certification-tool/docker-compose.yml at main · project-chip/certification-tool · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

 #
 # Copyright (c) 2023 Project CHIP Authors
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
services:

  proxy:
    image: traefik:v3.6.1
    extra_hosts:
      - "host.docker.internal:host-gateway"
    ports:
      - "80:80"
      - "8090:8080"
    networks:
      - ${TRAEFIK_PUBLIC_NETWORK?Variable not set}
      - default
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./backend:/app
      - ./traefik_dynamic.yml:/etc/traefik/traefik_dynamic.yml
    command:
      # Enable Docker in Traefik, so that it reads labels from Docker services
      - --providers.docker
      # Add a constraint to only use services with the label for this stack
      # from the env var TRAEFIK_TAG
      - --providers.docker.constraints=Label(`traefik.constraint-label-stack`, `${TRAEFIK_TAG?Variable not set}`)
      # Do not expose all Docker services, only the ones explicitly exposed
      - --providers.docker.exposedbydefault=false
      # Enable file provider for push-av server
      - --providers.file.filename=/etc/traefik/traefik_dynamic.yml
      # insecureSkipVerify is now configured per-service in traefik_dynamic.yml
      # using serversTransports for push_av_server which uses a self-signed certificate
      # Define entrypoints
      - --entrypoints.web.address=:80
      - --entrypoints.traefik.address=:8080
      # Enable the access log, with HTTP requests
      - --accesslog
      # Enable the Traefik log, for configurations and errors
      - --log
      # Enable the Dashboard and API
      - --api
      # Enable the Dashboard and API in insecure mode for local development
      - --api.insecure=true
    labels:
      - traefik.enable=true
      - traefik.http.routers.${STACK_NAME?Variable not set}-traefik-public-http.rule=Host(`${DOMAIN?Variable not set}`)
      - traefik.http.services.${STACK_NAME?Variable not set}-traefik-public.loadbalancer.server.port=80

    deploy:
      placement:
        constraints:
          - node.role == manager

  db:
    image: postgres:12
    ports:
      - "5432:5432"
    volumes:
      - app-db-data:/var/lib/postgresql/data/pgdata
    env_file:
      - .env
    environment:
      - PGDATA=/var/lib/postgresql/data/pgdata
    deploy:
      placement:
        constraints:
          - node.labels.${STACK_NAME?Variable not set}.app-db-data == true

  backend:
    image: 'ghcr.io/project-chip/csa-certification-tool-backend:2ac562d'

    ports:
      - "8888:8888"
      - "50000:50000"
      - "5000:5000/udp" #To receive H264 packets from camera-controller
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /usr/bin/docker:/usr/bin/docker
      - /var/run/dbus:/var/run/dbus
      - ./backend/test_collections:/app/test_collections # mount test_collections in container
    depends_on:
      - db
    env_file:
      - .env
    environment:
      - SERVER_NAME=${DOMAIN?Variable not set}
      - SERVER_HOST=https://${DOMAIN?Variable not set}
      - BACKEND_FILEPATH_ON_HOST=${BACKEND_FILEPATH_ON_HOST}
    privileged: true
    build:
      context: ./backend
    command: bash -c "./prestart.sh; python3 ./app/main.py"
    labels:
      - traefik.enable=true
      - traefik.constraint-label-stack=${TRAEFIK_TAG?Variable not set}
      - traefik.http.routers.${STACK_NAME?Variable not set}-backend-http.rule=PathPrefix(`/api`) || PathPrefix(`/docs`) || PathPrefix(`/redoc`)
      - traefik.http.services.${STACK_NAME?Variable not set}-backend.loadbalancer.server.port=80

  frontend:
    image: 'ghcr.io/project-chip/csa-certification-tool-frontend:5be5818'
    build:
      context: ./frontend
    labels:
      - traefik.enable=true
      - traefik.constraint-label-stack=${TRAEFIK_TAG?Variable not set}
      - traefik.http.routers.${STACK_NAME?Variable not set}-frontend-http.rule=PathPrefix(`/`)
      - traefik.http.services.${STACK_NAME?Variable not set}-frontend.loadbalancer.server.port=4200
volumes:
  app-db-data:

networks:
  traefik-public:
    # Allow setting it to false for testing
    external: ${TRAEFIK_PUBLIC_NETWORK_IS_EXTERNAL-false}
  default:
    name: chip-default
    enable_ipv6: true
    ipam:
      driver: default
      config:
        # Use fd00:MATTER::/64 ULA prefix which does not collide with the default OTBR one
        - subnet: fd00:6d61:7474:6572::/64