard 2 Replica Set
mongodb-shard2-primary:
# Official MongoDB image version 8.0
image: mongo:8.0
# Container name for easy identification
container_name: mongodb-shard2-primary
# Hostname inside the container network
hostname: mongodb-shard2-primary
# Port mapping: host:container (27025 to avoid conflicts)
ports:
- "27025:27017"
# Volume for persistent database storage
volumes:
- mongodb_shard2_primary_data:/data/db
# Command to start MongoDB as shard server with replica set
command: ["--shardsvr", "--replSet", "shard2rs", "--bind_ip_all", "--port", "27017"]
# Network configuration
networks:
- sbrs-network
mongodb-shard2-secondary1:
# Official MongoDB image version 8.0
image: mongo:8.0
# Container name for easy identification
container_name: mongodb-shard2-secondary1
# Hostname inside the container network
hostname: mongodb-shard2-secondary1
# Port mapping: host:container (27026 to avoid conflicts)
ports:
- "27026:27017"
# Volume for persistent database storage
volumes:
- mongodb_shard2_secondary1_data:/data/db
# Command to start MongoDB as shard server with replica set
command: ["--shardsvr", "--replSet", "shard2rs", "--bind_ip_all", "--port", "27017"]
# Network configuration
networks:
- sbrs-network
mongodb-shard2-secondary2:
# Official MongoDB image version 8.0
image: mongo:8.0
# Container name for easy identification
container_name: mongodb-shard2-secondary2
# Hostname inside the container network
hostname: mongodb-shard2-secondary2
# Port mapping: host:container (27027 to avoid conflicts)
ports:
- "27027:27017"
# Volume for persistent database storage
volumes:
- mongodb_shard2_secondary2_data:/data/db
# Command to start MongoDB as shard server with replica set
command: ["--shardsvr", "--replSet", "shard2rs", "--bind_ip_all", "--port", "27017"]
# Network configuration
networks:
- sbrs-network
# Redis Cluster - Master nodes (minimum 3 for cluster)
redis-master1:
# Official Redis image version 7.2
image: redis:7.2
# Container name for easy identification
container_name: redis-master1
# Hostname inside the container network
hostname: redis-master1
# Port mapping: host:container (Redis cluster port)
ports:
- "7001:6379" # Redis port (unique host port)
- "17001:16379" # Redis cluster bus port (unique host port)
# Volume for persistent data storage
volumes:
- redis_master1_data:/data
# Command to start Redis in cluster mode
command: ["redis-server", "--cluster-enabled", "yes", "--cluster-config-file", "nodes.conf", "--cluster-node-timeout", "5000", "--appendonly", "yes", "--bind", "0.0.0.0", "--port", "6379", "--cluster-announce-ip", "172.20.0.20", "--cluster-announce-port", "6379", "--cluster-announce-bus-port", "16379"]
# Network configuration
networks:
sbrs-network:
ipv4_address: 172.20.0.20
redis-master2:
# Official Redis image version 7.2
image: redis:7.2
# Container name for easy identification
container_name: redis-master2
# Hostname inside the container network
hostname: redis-master2
# Port mapping: host:container (Redis cluster port)
ports:
- "7002:6379" # Redis port (unique host port)
- "17002:16379" # Redis cluster bus port (unique host port)
# Volume for persistent data storage
volumes:
- redis_master2_data:/data
# Command to start Redis in cluster mode
command: ["redis-server", "--cluster-enabled", "yes", "--cluster-config-file", "nodes.conf", "--cluster-node-timeout", "5000", "--appendonly", "yes", "--bind", "0.0.0.0", "--port", "6379", "--cluster-announce-ip", "172.20.0.21", "--cluster-announce-port", "6379", "--cluster-announce-bus-port", "16379"]
# Network configuration
networks:
sbrs-network:
ipv4_address: 172.20.0.21
redis-master3:
# Official Redis image version 7.2
image: redis:7.2
# Container name for easy identification
container_name: redis-master3
# Hostname inside the container network
hostname: redis-master3
# Port mapping: host:container (Redis cluster port)
ports:
- "7003:6379" # Redis port (unique host port)
- "17003:16379" # Redis cluster bus port (unique host port)
# Volume for persistent data storage
volumes:
- redis_master3_data:/data
# Command to start Redis in cluster mode
command: ["redis-server", "--cluster-enabled", "yes", "--cluster-config-file", "nodes.conf", "--cluster-node-timeout", "5000", "--appendonly", "yes", "--bind", "0.0.0.0", "--port", "6379", "--cluster-announce-ip", "172.20.0.22", "--cluster-announce-port", "6379", "--cluster-announce-bus-port", "16379"]
# Network configuration
networks:
sbrs-network:
ipv4_address: 172.20.0.22
# Redis Cluster - Slave nodes (optional, for high availability)
redis-slave1:
# Official Redis image version 7.2
image: redis:7.2
# Container name for easy identification
container_name: redis-slave1
# Hostname inside the container network
hostname: redis-slave1
# Port mapping: host:container (Redis cluster port)
ports:
- "7004:6379" # Redis port (unique host port)
- "17004:16379" # Redis cluster bus port (unique host port)
# Volume for persistent data storage
volumes:
- redis_slave1_data:/data
# Command to start Redis in cluster mode
command: ["redis-server", "--cluster-enabled", "yes", "--cluster-config-file", "nodes.conf", "--cluster-node-timeout", "5000", "--appendonly", "yes", "--bind", "0.0.0.0", "--port", "6379", "--cluster-announce-ip", "172.20.0.23", "--cluster-announce-port", "6379", "--cluster-announce-bus-port", "16379"]
# Network configuration
networks:
sbrs-network:
ipv4_address: 172.20.0.23
redis-slave2:
# Official Redis image version 7.2
image: redis:7.2
# Container name for easy identification
container_name: redis-slave2
# Hostname inside the container network
hostname: redis-slave2
# Port mapping: host:container (Redis cluster port)
ports:
- "7005:6379" # Redis port (unique host port)
- "17005:16379" # Redis cluster bus port (unique host port)
# Volume for persistent data storage
volumes:
- redis_slave2_data:/data
# Command to start Redis in cluster mode
command: ["redis-server", "--cluster-enabled", "yes", "--cluster-config-file", "nodes.conf", "--cluster-node-timeout", "5000", "--appendonly", "yes", "--bind", "0.0.0.0", "--port", "6379", "--cluster-announce-ip", "172.20.0.24", "--cluster-announce-port", "6379", "--cluster-announce-bus-port", "16379"]
# Network configuration
networks:
sbrs-network:
ipv4_address: 172.20.0.24
redis-slave3:
# Official Redis image version 7.2
image: redis:7.2
# Container name for easy identification
container_name: redis-slave3
# Hostname inside the container network
hostname: redis-slave3
# Port mapping: host:container (Redis cluster port)
ports:
- "7006:6379" # Redis port (unique host port)
- "17006:16379" # Redis cluster bus port (unique host port)
# Volume for persistent data storage
volumes:
- redis_slave3_data:/data
# Command to start Redis in cluster mode
command: ["redis-server", "--cluster-enabled", "yes", "--cluster-config-file", "nodes.conf", "--cluster-node-timeout", "5000", "--appendonly", "yes", "--bind", "0.0.0.0", "--port", "6379", "--cluster-announce-ip", "172.20.0.25", "--cluster-announce-port", "6379", "--cluster-announce-bus-port", "16379"]
# Network configuration
networks:
sbrs-network:
ipv4_address: 172.20.0.25
# Initialization service for setting up MongoDB, Keycloak, and Nginx configuration
services-init:
build:
# Build context - scripts directory
context: ./scripts
# Dockerfile for initialization service
dockerfile: Dockerfile.init
# Image name and tag for the initialization service
image: sbrs-init:latest
# Container name for easy identification
container_name: services-init
# Service dependencies - wait for MongoDB cluster and Redis cluster to be ready
depends_on:
- mongodb-router
- mongodb-config1
- mongodb-config2
- mongodb-config3
- mongodb-shard1-primary
- mongodb-shard1-secondary1
- mongodb-shard1-secondary2
- mongodb-shard2-primary
- mongodb-shard2-secondary1
- mongodb-shard2-secondary2
- redis-master1
- redis-master2
- redis-master3
- redis-slave1
- redis-slave2
- redis-slave3
- keycloak
# Network configuration
networks:
- sbrs-network
# Environment variables for initialization configuration
environment:
# MongoDB Sharding Configuration
- MONGODB_HOST=mongodb-router # MongoDB router hostname for connection
- MONGODB_PORT=27017 # MongoDB router port for connection
- MONGODB_CONFIG_SERVERS=mongodb-config1:27017,mongodb-config2:27017,mongodb-config3:27017 # Config servers list
- MONGODB_SHARD_COUNT=2 # Number of shards in the cluster
- MONGODB_REPLICA_COUNT=3 # Number of replicas per shard
- MONGODB_SHARD1_NODES=mongodb-shard1-primary:27017,mongodb-shard1-secondary1:27017,mongodb-shard1-secondary2:27017 # Shard 1 nodes
- MONGODB_SHARD2_NODES=mongodb-shard2-primary:27017,mongodb-shard2-secondary1:27017,mongodb-shard2-secondary2:27017 # Shard 2 nodes
# Redis cluster nodes for cluster initialization
- REDIS_CLUSTER_NODES=172.20.0.20:6379,172.20.0.21:6379,172.20.0.22:6379,172.20.0.23:6379,172.20.0.24:6379,172.20.0.25:6379 # List of Redis cluster nodes with IP addresses and ports
# Redis cluster configuration
- REDIS_CLUSTER_REPLICAS=1 # Number of replicas per master
- REDIS_CLUSTER_REQUIRE_FULL_COVERAGE=no # Allow cluster to work with missing nodes
# Keycloak connection settings
- KEYCLOAK_URL=http://keycloak:8080 # Keycloak server URL for realm management
- KEYCLOAK_ADMIN=admin # Keycloak admin username
- KEYCLOAK_ADMIN_PASSWORD=admin # Keycloak admin password
# Keycloak realm name
- REALM_NAME=soberis # Name of the Keycloak realm to create/configure
# Retry configuration for service initialization
- MAX_RETRIES=30 # Maximum number of connection retries
- RETRY_DELAY=5 # Delay in seconds between retries
# Keycloak realm configuration
- REALM_ENABLED=true # Enable the realm
- REALM_DEFAULT_LOCALE=ru # Default locale for the realm
- REALM_SUPPORTED_LOCALES=ru # Supported locales
- REALM_I18N_ENABLED=true # Enable internationalization
# Default user configuration
- DEFAULT_USER_USERNAME=admin_user # Default admin username
- DEFAULT_USER_PASSWORD=admin_user # Default admin password
- DEFAULT_USER_ENABLED=true # Enable the default user
- DEFAULT_USER_EMAIL_VERIFIED=true # Mark email as verified
# Client configuration for frontend application
- CLIENT_ID=frontend # Client ID for the frontend
- CLIENT_ENABLED=true # Enable the client
- CLIENT_PUBLIC=true # Public client (no client secret required)
- CLIENT_REDIRECT_URIS=http://localhost/*,https://localhost/* # Allowed redirect URIs
- CLIENT_WEB_ORIGINS=http://localhost,https://localhost # Allowed web origins
# Realm roles for authorization
- REALM_ROLES=update_schema,import_schema,export_schema,read_specification,clear_cache,read_metrics,update_log_ttl,api_keys_management # List of realm roles to create
# Nginx configuration - Backend servers (dynamic load balancing)
- BACKEND_SERVERS=soberis-1:8588,soberis-2:8588 # Backend server addresses
- BACKEND_DEFAULT_WEIGHT=1 # Default weight for load balancing
- BACKEND_MAX_FAILS=3 # Maximum failed attempts before marking server as unavailable
- BACKEND_FAIL_TIMEOUT=30s # Timeout for failed server recovery
- BACKEND_KEEPALIVE=32 # Number of keepalive connections
- BACKEND_KEEPALIVE_REQUESTS=100 # Maximum requests per keepalive connection
- BACKEND_KEEPALIVE_TIMEOUT=60s # Keepalive connection timeout
# Nginx server configuration
- NGINX_PORT=80 # Nginx listening port
- NGINX_SERVER_NAME=localhost # Server name for nginx
- NGINX_RESOLVER=127.0.0.11 # DNS resolver for nginx
- NGINX_RESOLVER_VALID=30s # DNS resolver cache validity
- NGINX_STATUS_ALLOW_NETWORK=172.16.0.0/12 # Network allowed to access nginx status
- NGINX_HEALTHCHECK_URL=http://localhost:80/ # Full healthcheck URL for nginx
# Keycloak proxy configuration
- KEYCLOAK_SERVER=keycloak # Keycloak server hostname
- KEYCLOAK_PORT=8080 # Keycloak server port
# Proxy buffer configuration for performance optimization
- PROXY_BUFFER_SIZE=128k # Initial buffer size for proxy responses
- PROXY_BUFFERS_NUM=4 # Number of proxy buffers
- PROXY_BUFFERS_SIZE=256k # Size of each proxy buffer
- PROXY_BUSY_BUFFERS_SIZE=256k # Size of busy buffers
# Proxy timeout configuration
- PROXY_READ_TIMEOUT=60s # Timeout for reading proxy response
- PROXY_CONNECT_TIMEOUT=30s # Timeout for connecting to proxy
- PROXY_SEND_TIMEOUT=60s # Timeout for sending to proxy
# SBRS-specific proxy timeouts (longer for heavy operations)
- SBRS_PROXY_READ_TIMEOUT=120s # Extended read timeout for SBRS operations
- SBRS_PROXY_CONNECT_TIMEOUT=30s # Connection timeout for SBRS
- SBRS_PROXY_SEND_TIMEOUT=120s # Extended send timeout for SBRS operations
# Upstream failover configuration
- PROXY_NEXT_UPSTREAM_TRIES=2 # Number of tries for next upstream server
- PROXY_NEXT_UPSTREAM_TIMEOUT=100s # Timeout for next upstream attempt
# Static files cache configuration
- STATIC_FILES_CACHE_EXPIRES=1y # Cache expiration time for static files
# SSL configuration (set SSL_ENABLED=true to enable HTTPS)
- SSL_ENABLED=true # Enable SSL/TLS
- SSL_CERT_PATH=/shared/ssl/server.crt # SSL certificate path
- SSL_KEY_PATH=/shared/ssl/server.key # SSL private key path
# SSL certificate generation parameters
- SSL_COUNTRY=RU # Country for SSL certificate
- SSL_STATE=Moscow # State/Province for SSL certificate
- SSL_CITY=Moscow # City for SSL certificate
- SSL_ORG=Soberis # Organization for SSL certificate
- SSL_ORG_UNIT=IT # Organizational unit for SSL certificate
- SSL_COMMON_NAME=localhost # Common name for SSL certificate
- SSL_EMAIL=admin@soberis.com # Email for SSL certificate
- SSL_DAYS=365 # SSL certificate validity period in days
- SSL_KEY_SIZE=2048 # SSL private key size in bits
- SSL_CIPHER_SUITE=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA # SSL cipher suite
# Nginx main configuration variables
- NGINX_WORKER_CONNECTIONS=1024 # Worker connections for nginx
- NGINX_KEEPALIVE_TIMEOUT=65 # Keepalive timeout for nginx
- NGINX_TYPES_HASH_MAX_SIZE=2048 # Types hash max size for nginx
- NGINX_GZIP_ENABLED=on # Enable gzip compression
- NGINX_GZIP_COMP_LEVEL=6 # Gzip compression level
- NGINX_GZIP_MIN_LENGTH=1000 # Minimum length for gzip compression
# Volume mounts for sharing configuration and certificates
volumes:
- nginx-config:/shared/nginx # Nginx configuration sharing
- ssl-certs:/shared/ssl # SSL certificates sharing
- ./certificate:/certificate:ro # Certificate files (read-only)
# Restart policy - restart on failure
restart: on-failure
# Keycloak authentication and authorization server
keycloak:
# Official Keycloak image version 26.2
image: quay.io/keycloak/keycloak:26.2
# Container name for easy identification
container_name: keycloak
# Hostname inside the container network
hostname: keycloak
# Port mapping: host:container (default Keycloak port)
ports:
- "8080:8080"
# Environment variables for Keycloak configuration
environment:
# Bootstrap admin user credentials
- KC_BOOTSTRAP_ADMIN_USERNAME=admin # Bootstrap admin username
- KC_BOOTSTRAP_ADMIN_PASSWORD=admin # Bootstrap admin password
# Database configuration
- KC_DB=postgres # Database type
- KC_DB_URL=jdbc:postgresql://keycloak-db:5432/keycloak # Database connection URL
- KC_DB_USERNAME=keycloak # Database username
- KC_DB_PASSWORD=keycloak # Database password
# Localization settings
- KC_LOCALE=ru # Default locale
- KC_LOCALE_DEFAULT=ru # Default locale setting
- KC_DEFAULT_LOCALE=ru # System default locale
- KC_SUPPORTED_LOCALES=ru # Supported locales
# Hostname and security settings
- KC_HOSTNAME_STRICT=false # Disable strict hostname checking
- KC_HOSTNAME_STRICT_HTTPS=false # Disable strict HTTPS hostname checking
- KC_HTTP_ENABLED=true # Enable HTTP (for development)
- KC_PROXY_HEADERS=xforwarded # Handle X-Forwarded headers from proxy
# External URLs for Keycloak
- KC_HOSTNAME_URL=https://localhost # Public URL for Keycloak
- KC_HOSTNAME_ADMIN_URL=https://localhost # Admin console URL
# Service dependencies - wait for database to be ready
depends_on:
- keycloak-db
# Command to start Keycloak in development mode
command:
- start-dev
# Network configuration
networks:
- sbrs-network
# First instance of the Soberis backend application
soberis-1:
build:
# Build context - backend directory
context: ./backend
# Dockerfile for building the backend application
dockerfile: Dockerfile
# Container name for easy identification
container_name: soberis-1
# Hostname inside the container network
hostname: soberis-1
# Port mapping: host:container (main backend port)
ports:
- "8588:8588"
- "8888:8888"
# Environment variables for application configuration
environment:
# Application license key
- SBRS_LICENSE_KEY=
# Spring Boot profile for Docker environment
- SPRING_PROFILES_ACTIVE=docker
# MongoDB connection configuration (using mongos router for sharded cluster)
- SPRING_DATA_MONGODB_URI=mongodb://mongodb-router:27017/ # MongoDB connection URI
- SPRING_DATA_MONGODB_DATABASE=sbrs_data_db # Main application database
- SBRS_EVENT_LOG_DATABASE_NAME=sbrs_event_log_db # Event logging database
- SBRS_SERVICE_LOG_DATABASE_NAME=sbrs_service_log_db # Service logging database
- SBRS_SERVER_LOG_DATABASE_NAME=sbrs_server_log_db # Server logging database
# Redis connection configuration (cluster mode)
- SPRING_DATA_REDIS_CLUSTER_NODES=172.20.0.20:6379,172.20.0.21:6379,172.20.0.22:6379,172.20.0.23:6379,172.20.0.24:6379,172.20.0.25:6379 # Redis cluster nodes list
- SPRING_DATA_REDIS_CLUSTER_MAX_REDIRECTS=5 # Maximum cluster redirects
- SPRING_DATA_REDIS_TIMEOUT=30000ms # Redis operation timeout
- SPRING_DATA_REDIS_CONNECT_TIMEOUT=15000ms # Redis connection timeout
# Redis connection pool configuration
- SPRING_DATA_REDIS_JEDIS_POOL_MAX_ACTIVE=20 # Maximum active connections
- SPRING_DATA_REDIS_JEDIS_POOL_MAX_IDLE=8 # Maximum idle connections
- SPRING_DATA_REDIS_JEDIS_POOL_MIN_IDLE=2 # Minimum idle connections
- SPRING_DATA_REDIS_JEDIS_POOL_MAX_WAIT=15000ms # Maximum wait time for connection
# Additional Redis cluster configuration for better stability
- SPRING_DATA_REDIS_CLUSTER_REFRESH_PERIOD=30000ms # Cluster topology refresh period
- SPRING_DATA_REDIS_CLUSTER_ADAPTIVE_REFRESH=true # Enable adaptive refresh
- SPRING_DATA_REDIS_CLUSTER_REFRESH_TRIGGERS=MOVED_REDIRECT,ASK_REDIRECT # Refresh triggers
# Lettuce connection pool settings (primary Redis client)
- SPRING_DATA_REDIS_LETTUCE_POOL_MAX_ACTIVE=20 # Maximum active connections
- SPRING_DATA_REDIS_LETTUCE_POOL_MAX_IDLE=8 # Maximum idle connections
- SPRING_DATA_REDIS_LETTUCE_POOL_MIN_IDLE=2 # Minimum idle connections
- SPRING_DATA_REDIS_LETTUCE_POOL_MAX_WAIT=15000ms # Maximum wait time for connection
- SPRING_DATA_REDIS_LETTUCE_CLUSTER_REFRESH_PERIOD=30000ms # Lettuce cluster refresh period
# OAuth2 JWT configuration for authentication
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=https://localhost/realms/soberis # JWT issuer URI for token validation
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/realms/soberis/protocol/openid-connect/certs # JWK Set URI for token verification
# Application-specific configuration
- SBRS_API_SERVER_URL=http://soberis-1:8588 # This instance's API URL
- SBRS_INSTANCE_URL_PATTERN=http://soberis-{instance}:8588 # URL pattern for multiple instances
- SBRS_API_TOKEN_VALIDATION_ENABLED=true # Enable API token validation
# Service dependencies - wait for required services to be ready
depends_on:
- mongodb-router
- redis-master1
- redis-master2
- redis-master3
- keycloak
- services-init
# Restart policy - restart unless manually stopped
restart: unless-stopped
# Extra host mappings for Docker Desktop compatibility
extra_hosts:
- "host.docker.internal:host-gateway"
# Network configuration
networks:
- sbrs-network
# Second instance of the Soberis backend application for load balancing
soberis-2:
build:
# Build context - backend directory
context: ./backend
# Dockerfile for building the backend application
dockerfile: Dockerfile
# Container name for easy identification
container_name: soberis-2
# Hostname inside the container network
hostname: soberis-2
# Port mapping: host:container (alternative backend port)
ports:
- "8589:8588"
- "8889:8888"
# Environment variables for application configuration
environment:
# Application license key
- SBRS_LICENSE_KEY=
# Spring Boot profile for Docker environment
- SPRING_PROFILES_ACTIVE=docker
# MongoDB connection configuration (using mongos router for sharded cluster)
- SPRING_DATA_MONGODB_URI=mongodb://mongodb-router:27017/ # MongoDB connection URI
- SPRING_DATA_MONGODB_DATABASE=sbrs_data_db # Main application database
- SBRS_EVENT_LOG_DATABASE_NAME=sbrs_event_log_db # Event logging database
- SBRS_SERVICE_LOG_DATABASE_NAME=sbrs_service_log_db # Service logging database
- SBRS_SERVER_LOG_DATABASE_NAME=sbrs_server_log_db # Server logging database
# Redis connection configuration (cluster mode)
- SPRING_DATA_REDIS_CLUSTER_NODES=172.20.0.20:6379,172.20.0.21:6379,172.20.0.22:6379,172.20.0.23:6379,172.20.0.24:6379,172.20.0.25:6379 # Redis cluster nodes list
- SPRING_DATA_REDIS_CLUSTER_MAX_REDIRECTS=5 # Maximum cluster redirects
- SPRING_DATA_REDIS_TIMEOUT=30000ms # Redis operation timeout
- SPRING_DATA_REDIS_CONNECT_TIMEOUT=15000ms # Redis connection timeout
# Redis connection pool configuration
- SPRING_DATA_REDIS_JEDIS_POOL_MAX_ACTIVE=20 # Maximum active connections
- SPRING_DATA_REDIS_JEDIS_POOL_MAX_IDLE=8 # Maximum idle connections
- SPRING_DATA_REDIS_JEDIS_POOL_MIN_IDLE=2 # Minimum idle connections
- SPRING_DATA_REDIS_JEDIS_POOL_MAX_WAIT=15000ms # Maximum wait time for connection
# Additional Redis cluster configuration for better stability
- SPRING_DATA_REDIS_CLUSTER_REFRESH_PERIOD=30000ms # Cluster topology refresh period
- SPRING_DATA_REDIS_CLUSTER_ADAPTIVE_REFRESH=true # Enable adaptive refresh
- SPRING_DATA_REDIS_CLUSTER_REFRESH_TRIGGERS=MOVED_REDIRECT,ASK_REDIRECT # Refresh triggers
# Lettuce connection pool settings (primary Redis client)
- SPRING_DATA_REDIS_LETTUCE_POOL_MAX_ACTIVE=20 # Maximum active connections
- SPRING_DATA_REDIS_LETTUCE_POOL_MAX_IDLE=8 # Maximum idle connections
- SPRING_DATA_REDIS_LETTUCE_POOL_MIN_IDLE=2 # Minimum idle connections
- SPRING_DATA_REDIS_LETTUCE_POOL_MAX_WAIT=15000ms # Maximum wait time for connection
- SPRING_DATA_REDIS_LETTUCE_CLUSTER_REFRESH_PERIOD=30000ms # Lettuce cluster refresh period
# OAuth2 JWT configuration for authentication
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=https://localhost/realms/soberis # JWT issuer URI for token validation
- SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/realms/soberis/protocol/openid-connect/certs # JWK Set URI for token verification
# Application-specific configuration
- SBRS_API_SERVER_URL=http://soberis-2:8588 # This instance's API URL
- SBRS_INSTANCE_URL_PATTERN=http://soberis-{instance}:8588 # URL pattern for multiple instances
- SBRS_API_TOKEN_VALIDATION_ENABLED=true # Enable API token validation
# Service dependencies - wait for required services to be ready
depends_on:
- mongodb-router
- redis-master1
- redis-master2
- redis-master3
- keycloak
- services-init
# Restart policy - restart unless manually stopped
restart: unless-stopped
# Extra host mappings for Docker Desktop compatibility
extra_hosts:
- "host.docker.internal:host-gateway"
# Network configuration
networks:
- sbrs-network
# Named volumes for persistent data storage
volumes:
keycloak-db-data: # PostgreSQL data for Keycloak
mongodb_config1_data: # MongoDB config server 1 data
mongodb_config2_data: # MongoDB config server 2 data
mongodb_config3_data: # MongoDB config server 3 data
mongodb_shard1_primary_data: # MongoDB shard 1 primary data
mongodb_shard1_secondary1_data: # MongoDB shard 1 secondary 1 data
mongodb_shard1_secondary2_data: # MongoDB shard 1 secondary 2 data
mongodb_shard2_primary_data: # MongoDB shard 2 primary data
mongodb_shard2_secondary1_data: # MongoDB shard 2 secondary 1 data
mongodb_shard2_secondary2_data: # MongoDB shard 2 secondary 2 data
redis_master1_data: # Redis data for master node 1
redis_master2_data: # Redis data for master node 2
redis_master3_data: # Redis data for master node 3
redis_slave1_data: # Redis data for slave node 1
redis_slave2_data: # Redis data for slave node 2
redis_slave3_data: # Redis data for slave node 3
nginx-config: # Nginx configuration files
ssl-certs: # SSL certificates for HTTPS
# Custom network for service communication
networks:
sbrs-network:
driver: bridge # Bridge network driver for container communication
# IP Address Management configuration
ipam:
config:
# Network subnet range for container IP assignment
- subnet: 172.20.0.0/16
# Default gateway for the network
gateway: 172.20.0.1
# Укажите лицензионный ключ в переменной окружения для сервисов soberis-1 и soberis-2:
environment:
- SBRS_LICENSE_KEY=ВАШ_ЛИЦЕНЗИОННЫЙ_КЛЮЧ# Если у вас есть доменное имя, замените localhostна ваш домен в следующих переменных:
# В build args для nginx-1 и nginx-2
args:
VITE_KEYCLOAK_URL: https://ваш-домен.com
VITE_HTTP_CLIENT_BASE_URL: https://ваш-домен.com
VITE_SPECIFICATION_SERVER_URL: https://ваш-домен.com
# В environment для services-init
- NGINX_SERVER_NAME=ваш-домен.com
- SSL_COMMON_NAME=ваш-домен.com# Перейдите в директорию с файлом docker-compose.yml и запустите систему:
# Переход в директорию с docker-compose.yml
cd path/to/your/soberis
# Запуск всех сервисов
docker-compose up -d
# Просмотр логов (опционально)
docker-compose logs -f
# Проверка статуса контейнеров
docker-compose ps1. Войдите в админку Keycloak под учетной записью admin
2. Выберите realm "soberis" в выпадающем списке
3. Перейдите в раздел "Users" в левом меню
4. Нажмите кнопку "Create new user"
5. Заполните обязательные поля:
• Username - имя пользователя для входа
• Email - адрес электронной почты
• First name и Last name - имя и фамилия
6. Установите галочку "Email verified" если не требуется подтверждение
7. Нажмите "Create"
8. Перейдите на вкладку "Credentials" и установите пароль
9. На вкладке "Role mapping" назначьте необходимые роли:
• update_schema - создание и редактирование схем
• import_schema / export_schema - импорт/экспорт схем
• read_specification - просмотр спецификации API
• clear_cache - очистка кэша
• read_metrics - просмотр метрик системы
• update_log_ttl - управление временем жизни логов
• api_keys_management - управление API ключами# Остановка всех сервисов
docker-compose down
# Остановка с удалением volumes (осторожно - удалит все данные!)
docker-compose down -v
# Перезапуск конкретного сервиса
docker-compose restart soberis-1
# Просмотр логов конкретного сервиса
docker-compose logs -f soberis-1
# Выполнение команды в контейнере
docker-compose exec soberis-1 bash
# Обновление образов
docker-compose pull