mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-10 16:33:11 -06:00
Code Issues Packages Projects Releases Wiki Activity

docker: Add build and full compose setup

Browse source
This commit is contained in:
Robert Swain 2017-06-26 14:40:43 +02:00
parent ab16fe54fc
commit a646255def
9 changed files with 328 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
docker-build.sh Executable file
View file

@ -0,0 +1,21 @@
#!/bin/bash
set -e
GOOS=linux GOARCH=amd64 gb build
mkdir -p docker/bin
cp bin/*linux-amd64 docker/bin/
cd docker
for cli in {client,federation}-api-proxy dendrite-{{client,federation,media,sync}-api,room}-server; do
dockerfile=Dockerfile.$cli
cat <<EOF > $dockerfile
FROM scratch
COPY bin/$cli-linux-amd64 $cli
ENTRYPOINT ["/$cli"]
EOF
docker build -t $cli -f $dockerfile .
rm $dockerfile
done

21
docker-compose.yml
View file

@ -1,21 +0,0 @@
version: '2'
services:
zookeeper:
image: wurstmeister/zookeeper
ports:
- "2181:2181"
kafka:
image: wurstmeister/kafka:0.10.2.0
ports:
- "9092:9092"
environment:
KAFKA_ADVERTISED_HOST_NAME: localhost
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
volumes:
- /var/run/docker.sock:/var/run/docker.sock
postgres:
image: postgres:9.6
ports:
- "5432:5432"
environment:
POSTGRES_PASSWORD: SUPERSECRETPASSWORD

1
docker/.env Normal file
View file

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=dendrite

3
docker/.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
Dockerfile*
bin/
certs/

33
docker/README.md Normal file
View file

@ -0,0 +1,33 @@
# dendrite in docker
## Building images
At the top level of the dendrite repository there is a `docker-build.sh` script that builds all necessary docker images for running the `docker-compose.yaml` deployment here.
## Configuration
There are a few aspects to configuration of a dendrite deployment for docker-compose:
* `dendrite-config.yaml`
* certificates
* environment variables
### `dendrite-config.yaml`
An example `dendrite-config.yaml` is included here. Modify the `server_name` as needed but the rest should just work.
### certificates
Certificates can be generated by running `generate-keys.sh` that is in this directory.
### Environment variables
The following environment variables **MUST** be set when running `docker-compose` in order for everything to work properly:
* `POSTGRES_PASSWORD` - set this to something secret
Note: `COMPOSE_PROJECT_NAME` is set to `dendrite` in the `.env` file in this directory so that containers will be called `dendrite_<service>_1`.
## Running
From this directory, run `POSTGRES_PASSWORD=YOURSECRET docker-compose up -d`. The client-api-proxy will be exposed on `https://0.0.0.0:8443` and the federation-api-proxy on `https://0.0.0.0:8449`.

73
docker/dendrite-config.yaml Normal file
View file

@ -0,0 +1,73 @@
# The config file version format
version: v0
# The matrix specific config
matrix:
# The name of the server. This is usually the domain name, e.g 'matrix.org', 'localhost'.
server_name: "localhost"
# The path to the PEM formatted matrix private key.
private_key: "/certs/matrix_key.pem"
# The x509 certificates used by the federation listeners for this server
federation_certificates: ["/certs/server.crt"]
# The media repository config
media:
# The base path to where the media files will be stored. May be relative or absolute.
base_path: /media
# The maximum file size in bytes that is allowed to be stored on this server.
# Note: if max_file_size_bytes is set to 0, the size is unlimited.
# Note: if max_file_size_bytes is not set, it will default to 10485760 (10MB)
max_file_size_bytes: 10485760
# Whether to dynamically generate thumbnails on-the-fly if the requested resolution is not already generated
# NOTE: This is a possible denial-of-service attack vector - use at your own risk
dynamic_thumbnails: false
# A list of thumbnail sizes to be pre-generated for downloaded remote / uploaded content
# method is one of crop or scale. If omitted, it will default to scale.
# crop scales to fill the requested dimensions and crops the excess.
# scale scales to fit the requested dimensions and one dimension may be smaller than requested.
thumbnail_sizes:
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 320
height: 240
method: scale
- width: 640
height: 480
method: scale
- width: 800
height: 600
method: scale
# The config for communicating with kafka
kafka:
# Where the kafka servers are running.
addresses: ["kafka:9092"]
# The names of the kafka topics to use.
topics:
input_room_event: roomserverInput
output_room_event: roomserverOutput
# The postgres connection configs for connecting to the databases e.g a postgres:// URI
database:
account: "postgres://postgres@postgres/dendrite_account?sslmode=disable"
device: "postgres://postgres@postgres/dendrite_device?sslmode=disable"
media_api: "postgres://postgres@postgres/dendrite_media_api?sslmode=disable"
sync_api: "postgres://postgres@postgres/dendrite_sync_api?sslmode=disable"
room_server: "postgres://postgres@postgres/dendrite_room_server?sslmode=disable"
server_key: "postgres://postgres@postgres/dendrite_server_key?sslmode=disable"
# The TCP host:port pairs to bind the internal HTTP APIs to.
# These shouldn't be exposed to the public internet.
listen:
room_server: "room-server:7770"
client_api: "client-api-server:7771"
federation_api: "federation-api-server:7772"
sync_api: "sync-api-server:7773"
media_api: "media-api-server:7774"

170
docker/docker-compose.yaml Normal file
View file

@ -0,0 +1,170 @@
version: '3'
services:
zookeeper:
image: wurstmeister/zookeeper
networks:
- backend
expose:
- "2181"
restart: unless-stopped
kafka:
image: wurstmeister/kafka:0.10.2.0
environment:
KAFKA_ADVERTISED_HOST_NAME: kafka
KAFKA_ADVERTISED_PORT: "9092"
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- backend
expose:
- "9092"
depends_on:
- zookeeper
restart: unless-stopped
postgres:
image: postgres:9.6
environment:
POSTGRES_PASSWORD: $POSTGRES_PASSWORD
volumes:
- ./init-dendrite-dbs.sh:/docker-entrypoint-initdb.d/init-dendrite-dbs.sh
- $HOME/dendrite/postgres:/var/lib/postgresql/data
networks:
- backend
ports:
- "5432:5432"
restart: unless-stopped
client-api-proxy:
image: client-api-proxy
command: >-
--sync-api-server-url http://sync-api-server:7773
--client-api-server-url http://client-api-server:7771
--media-api-server-url http://media-api-server:7774
--bind-address 0.0.0.0:8443
--tls-cert /certs/server.crt
--tls-key /certs/server.key
volumes:
- ./certs:/certs
networks:
- frontend
- backend
ports:
- "8443:8443"
depends_on:
- sync-api-server
- client-api-server
- media-api-server
restart: unless-stopped
federation-api-proxy:
image: federation-api-proxy
command: >-
--federation-api-url http://federation-api-server:7772
--bind-address 0.0.0.0:8449
--tls-cert /certs/server.crt
--tls-key /certs/server.key
# --media-api-url http://media-api-server:7774
volumes:
- ./certs:/certs
networks:
- frontend
- backend
ports:
- "8449:8449"
depends_on:
- federation-api-server
restart: unless-stopped
room-server:
image: dendrite-room-server
command: --config /dendrite-config.yaml
environment:
PGHOST: postgres
PGPASSWORD: $POSTGRES_PASSWORD
volumes:
- ./dendrite-config.yaml:/dendrite-config.yaml
- ./certs:/certs
networks:
- backend
expose:
- "7770"
depends_on:
- postgres
- kafka
restart: unless-stopped
client-api-server:
image: dendrite-client-api-server
command: --config /dendrite-config.yaml
environment:
PGHOST: postgres
PGPASSWORD: $POSTGRES_PASSWORD
volumes:
- ./dendrite-config.yaml:/dendrite-config.yaml
- ./certs:/certs
networks:
- backend
expose:
- "7771"
depends_on:
- postgres
- kafka
- room-server
restart: unless-stopped
federation-api-server:
image: dendrite-federation-api-server
command: --config /dendrite-config.yaml
environment:
PGHOST: postgres
PGPASSWORD: $POSTGRES_PASSWORD
volumes:
- ./dendrite-config.yaml:/dendrite-config.yaml
- ./certs:/certs
networks:
- backend
expose:
- "7772"
depends_on:
- postgres
- kafka
- room-server
restart: unless-stopped
sync-api-server:
image: dendrite-sync-api-server
command: --config /dendrite-config.yaml
environment:
PGHOST: postgres
PGPASSWORD: $POSTGRES_PASSWORD
volumes:
- ./dendrite-config.yaml:/dendrite-config.yaml
- ./certs:/certs
networks:
- backend
expose:
- "7773"
depends_on:
- postgres
- kafka
- room-server
restart: unless-stopped
media-api-server:
image: dendrite-media-api-server
command: --config /dendrite-config.yaml
environment:
PGHOST: postgres
PGPASSWORD: $POSTGRES_PASSWORD
volumes:
- ./dendrite-config.yaml:/dendrite-config.yaml
- ./certs:/certs
- $HOME/dendrite/media:/media
networks:
- backend
expose:
- "7774"
depends_on:
- postgres
- kafka
restart: unless-stopped
networks:
backend:
frontend:

17
docker/generate-keys.sh Executable file
View file

@ -0,0 +1,17 @@
#!/bin/bash
set -e
# generate self-signed SSL cert (unlike synapse, dendrite doesn't autogen yet)
# N.B. to specify the right CN if needed
test -f certs/server.key || openssl req -x509 -newkey rsa:4096 -keyout certs/server.key -out certs/server.crt -days 3650 -nodes -subj /CN=$(hostname)
# generate ed25519 signing key
test -f certs/matrix_key.pem || python > certs/matrix_key.pem <<EOF
import base64;
r = lambda n: base64.b64encode(open("/dev/urandom", "rb").read(n)).decode("utf8");
print "-----BEGIN MATRIX PRIVATE KEY-----"
print "Key-ID:", "ed25519:" + r(3).rstrip("=")
print r(32)
print "-----END MATRIX PRIVATE KEY-----"
EOF

10
docker/init-dendrite-dbs.sh Executable file
View file

@ -0,0 +1,10 @@
#!/bin/bash
set -e
sql_command=""
for i in account device media_api sync_api room_server server_key federation_sender; do
db="dendrite_$i"
sql_command="$sql_command CREATE DATABASE $db;"
done
echo "$sql_command" | psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER"