Установка SOBERIS

SOBERIS представляет собой многокомпонентную систему, развернутую в контейнерах Docker. Данное руководство описывает пошаговую установку всех компонентов системы.
Системные требования
  • Docker Engine 20.10+ и Docker Compose v2
  • Минимум 8 ГБ оперативной памяти
  • Минимум 50 ГБ свободного места на диске
  • Операционная система: Linux, Windows 10/11, macOS
Шаг 1. Получение Docker образов
Для получения ссылок на скачивание Docker образов системы SOBERIS необходимо оставить заявку. Образы включают в себя:
  • Backend образ - основное приложение SOBERIS с API и бизнес-логикой
  • Frontend образ - веб-интерфейс пользователя на базе Nginx
  • Init-контейнер - сервис инициализации для настройки MongoDB, Redis и Keycloak
Шаг 2. Загрузка образов в Docker
После получения архивов с образами, загрузите их в локальный Docker:
  • Загрузка backend образа: docker load -i soberis-backend-2.0.130.tar
  • Загрузка frontend образа: docker load -i soberis-frontend-2.0.130.tar
  • Загрузка init образа: docker load -i soberis-init-2.0.130.tar
  • Проверка загруженных образов: docker images | grep soberis
Шаг 3. Создание docker-compose.yml
При приобретении лицензий "Профессиональная" или "Корпоративная" дополнительно предоставляются готовые конфигурации для развертывания SOBERIS в кластере Kubernetes.
# Docker Compose file version
version: '3.8'

services:
  # Nginx web server and reverse proxy (primary instance)
  nginx-1:
    build:
      # Build context - current directory
      context: .
      # Dockerfile location for building the nginx image
      dockerfile: ./frontend/Dockerfile
      # Build arguments passed to the Dockerfile
      args:
        # Keycloak server URL for authentication
        VITE_KEYCLOAK_URL: https://localhost
        # Base URL for HTTP client requests
        VITE_HTTP_CLIENT_BASE_URL: https://localhost
        # Specification server URL for API documentation
        VITE_SPECIFICATION_SERVER_URL: https://localhost
    # Container name for easy identification
    container_name: nginx-1
    # Hostname inside the container network
    hostname: nginx-1
    # Port mappings: host:container
    ports:
      - "80:80"   # HTTP port
      - "443:443" # HTTPS port
    # Volume mounts for configuration and SSL certificates
    volumes:
      - nginx-config:/shared/nginx:ro  # Nginx configuration (read-only)
      - ssl-certs:/shared/ssl:ro       # SSL certificates (read-only)
    # Environment variables for nginx
    environment:
      - NGINX_HEALTHCHECK_URL=http://localhost:80/
    # Command to copy config and start nginx
    command: ["sh", "-c", "cp /shared/nginx/nginx.conf /etc/nginx/nginx.conf && nginx -g 'daemon off;'"]
    # Service dependencies - wait for services-init to complete
    depends_on:
      - services-init
    # Restart policy - restart unless manually stopped
    restart: unless-stopped
    # Extra host mappings for Docker Desktop compatibility
    extra_hosts:
      - "host.docker.internal:host-gateway"
    # Network configuration
    networks:
      - sbrs-network

  # Nginx web server and reverse proxy (secondary instance)
  nginx-2:
    build:
      # Build context - current directory
      context: .
      # Dockerfile location for building the nginx image
      dockerfile: ./frontend/Dockerfile
      # Build arguments passed to the Dockerfile
      args:
        # Keycloak server URL for authentication
        VITE_KEYCLOAK_URL: https://localhost:8443
        # Base URL for HTTP client requests
        VITE_HTTP_CLIENT_BASE_URL: https://localhost:8443
        # Specification server URL for API documentation
        VITE_SPECIFICATION_SERVER_URL: https://localhost:8443
    # Container name for easy identification
    container_name: nginx-2
    # Hostname inside the container network
    hostname: nginx-2
    # Port mappings: host:container (alternative ports to avoid conflicts)
    ports:
      - "8081:80"   # HTTP port (alternative)
      - "8443:443"  # HTTPS port (alternative)
    # Volume mounts for configuration and SSL certificates
    volumes:
      - nginx-config:/shared/nginx:ro  # Nginx configuration (read-only)
      - ssl-certs:/shared/ssl:ro       # SSL certificates (read-only)
    # Environment variables for nginx
    environment:
      - NGINX_HEALTHCHECK_URL=http://localhost:80/
    # Command to copy config and start nginx
    command: ["sh", "-c", "cp /shared/nginx/nginx.conf /etc/nginx/nginx.conf && nginx -g 'daemon off;'"]
    # Service dependencies - wait for services-init to complete
    depends_on:
      - services-init
    # Restart policy - restart unless manually stopped
    restart: unless-stopped
    # Extra host mappings for Docker Desktop compatibility
    extra_hosts:
      - "host.docker.internal:host-gateway"
    # Network configuration
    networks:
      - sbrs-network

  # PostgreSQL database for Keycloak authentication service
  keycloak-db:
    # Official PostgreSQL image version 17.5
    image: postgres:17.5
    # Container name for easy identification
    container_name: keycloak-db
    # Environment variables for database configuration
    environment:
      # Database name for Keycloak
      POSTGRES_DB: keycloak
      # Database user for Keycloak
      POSTGRES_USER: keycloak
      # Database password for Keycloak
      POSTGRES_PASSWORD: keycloak
    # Port mapping: host:container (5433 to avoid conflicts with local PostgreSQL)
    ports:
      - "5433:5432"
    # Volume for persistent database storage
    volumes:
      - keycloak-db-data:/var/lib/postgresql/data
    # Network configuration
    networks:
      - sbrs-network

  # MongoDB Config Servers
  mongodb-config1:
    # Official MongoDB image version 8.0
    image: mongo:8.0
    # Container name for easy identification
    container_name: mongodb-config1
    # Hostname inside the container network
    hostname: mongodb-config1
    # Port mapping: host:container (27019 to avoid conflicts)
    ports:
      - "27019:27017"
    # Volume for persistent database storage
    volumes:
      - mongodb_config1_data:/data/db
    # Command to start MongoDB as config server with replica set
    command: ["--configsvr", "--replSet", "configrs", "--bind_ip_all", "--port", "27017"]
    # Network configuration
    networks:
      - sbrs-network

  mongodb-config2:
    # Official MongoDB image version 8.0
    image: mongo:8.0
    # Container name for easy identification
    container_name: mongodb-config2
    # Hostname inside the container network
    hostname: mongodb-config2
    # Port mapping: host:container (27020 to avoid conflicts)
    ports:
      - "27020:27017"
    # Volume for persistent database storage
    volumes:
      - mongodb_config2_data:/data/db
    # Command to start MongoDB as config server with replica set
    command: ["--configsvr", "--replSet", "configrs", "--bind_ip_all", "--port", "27017"]
    # Network configuration
    networks:
      - sbrs-network

  mongodb-config3:
    # Official MongoDB image version 8.0
    image: mongo:8.0
    # Container name for easy identification
    container_name: mongodb-config3
    # Hostname inside the container network
    hostname: mongodb-config3
    # Port mapping: host:container (27021 to avoid conflicts)
    ports:
      - "27021:27017"
    # Volume for persistent database storage
    volumes:
      - mongodb_config3_data:/data/db
    # Command to start MongoDB as config server with replica set
    command: ["--configsvr", "--replSet", "configrs", "--bind_ip_all", "--port", "27017"]
    # Network configuration
    networks:
      - sbrs-network

  # MongoDB Router (mongos)
  mongodb-router:
    # Official MongoDB image version 8.0
    image: mongo:8.0
    # Container name for easy identification
    container_name: mongodb-router
    # Hostname inside the container network
    hostname: mongodb-router
    # Port mapping: host:container (27018 to avoid conflicts)
    ports:
      - "27018:27017"
    # Command to start MongoDB router with config servers
    command: ["mongos", "--configdb", "configrs/mongodb-config1:27017,mongodb-config2:27017,mongodb-config3:27017", "--bind_ip_all", "--port", "27017"]
    # Service dependencies - wait for config servers to be ready
    depends_on:
      - mongodb-config1
      - mongodb-config2
      - mongodb-config3
    # Network configuration
    networks:
      - sbrs-network

  # Shard 1 Replica Set
  mongodb-shard1-primary:
    # Official MongoDB image version 8.0
    image: mongo:8.0
    # Container name for easy identification
    container_name: mongodb-shard1-primary
    # Hostname inside the container network
    hostname: mongodb-shard1-primary
    # Port mapping: host:container (27022 to avoid conflicts)
    ports:
      - "27022:27017"
    # Volume for persistent database storage
    volumes:
      - mongodb_shard1_primary_data:/data/db
    # Command to start MongoDB as shard server with replica set
    command: ["--shardsvr", "--replSet", "shard1rs", "--bind_ip_all", "--port", "27017"]
    # Network configuration
    networks:
      - sbrs-network

  mongodb-shard1-secondary1:
    # Official MongoDB image version 8.0
    image: mongo:8.0
    # Container name for easy identification
    container_name: mongodb-shard1-secondary1
    # Hostname inside the container network
    hostname: mongodb-shard1-secondary1
    # Port mapping: host:container (27023 to avoid conflicts)
    ports:
      - "27023:27017"
    # Volume for persistent database storage
    volumes:
      - mongodb_shard1_secondary1_data:/data/db
    # Command to start MongoDB as shard server with replica set
    command: ["--shardsvr", "--replSet", "shard1rs", "--bind_ip_all", "--port", "27017"]
    # Network configuration
    networks:
      - sbrs-network

  mongodb-shard1-secondary2:
    # Official MongoDB image version 8.0
    image: mongo:8.0
    # Container name for easy identification
    container_name: mongodb-shard1-secondary2
    # Hostname inside the container network
    hostname: mongodb-shard1-secondary2
    # Port mapping: host:container (27024 to avoid conflicts)
    ports:
      - "27024:27017"
    # Volume for persistent database storage
    volumes:
      - mongodb_shard1_secondary2_data:/data/db
    # Command to start MongoDB as shard server with replica set
    command: ["--shardsvr", "--replSet", "shard1rs", "--bind_ip_all", "--port", "27017"]
    # Network configuration
    networks:
      - sbrs-network

  # Shard 2 Replica Set
  mongodb-shard2-primary:
    # Official MongoDB image version 8.0
    image: mongo:8.0
    # Container name for easy identification
    container_name: mongodb-shard2-primary
    # Hostname inside the container network
    hostname: mongodb-shard2-primary
    # Port mapping: host:container (27025 to avoid conflicts)
    ports:
      - "27025:27017"
    # Volume for persistent database storage
    volumes:
      - mongodb_shard2_primary_data:/data/db
    # Command to start MongoDB as shard server with replica set
    command: ["--shardsvr", "--replSet", "shard2rs", "--bind_ip_all", "--port", "27017"]
    # Network configuration
    networks:
      - sbrs-network

  mongodb-shard2-secondary1:
    # Official MongoDB image version 8.0
    image: mongo:8.0
    # Container name for easy identification
    container_name: mongodb-shard2-secondary1
    # Hostname inside the container network
    hostname: mongodb-shard2-secondary1
    # Port mapping: host:container (27026 to avoid conflicts)
    ports:
      - "27026:27017"
    # Volume for persistent database storage
    volumes:
      - mongodb_shard2_secondary1_data:/data/db
    # Command to start MongoDB as shard server with replica set
    command: ["--shardsvr", "--replSet", "shard2rs", "--bind_ip_all", "--port", "27017"]
    # Network configuration
    networks:
      - sbrs-network

  mongodb-shard2-secondary2:
    # Official MongoDB image version 8.0
    image: mongo:8.0
    # Container name for easy identification
    container_name: mongodb-shard2-secondary2
    # Hostname inside the container network
    hostname: mongodb-shard2-secondary2
    # Port mapping: host:container (27027 to avoid conflicts)
    ports:
      - "27027:27017"
    # Volume for persistent database storage
    volumes:
      - mongodb_shard2_secondary2_data:/data/db
    # Command to start MongoDB as shard server with replica set
    command: ["--shardsvr", "--replSet", "shard2rs", "--bind_ip_all", "--port", "27017"]
    # Network configuration
    networks:
      - sbrs-network

  # Redis Cluster - Master nodes (minimum 3 for cluster)
  redis-master1:
    # Official Redis image version 7.2
    image: redis:7.2
    # Container name for easy identification
    container_name: redis-master1
    # Hostname inside the container network
    hostname: redis-master1
    # Port mapping: host:container (Redis cluster port)
    ports:
      - "7001:6379"   # Redis port (unique host port)
      - "17001:16379" # Redis cluster bus port (unique host port)
    # Volume for persistent data storage
    volumes:
      - redis_master1_data:/data
    # Command to start Redis in cluster mode
    command: ["redis-server", "--cluster-enabled", "yes", "--cluster-config-file", "nodes.conf", "--cluster-node-timeout", "5000", "--appendonly", "yes", "--bind", "0.0.0.0", "--port", "6379", "--cluster-announce-ip", "172.20.0.20", "--cluster-announce-port", "6379", "--cluster-announce-bus-port", "16379"]
    # Network configuration
    networks:
      sbrs-network:
        ipv4_address: 172.20.0.20

  redis-master2:
    # Official Redis image version 7.2
    image: redis:7.2
    # Container name for easy identification
    container_name: redis-master2
    # Hostname inside the container network
    hostname: redis-master2
    # Port mapping: host:container (Redis cluster port)
    ports:
      - "7002:6379"   # Redis port (unique host port)
      - "17002:16379" # Redis cluster bus port (unique host port)
    # Volume for persistent data storage
    volumes:
      - redis_master2_data:/data
    # Command to start Redis in cluster mode
    command: ["redis-server", "--cluster-enabled", "yes", "--cluster-config-file", "nodes.conf", "--cluster-node-timeout", "5000", "--appendonly", "yes", "--bind", "0.0.0.0", "--port", "6379", "--cluster-announce-ip", "172.20.0.21", "--cluster-announce-port", "6379", "--cluster-announce-bus-port", "16379"]
    # Network configuration
    networks:
      sbrs-network:
        ipv4_address: 172.20.0.21

  redis-master3:
    # Official Redis image version 7.2
    image: redis:7.2
    # Container name for easy identification
    container_name: redis-master3
    # Hostname inside the container network
    hostname: redis-master3
    # Port mapping: host:container (Redis cluster port)
    ports:
      - "7003:6379"   # Redis port (unique host port)
      - "17003:16379" # Redis cluster bus port (unique host port)
    # Volume for persistent data storage
    volumes:
      - redis_master3_data:/data
    # Command to start Redis in cluster mode
    command: ["redis-server", "--cluster-enabled", "yes", "--cluster-config-file", "nodes.conf", "--cluster-node-timeout", "5000", "--appendonly", "yes", "--bind", "0.0.0.0", "--port", "6379", "--cluster-announce-ip", "172.20.0.22", "--cluster-announce-port", "6379", "--cluster-announce-bus-port", "16379"]
    # Network configuration
    networks:
      sbrs-network:
        ipv4_address: 172.20.0.22

  # Redis Cluster - Slave nodes (optional, for high availability)
  redis-slave1:
    # Official Redis image version 7.2
    image: redis:7.2
    # Container name for easy identification
    container_name: redis-slave1
    # Hostname inside the container network
    hostname: redis-slave1
    # Port mapping: host:container (Redis cluster port)
    ports:
      - "7004:6379"   # Redis port (unique host port)
      - "17004:16379" # Redis cluster bus port (unique host port)
    # Volume for persistent data storage
    volumes:
      - redis_slave1_data:/data
    # Command to start Redis in cluster mode
    command: ["redis-server", "--cluster-enabled", "yes", "--cluster-config-file", "nodes.conf", "--cluster-node-timeout", "5000", "--appendonly", "yes", "--bind", "0.0.0.0", "--port", "6379", "--cluster-announce-ip", "172.20.0.23", "--cluster-announce-port", "6379", "--cluster-announce-bus-port", "16379"]
    # Network configuration
    networks:
      sbrs-network:
        ipv4_address: 172.20.0.23

  redis-slave2:
    # Official Redis image version 7.2
    image: redis:7.2
    # Container name for easy identification
    container_name: redis-slave2
    # Hostname inside the container network
    hostname: redis-slave2
    # Port mapping: host:container (Redis cluster port)
    ports:
      - "7005:6379"   # Redis port (unique host port)
      - "17005:16379" # Redis cluster bus port (unique host port)
    # Volume for persistent data storage
    volumes:
      - redis_slave2_data:/data
    # Command to start Redis in cluster mode
    command: ["redis-server", "--cluster-enabled", "yes", "--cluster-config-file", "nodes.conf", "--cluster-node-timeout", "5000", "--appendonly", "yes", "--bind", "0.0.0.0", "--port", "6379", "--cluster-announce-ip", "172.20.0.24", "--cluster-announce-port", "6379", "--cluster-announce-bus-port", "16379"]
    # Network configuration
    networks:
      sbrs-network:
        ipv4_address: 172.20.0.24

  redis-slave3:
    # Official Redis image version 7.2
    image: redis:7.2
    # Container name for easy identification
    container_name: redis-slave3
    # Hostname inside the container network
    hostname: redis-slave3
    # Port mapping: host:container (Redis cluster port)
    ports:
      - "7006:6379"   # Redis port (unique host port)
      - "17006:16379" # Redis cluster bus port (unique host port)
    # Volume for persistent data storage
    volumes:
      - redis_slave3_data:/data
    # Command to start Redis in cluster mode
    command: ["redis-server", "--cluster-enabled", "yes", "--cluster-config-file", "nodes.conf", "--cluster-node-timeout", "5000", "--appendonly", "yes", "--bind", "0.0.0.0", "--port", "6379", "--cluster-announce-ip", "172.20.0.25", "--cluster-announce-port", "6379", "--cluster-announce-bus-port", "16379"]
    # Network configuration
    networks:
      sbrs-network:
        ipv4_address: 172.20.0.25

  # Initialization service for setting up MongoDB, Keycloak, and Nginx configuration
  services-init:
    build:
      # Build context - scripts directory
      context: ./scripts
      # Dockerfile for initialization service
      dockerfile: Dockerfile.init
    # Image name and tag for the initialization service
    image: sbrs-init:latest
    # Container name for easy identification
    container_name: services-init
    # Service dependencies - wait for MongoDB cluster and Redis cluster to be ready
    depends_on:
      - mongodb-router
      - mongodb-config1
      - mongodb-config2
      - mongodb-config3
      - mongodb-shard1-primary
      - mongodb-shard1-secondary1
      - mongodb-shard1-secondary2
      - mongodb-shard2-primary
      - mongodb-shard2-secondary1
      - mongodb-shard2-secondary2
      - redis-master1
      - redis-master2
      - redis-master3
      - redis-slave1
      - redis-slave2
      - redis-slave3
      - keycloak
    # Network configuration
    networks:
      - sbrs-network
    # Environment variables for initialization configuration
    environment:
      # MongoDB Sharding Configuration
      - MONGODB_HOST=mongodb-router        # MongoDB router hostname for connection
      - MONGODB_PORT=27017                 # MongoDB router port for connection
      - MONGODB_CONFIG_SERVERS=mongodb-config1:27017,mongodb-config2:27017,mongodb-config3:27017  # Config servers list
      - MONGODB_SHARD_COUNT=2              # Number of shards in the cluster
      - MONGODB_REPLICA_COUNT=3            # Number of replicas per shard
      - MONGODB_SHARD1_NODES=mongodb-shard1-primary:27017,mongodb-shard1-secondary1:27017,mongodb-shard1-secondary2:27017  # Shard 1 nodes
      - MONGODB_SHARD2_NODES=mongodb-shard2-primary:27017,mongodb-shard2-secondary1:27017,mongodb-shard2-secondary2:27017  # Shard 2 nodes
      # Redis cluster nodes for cluster initialization
      - REDIS_CLUSTER_NODES=172.20.0.20:6379,172.20.0.21:6379,172.20.0.22:6379,172.20.0.23:6379,172.20.0.24:6379,172.20.0.25:6379  # List of Redis cluster nodes with IP addresses and ports
      # Redis cluster configuration
      - REDIS_CLUSTER_REPLICAS=1  # Number of replicas per master
      - REDIS_CLUSTER_REQUIRE_FULL_COVERAGE=no  # Allow cluster to work with missing nodes
      # Keycloak connection settings
      - KEYCLOAK_URL=http://keycloak:8080  # Keycloak server URL for realm management
      - KEYCLOAK_ADMIN=admin               # Keycloak admin username
      - KEYCLOAK_ADMIN_PASSWORD=admin      # Keycloak admin password
      # Keycloak realm name
      - REALM_NAME=soberis                 # Name of the Keycloak realm to create/configure
      # Retry configuration for service initialization
      - MAX_RETRIES=30                     # Maximum number of connection retries
      - RETRY_DELAY=5                      # Delay in seconds between retries
      # Keycloak realm configuration
      - REALM_ENABLED=true              # Enable the realm
      - REALM_DEFAULT_LOCALE=ru         # Default locale for the realm
      - REALM_SUPPORTED_LOCALES=ru      # Supported locales
      - REALM_I18N_ENABLED=true         # Enable internationalization
      # Default user configuration
      - DEFAULT_USER_USERNAME=admin_user    # Default admin username
      - DEFAULT_USER_PASSWORD=admin_user    # Default admin password
      - DEFAULT_USER_ENABLED=true           # Enable the default user
      - DEFAULT_USER_EMAIL_VERIFIED=true    # Mark email as verified
      # Client configuration for frontend application
      - CLIENT_ID=frontend                  # Client ID for the frontend
      - CLIENT_ENABLED=true                 # Enable the client
      - CLIENT_PUBLIC=true                  # Public client (no client secret required)
      - CLIENT_REDIRECT_URIS=http://localhost/*,https://localhost/*  # Allowed redirect URIs
      - CLIENT_WEB_ORIGINS=http://localhost,https://localhost        # Allowed web origins
      # Realm roles for authorization
      - REALM_ROLES=update_schema,import_schema,export_schema,read_specification,clear_cache,read_metrics,update_log_ttl,api_keys_management  # List of realm roles to create
      # Nginx configuration - Backend servers (dynamic load balancing)
      - BACKEND_SERVERS=soberis-1:8588,soberis-2:8588  # Backend server addresses
      - BACKEND_DEFAULT_WEIGHT=1                        # Default weight for load balancing
      - BACKEND_MAX_FAILS=3                             # Maximum failed attempts before marking server as unavailable
      - BACKEND_FAIL_TIMEOUT=30s                        # Timeout for failed server recovery
      - BACKEND_KEEPALIVE=32                            # Number of keepalive connections
      - BACKEND_KEEPALIVE_REQUESTS=100                  # Maximum requests per keepalive connection
      - BACKEND_KEEPALIVE_TIMEOUT=60s                   # Keepalive connection timeout
      # Nginx server configuration
      - NGINX_PORT=80                       # Nginx listening port
      - NGINX_SERVER_NAME=localhost         # Server name for nginx
      - NGINX_RESOLVER=127.0.0.11          # DNS resolver for nginx
      - NGINX_RESOLVER_VALID=30s           # DNS resolver cache validity
      - NGINX_STATUS_ALLOW_NETWORK=172.16.0.0/12  # Network allowed to access nginx status
      - NGINX_HEALTHCHECK_URL=http://localhost:80/  # Full healthcheck URL for nginx
      # Keycloak proxy configuration
      - KEYCLOAK_SERVER=keycloak           # Keycloak server hostname
      - KEYCLOAK_PORT=8080                 # Keycloak server port
      # Proxy buffer configuration for performance optimization
      - PROXY_BUFFER_SIZE=128k             # Initial buffer size for proxy responses
      - PROXY_BUFFERS_NUM=4                # Number of proxy buffers
      - PROXY_BUFFERS_SIZE=256k            # Size of each proxy buffer
      - PROXY_BUSY_BUFFERS_SIZE=256k       # Size of busy buffers
      # Proxy timeout configuration
      - PROXY_READ_TIMEOUT=60s             # Timeout for reading proxy response
      - PROXY_CONNECT_TIMEOUT=30s          # Timeout for connecting to proxy
      - PROXY_SEND_TIMEOUT=60s             # Timeout for sending to proxy
      # SBRS-specific proxy timeouts (longer for heavy operations)
      - SBRS_PROXY_READ_TIMEOUT=120s       # Extended read timeout for SBRS operations
      - SBRS_PROXY_CONNECT_TIMEOUT=30s     # Connection timeout for SBRS
      - SBRS_PROXY_SEND_TIMEOUT=120s       # Extended send timeout for SBRS operations
      # Upstream failover configuration
      - PROXY_NEXT_UPSTREAM_TRIES=2        # Number of tries for next upstream server
      - PROXY_NEXT_UPSTREAM_TIMEOUT=100s    # Timeout for next upstream attempt
      # Static files cache configuration
      - STATIC_FILES_CACHE_EXPIRES=1y      # Cache expiration time for static files
      # SSL configuration (set SSL_ENABLED=true to enable HTTPS)
      - SSL_ENABLED=true                   # Enable SSL/TLS
      - SSL_CERT_PATH=/shared/ssl/server.crt  # SSL certificate path
      - SSL_KEY_PATH=/shared/ssl/server.key   # SSL private key path
      # SSL certificate generation parameters
      - SSL_COUNTRY=RU                     # Country for SSL certificate
      - SSL_STATE=Moscow                   # State/Province for SSL certificate
      - SSL_CITY=Moscow                    # City for SSL certificate
      - SSL_ORG=Soberis                    # Organization for SSL certificate
      - SSL_ORG_UNIT=IT                    # Organizational unit for SSL certificate
      - SSL_COMMON_NAME=localhost          # Common name for SSL certificate
      - SSL_EMAIL=admin@soberis.com        # Email for SSL certificate
      - SSL_DAYS=365                       # SSL certificate validity period in days
      - SSL_KEY_SIZE=2048                  # SSL private key size in bits
      - SSL_CIPHER_SUITE=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA  # SSL cipher suite
      # Nginx main configuration variables
      - NGINX_WORKER_CONNECTIONS=1024      # Worker connections for nginx
      - NGINX_KEEPALIVE_TIMEOUT=65         # Keepalive timeout for nginx
      - NGINX_TYPES_HASH_MAX_SIZE=2048     # Types hash max size for nginx
      - NGINX_GZIP_ENABLED=on              # Enable gzip compression
      - NGINX_GZIP_COMP_LEVEL=6            # Gzip compression level
      - NGINX_GZIP_MIN_LENGTH=1000         # Minimum length for gzip compression
    # Volume mounts for sharing configuration and certificates
    volumes:
      - nginx-config:/shared/nginx         # Nginx configuration sharing
      - ssl-certs:/shared/ssl              # SSL certificates sharing
      - ./certificate:/certificate:ro      # Certificate files (read-only)
    # Restart policy - restart on failure
    restart: on-failure

  # Keycloak authentication and authorization server
  keycloak:
    # Official Keycloak image version 26.2
    image: quay.io/keycloak/keycloak:26.2
    # Container name for easy identification
    container_name: keycloak
    # Hostname inside the container network
    hostname: keycloak
    # Port mapping: host:container (default Keycloak port)
    ports:
      - "8080:8080"
    # Environment variables for Keycloak configuration
    environment:
      # Bootstrap admin user credentials
      - KC_BOOTSTRAP_ADMIN_USERNAME=admin # Bootstrap admin username
      - KC_BOOTSTRAP_ADMIN_PASSWORD=admin # Bootstrap admin password
      # Database configuration
      - KC_DB=postgres                     # Database type
      - KC_DB_URL=jdbc:postgresql://keycloak-db:5432/keycloak  # Database connection URL
      - KC_DB_USERNAME=keycloak            # Database username
      - KC_DB_PASSWORD=keycloak            # Database password
      # Localization settings
      - KC_LOCALE=ru                       # Default locale
      - KC_LOCALE_DEFAULT=ru               # Default locale setting
      - KC_DEFAULT_LOCALE=ru               # System default locale
      - KC_SUPPORTED_LOCALES=ru            # Supported locales
      # Hostname and security settings
      - KC_HOSTNAME_STRICT=false           # Disable strict hostname checking
      - KC_HOSTNAME_STRICT_HTTPS=false     # Disable strict HTTPS hostname checking
      - KC_HTTP_ENABLED=true               # Enable HTTP (for development)
      - KC_PROXY_HEADERS=xforwarded        # Handle X-Forwarded headers from proxy
      # External URLs for Keycloak
      - KC_HOSTNAME_URL=https://localhost        # Public URL for Keycloak
      - KC_HOSTNAME_ADMIN_URL=https://localhost  # Admin console URL
    # Service dependencies - wait for database to be ready
    depends_on:
      - keycloak-db
    # Command to start Keycloak in development mode
    command:
      - start-dev
    # Network configuration
    networks:
      - sbrs-network

  # First instance of the Soberis backend application
  soberis-1:
    build:
      # Build context - backend directory
      context: ./backend
      # Dockerfile for building the backend application
      dockerfile: Dockerfile
    # Container name for easy identification
    container_name: soberis-1
    # Hostname inside the container network
    hostname: soberis-1
    # Port mapping: host:container (main backend port)
    ports:
      - "8588:8588"
      - "8888:8888"
    # Environment variables for application configuration
    environment:
      # Application license key
      - SBRS_LICENSE_KEY=
      # Spring Boot profile for Docker environment
      - SPRING_PROFILES_ACTIVE=docker
      # MongoDB connection configuration (using mongos router for sharded cluster)
      - SPRING_DATA_MONGODB_URI=mongodb://mongodb-router:27017/  # MongoDB connection URI
      - SPRING_DATA_MONGODB_DATABASE=sbrs_data_db          # Main application database
      - SBRS_EVENT_LOG_DATABASE_NAME=sbrs_event_log_db     # Event logging database
      - SBRS_SERVICE_LOG_DATABASE_NAME=sbrs_service_log_db # Service logging database
      - SBRS_SERVER_LOG_DATABASE_NAME=sbrs_server_log_db   # Server logging database
      # Redis connection configuration (cluster mode)
      - SPRING_DATA_REDIS_CLUSTER_NODES=172.20.0.20:6379,172.20.0.21:6379,172.20.0.22:6379,172.20.0.23:6379,172.20.0.24:6379,172.20.0.25:6379  # Redis cluster nodes list
      - SPRING_DATA_REDIS_CLUSTER_MAX_REDIRECTS=5  # Maximum cluster redirects
      - SPRING_DATA_REDIS_TIMEOUT=30000ms   # Redis operation timeout
      - SPRING_DATA_REDIS_CONNECT_TIMEOUT=15000ms  # Redis connection timeout
      # Redis connection pool configuration
      - SPRING_DATA_REDIS_JEDIS_POOL_MAX_ACTIVE=20  # Maximum active connections
      - SPRING_DATA_REDIS_JEDIS_POOL_MAX_IDLE=8     # Maximum idle connections
      - SPRING_DATA_REDIS_JEDIS_POOL_MIN_IDLE=2     # Minimum idle connections
      - SPRING_DATA_REDIS_JEDIS_POOL_MAX_WAIT=15000ms # Maximum wait time for connection
      # Additional Redis cluster configuration for better stability
      - SPRING_DATA_REDIS_CLUSTER_REFRESH_PERIOD=30000ms  # Cluster topology refresh period
      - SPRING_DATA_REDIS_CLUSTER_ADAPTIVE_REFRESH=true   # Enable adaptive refresh
      - SPRING_DATA_REDIS_CLUSTER_REFRESH_TRIGGERS=MOVED_REDIRECT,ASK_REDIRECT  # Refresh triggers
      # Lettuce connection pool settings (primary Redis client)
      - SPRING_DATA_REDIS_LETTUCE_POOL_MAX_ACTIVE=20      # Maximum active connections
      - SPRING_DATA_REDIS_LETTUCE_POOL_MAX_IDLE=8         # Maximum idle connections
      - SPRING_DATA_REDIS_LETTUCE_POOL_MIN_IDLE=2         # Minimum idle connections
      - SPRING_DATA_REDIS_LETTUCE_POOL_MAX_WAIT=15000ms   # Maximum wait time for connection
      - SPRING_DATA_REDIS_LETTUCE_CLUSTER_REFRESH_PERIOD=30000ms  # Lettuce cluster refresh period
      # OAuth2 JWT configuration for authentication
      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=https://localhost/realms/soberis  # JWT issuer URI for token validation
      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/realms/soberis/protocol/openid-connect/certs  # JWK Set URI for token verification
      # Application-specific configuration
      - SBRS_API_SERVER_URL=http://soberis-1:8588           # This instance's API URL
      - SBRS_INSTANCE_URL_PATTERN=http://soberis-{instance}:8588  # URL pattern for multiple instances
      - SBRS_API_TOKEN_VALIDATION_ENABLED=true             # Enable API token validation
    # Service dependencies - wait for required services to be ready
    depends_on:
      - mongodb-router
      - redis-master1
      - redis-master2
      - redis-master3
      - keycloak
      - services-init
    # Restart policy - restart unless manually stopped
    restart: unless-stopped
    # Extra host mappings for Docker Desktop compatibility
    extra_hosts:
      - "host.docker.internal:host-gateway"
    # Network configuration
    networks:
      - sbrs-network

  # Second instance of the Soberis backend application for load balancing
  soberis-2:
    build:
      # Build context - backend directory
      context: ./backend
      # Dockerfile for building the backend application
      dockerfile: Dockerfile
    # Container name for easy identification
    container_name: soberis-2
    # Hostname inside the container network
    hostname: soberis-2
    # Port mapping: host:container (alternative backend port)
    ports:
      - "8589:8588"
      - "8889:8888"
    # Environment variables for application configuration
    environment:
      # Application license key
      - SBRS_LICENSE_KEY=
      # Spring Boot profile for Docker environment
      - SPRING_PROFILES_ACTIVE=docker
      # MongoDB connection configuration (using mongos router for sharded cluster)
      - SPRING_DATA_MONGODB_URI=mongodb://mongodb-router:27017/  # MongoDB connection URI
      - SPRING_DATA_MONGODB_DATABASE=sbrs_data_db          # Main application database
      - SBRS_EVENT_LOG_DATABASE_NAME=sbrs_event_log_db     # Event logging database
      - SBRS_SERVICE_LOG_DATABASE_NAME=sbrs_service_log_db # Service logging database
      - SBRS_SERVER_LOG_DATABASE_NAME=sbrs_server_log_db   # Server logging database
      # Redis connection configuration (cluster mode)
      - SPRING_DATA_REDIS_CLUSTER_NODES=172.20.0.20:6379,172.20.0.21:6379,172.20.0.22:6379,172.20.0.23:6379,172.20.0.24:6379,172.20.0.25:6379  # Redis cluster nodes list
      - SPRING_DATA_REDIS_CLUSTER_MAX_REDIRECTS=5  # Maximum cluster redirects
      - SPRING_DATA_REDIS_TIMEOUT=30000ms   # Redis operation timeout
      - SPRING_DATA_REDIS_CONNECT_TIMEOUT=15000ms  # Redis connection timeout
      # Redis connection pool configuration
      - SPRING_DATA_REDIS_JEDIS_POOL_MAX_ACTIVE=20  # Maximum active connections
      - SPRING_DATA_REDIS_JEDIS_POOL_MAX_IDLE=8     # Maximum idle connections
      - SPRING_DATA_REDIS_JEDIS_POOL_MIN_IDLE=2     # Minimum idle connections
      - SPRING_DATA_REDIS_JEDIS_POOL_MAX_WAIT=15000ms # Maximum wait time for connection
      # Additional Redis cluster configuration for better stability
      - SPRING_DATA_REDIS_CLUSTER_REFRESH_PERIOD=30000ms  # Cluster topology refresh period
      - SPRING_DATA_REDIS_CLUSTER_ADAPTIVE_REFRESH=true   # Enable adaptive refresh
      - SPRING_DATA_REDIS_CLUSTER_REFRESH_TRIGGERS=MOVED_REDIRECT,ASK_REDIRECT  # Refresh triggers
      # Lettuce connection pool settings (primary Redis client)
      - SPRING_DATA_REDIS_LETTUCE_POOL_MAX_ACTIVE=20      # Maximum active connections
      - SPRING_DATA_REDIS_LETTUCE_POOL_MAX_IDLE=8         # Maximum idle connections
      - SPRING_DATA_REDIS_LETTUCE_POOL_MIN_IDLE=2         # Minimum idle connections
      - SPRING_DATA_REDIS_LETTUCE_POOL_MAX_WAIT=15000ms   # Maximum wait time for connection
      - SPRING_DATA_REDIS_LETTUCE_CLUSTER_REFRESH_PERIOD=30000ms  # Lettuce cluster refresh period
      # OAuth2 JWT configuration for authentication
      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=https://localhost/realms/soberis  # JWT issuer URI for token validation
      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/realms/soberis/protocol/openid-connect/certs  # JWK Set URI for token verification
      # Application-specific configuration
      - SBRS_API_SERVER_URL=http://soberis-2:8588           # This instance's API URL
      - SBRS_INSTANCE_URL_PATTERN=http://soberis-{instance}:8588  # URL pattern for multiple instances
      - SBRS_API_TOKEN_VALIDATION_ENABLED=true             # Enable API token validation
    # Service dependencies - wait for required services to be ready
    depends_on:
      - mongodb-router
      - redis-master1
      - redis-master2
      - redis-master3
      - keycloak
      - services-init
    # Restart policy - restart unless manually stopped
    restart: unless-stopped
    # Extra host mappings for Docker Desktop compatibility
    extra_hosts:
      - "host.docker.internal:host-gateway"
    # Network configuration
    networks:
      - sbrs-network

# Named volumes for persistent data storage
volumes:
  keycloak-db-data:      # PostgreSQL data for Keycloak
  mongodb_config1_data:  # MongoDB config server 1 data
  mongodb_config2_data:  # MongoDB config server 2 data
  mongodb_config3_data:  # MongoDB config server 3 data
  mongodb_shard1_primary_data:  # MongoDB shard 1 primary data
  mongodb_shard1_secondary1_data:  # MongoDB shard 1 secondary 1 data
  mongodb_shard1_secondary2_data:  # MongoDB shard 1 secondary 2 data
  mongodb_shard2_primary_data:  # MongoDB shard 2 primary data
  mongodb_shard2_secondary1_data:  # MongoDB shard 2 secondary 1 data
  mongodb_shard2_secondary2_data:  # MongoDB shard 2 secondary 2 data
  redis_master1_data:    # Redis data for master node 1
  redis_master2_data:    # Redis data for master node 2
  redis_master3_data:    # Redis data for master node 3
  redis_slave1_data:     # Redis data for slave node 1
  redis_slave2_data:     # Redis data for slave node 2
  redis_slave3_data:     # Redis data for slave node 3
  nginx-config:          # Nginx configuration files
  ssl-certs:             # SSL certificates for HTTPS

# Custom network for service communication
networks:
  sbrs-network:
    driver: bridge   # Bridge network driver for container communication
    # IP Address Management configuration
    ipam:
      config:
        # Network subnet range for container IP assignment
        - subnet: 172.20.0.0/16
          # Default gateway for the network
          gateway: 172.20.0.1
Шаг 4. Настройка конфигурации

Откройте созданный файл docker-compose.yml в текстовом редакторе и настройте следующие параметры:

4.1. Лицензионный ключ
# Укажите лицензионный ключ в переменной окружения для сервисов soberis-1 и soberis-2:
environment:
- SBRS_LICENSE_KEY=ВАШ_ЛИЦЕНЗИОННЫЙ_КЛЮЧ
4.2. Доменное имя (опционально)
# Если у вас есть доменное имя, замените localhostна ваш домен в следующих переменных:
# В build args для nginx-1 и nginx-2
args:
VITE_KEYCLOAK_URL: https://ваш-домен.com
VITE_HTTP_CLIENT_BASE_URL: https://ваш-домен.com
VITE_SPECIFICATION_SERVER_URL: https://ваш-домен.com

# В environment для services-init
- NGINX_SERVER_NAME=ваш-домен.com
- SSL_COMMON_NAME=ваш-домен.com
4.3. Порты (при необходимости измените порты для исключения конфликтов)
Шаг 5. Запуск контейнеров
# Перейдите в директорию с файлом docker-compose.yml и запустите систему:
# Переход в директорию с docker-compose.yml
cd path/to/your/soberis

# Запуск всех сервисов
docker-compose up -d

# Просмотр логов (опционально)
docker-compose logs -f

# Проверка статуса контейнеров
docker-compose ps
Первый запуск может занять 5-10 минут, так как система выполняет инициализацию MongoDB кластера, Redis кластера, настройку Keycloak и генерацию SSL сертификатов.
5.1. Последовательность запуска
Система автоматически управляет последовательностью запуска компонентов:
  1. Базы данных: PostgreSQL для Keycloak, MongoDB кластер, Redis кластер
  2. Keycloak: Сервер аутентификации
  3. Services-init: Инициализация и настройка всех сервисов
  4. Backend: API сервисы SOBERIS (soberis-1, soberis-2)
  5. Frontend: Веб-интерфейс (nginx-1, nginx-2)
Шаг 6. Проверка установки
После успешной инициализации всех компонентов откройте в браузере:
HTTPS: https://localhost
HTTP: http://localhost
Дополнительный экземпляр: https://localhost:8443
6.1. Для входа в систему используйте учетные данные по умолчанию:
Логин: admin_user
Пароль: admin_user
Шаг 7. Управление пользователями (опционально)
Для расширенного управления пользователями можно воспользоваться административной панелью Keycloak:
URL: http://localhost:8080/admin
Логин: admin
Пароль: admin
Realm: soberis
7.1. Создание нового пользователя
1. Войдите в админку Keycloak под учетной записью admin
2. Выберите realm "soberis" в выпадающем списке
3. Перейдите в раздел "Users" в левом меню
4. Нажмите кнопку "Create new user"
5. Заполните обязательные поля:
    • Username - имя пользователя для входа
    • Email - адрес электронной почты
    • First name и Last name - имя и фамилия
6. Установите галочку "Email verified" если не требуется подтверждение
7. Нажмите "Create"
8. Перейдите на вкладку "Credentials" и установите пароль
9. На вкладке "Role mapping" назначьте необходимые роли:
    • update_schema - создание и редактирование схем
    • import_schema / export_schema - импорт/экспорт схем
    • read_specification - просмотр спецификации API
    • clear_cache - очистка кэша
    • read_metrics - просмотр метрик системы
    • update_log_ttl - управление временем жизни логов
    • api_keys_management - управление API ключами
Полезные команды
# Остановка всех сервисов
docker-compose down

# Остановка с удалением volumes (осторожно - удалит все данные!)
docker-compose down -v

# Перезапуск конкретного сервиса
docker-compose restart soberis-1

# Просмотр логов конкретного сервиса
docker-compose logs -f soberis-1

# Выполнение команды в контейнере
docker-compose exec soberis-1 bash

# Обновление образов
docker-compose pull
  • При первом запуске система генерирует самоподписанные SSL сертификаты
  • Браузер может показать предупреждение о безопасности - это нормально для самоподписанных сертификатов
  • Для production-среды рекомендуется использовать сертификаты от доверенного центра сертификации
  • Регулярно создавайте резервные копии volumes с данными MongoDB и PostgreSQL
Made on
Tilda