diff --git a/swarm/apps.yml b/swarm/apps.yml index 92dd4e3..1ec2165 100644 --- a/swarm/apps.yml +++ b/swarm/apps.yml @@ -7,8 +7,10 @@ x-environment: &app-environment volumes: bai_cache: {} pgadmin: {} - privatebin_data: {} - thelounge_data: {} + +networks: + traefik-public: + external: true services: @@ -26,26 +28,18 @@ services: restart: unless-stopped depends_on: - postgres - expose: - - 8080 networks: - traefik-public deploy: labels: - - "traefik.enable=true" - - "traefik.http.routers.adminer.entrypoints=web-secure" - - "traefik.http.routers.adminer.rule=Host(`adminer.${DOMAIN}`) || Host(`dbadmin.${DOMAIN}`)" - - "traefik.http.routers.adminer.tls.certresolver=letsencrypt" - - "traefik.http.routers.adminer.service=adminer_app" - - "traefik.http.services.adminer_app.loadbalancer.server.port=8080" - labels: - - "traefik.enable=true" - - "traefik.http.routers.adminer.entrypoints=web-secure" - - "traefik.http.routers.adminer.rule=Host(`adminer.${DOMAIN}`) || Host(`dbadmin.${DOMAIN}`)" - - "traefik.http.routers.adminer.middlewares=csrf@file" - - "traefik.http.routers.adminer.tls.certresolver=letsencrypt" - - "traefik.http.routers.adminer.service=adminer_app" - - "traefik.http.services.adminer_app.loadbalancer.server.port=8080" + - traefik.enable=true + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public + - traefik.http.routers.adminer.entrypoints=https + - traefik.http.routers.adminer.rule=Host(`adminer.${DOMAIN}`) || Host(`dbadmin.${DOMAIN}`) + - traefik.http.routers.adminer.tls.certresolver=le + - traefik.http.routers.adminer.service=adminer_app + - traefik.http.services.adminer_app.loadbalancer.server.port=8080 heynote_app: image: furyhawk/heynote:${HEYNOTETAG:-latest} @@ -53,18 +47,18 @@ services: environment: NODE_ENV: production DOMAIN: ${DOMAIN} - expose: - - 5173 networks: - - net - labels: - - "traefik.enable=true" - - "traefik.http.routers.heynote.entrypoints=web-secure" - - "traefik.http.routers.heynote.rule=HostRegexp(`note[0-9]{0,2}.${DOMAIN}`) || Host(`pad.${DOMAIN}`)" - - "traefik.http.routers.heynote.middlewares=csrf@file" - - "traefik.http.routers.heynote.tls.certresolver=letsencrypt" - - "traefik.http.routers.heynote.service=heynote_app" - - "traefik.http.services.heynote_app.loadbalancer.server.port=5173" + - traefik-public + deploy: + labels: + - traefik.enable=true + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public + - "traefik.http.routers.heynote.entrypoints=https" + - "traefik.http.routers.heynote.rule=HostRegexp(`note[0-9]{0,2}.${DOMAIN}`) || Host(`pad.${DOMAIN}`)" + - "traefik.http.routers.heynote.tls.certresolver=le" + - "traefik.http.routers.heynote.service=heynote_app" + - "traefik.http.services.heynote_app.loadbalancer.server.port=5173" streamlit-bai: environment: @@ -74,63 +68,64 @@ services: command: streamlit run --server.port=$STREAMLIT_BAI_SERVER_PORT --server.address=0.0.0.0 --server.baseUrlPath=$BAI_LOCATION src/app.py volumes: - bai_cache:/app/cache - expose: - - ${STREAMLIT_BAI_SERVER_PORT} networks: - - net - labels: - - "traefik.enable=true" - - "traefik.http.routers.streamlit-bai.entrypoints=web-secure" - - "traefik.http.routers.streamlit-bai.rule=Host(`bai.${DOMAIN}`)" - - "traefik.http.routers.streamlit-bai.middlewares=csrf@file" - - "traefik.http.routers.streamlit-bai.tls.certresolver=letsencrypt" - - "traefik.http.routers.streamlit-bai.service=streamlit_bai_app" - - "traefik.http.services.streamlit_bai_app.loadbalancer.server.port=${STREAMLIT_BAI_SERVER_PORT}" + - traefik-public + deploy: + labels: + - traefik.enable=true + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public + - traefik.http.routers.streamlit-bai.entrypoints=https + - traefik.http.routers.streamlit-bai.rule=Host(`bai.${DOMAIN}`) + - traefik.http.routers.streamlit-bai.tls.certresolver=le + - traefik.http.routers.streamlit-bai.service=streamlit_bai_app + - traefik.http.services.streamlit_bai_app.loadbalancer.server.port=${STREAMLIT_BAI_SERVER_PORT} streamlit-fin: environment: <<: *app-environment image: furyhawk/llama3toolsfin:main restart: unless-stopped - expose: - - ${STREAMLIT_FIN_SERVER_PORT} networks: - - net - labels: - - "traefik.enable=true" - - "traefik.http.routers.streamlit-fin.entrypoints=web-secure" - - "traefik.http.routers.streamlit-fin.rule=Host(`fin.${DOMAIN}`)" - - "traefik.http.routers.streamlit-fin.middlewares=csrf@file" - - "traefik.http.routers.streamlit-fin.tls.certresolver=letsencrypt" - - "traefik.http.routers.streamlit-fin.service=streamlit_fin_app" - - "traefik.http.services.streamlit_fin_app.loadbalancer.server.port=${STREAMLIT_FIN_SERVER_PORT}" + - traefik-public + deploy: + labels: + - traefik.enable=true + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public + - traefik.http.routers.streamlit-fin.entrypoints=https + - traefik.http.routers.streamlit-fin.rule=Host(`fin.${DOMAIN}`) + - traefik.http.routers.streamlit-fin.tls.certresolver=le + - traefik.http.routers.streamlit-fin.service=streamlit_fin_app + - traefik.http.services.streamlit_fin_app.loadbalancer.server.port=${STREAMLIT_FIN_SERVER_PORT} site_server: image: nginx:alpine restart: unless-stopped volumes: - ~/site:/usr/share/nginx/html:ro - expose: - - 80 networks: - - net - labels: - - "traefik.enable=true" - - "traefik.http.routers.site_server.entrypoints=web-secure" - - "traefik.http.routers.site_server.rule=Host(`${DOMAIN}`) || Host(`www.${DOMAIN}`) || Host(`info.${DOMAIN}`) || Host(`124c41.${DOMAIN}`)" - - "traefik.http.routers.site_server.middlewares=csrf@file, no-www@file" - - "traefik.http.routers.site_server.tls.certresolver=letsencrypt" - - "traefik.http.routers.site_server.service=site_server_app" - - "traefik.http.services.site_server_app.loadbalancer.server.port=80" - - "traefik.http.routers.resume_router.entrypoints=web-secure" - - "traefik.http.routers.resume_router.rule=Host(`resume.${DOMAIN}`)" - - "traefik.http.routers.resume_router.middlewares=csrf@file, redirect-resume@file" - - "traefik.http.routers.resume_router.tls.certresolver=letsencrypt" - - "traefik.http.routers.resume_router.service=resume_server" - - "traefik.http.services.resume_server.loadbalancer.server.port=80" - - "traefik.http.routers.blog_router.entrypoints=web-secure" - - "traefik.http.routers.blog_router.rule=Host(`blog.${DOMAIN}`)" - - "traefik.http.routers.blog_router.middlewares=redirect-blog@file" - - "traefik.http.routers.blog_router.tls.certresolver=letsencrypt" - - "traefik.http.routers.blog_router.service=blog_server" - - "traefik.http.services.blog_server.loadbalancer.server.port=80" + - traefik-public + deploy: + labels: + - traefik.enable=true + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public + - traefik.http.routers.site_server.entrypoints=https + - traefik.http.routers.site_server.rule=Host(`${DOMAIN}`) || Host(`www.${DOMAIN}`) || Host(`info.${DOMAIN}`) || Host(`124c41.${DOMAIN}`) + - traefik.http.routers.site_server.middlewares=no-www + - traefik.http.routers.site_server.tls.certresolver=le + - traefik.http.routers.site_server.service=site_server_app + - traefik.http.services.site_server_app.loadbalancer.server.port=80 + - "traefik.http.routers.resume_router.entrypoints=https" + - "traefik.http.routers.resume_router.rule=Host(`resume.${DOMAIN}`)" + - "traefik.http.routers.resume_router.middlewares=redirect-resume" + - "traefik.http.routers.resume_router.tls.certresolver=le" + - "traefik.http.routers.resume_router.service=resume_server" + - "traefik.http.services.resume_server.loadbalancer.server.port=80" + - "traefik.http.routers.blog_router.entrypoints=https" + - "traefik.http.routers.blog_router.rule=Host(`blog.${DOMAIN}`)" + - "traefik.http.routers.blog_router.middlewares=redirect-blog" + - "traefik.http.routers.blog_router.tls.certresolver=le" + - "traefik.http.routers.blog_router.service=blog_server" + - "traefik.http.services.blog_server.loadbalancer.server.port=80" diff --git a/swarm/core.yml b/swarm/core.yml index 9c9a507..298b7c8 100644 --- a/swarm/core.yml +++ b/swarm/core.yml @@ -10,11 +10,22 @@ services: - target: 443 published: 443 mode: host + - target: 5432 + published: 5432 + mode: host + - target: 8083 + published: 8083 + mode: host + - target: 8084 + published: 8084 + mode: host + # - target: 8883 + # published: 8883 + # mode: host + # - "8083:8083" + # - "8084:8084" + # - "5432:5432" # - "7687:7687" - - "8083:8083" - - "8084:8084" - - "8883:8883" - - "5432:5432" deploy: placement: constraints: @@ -88,7 +99,7 @@ services: # Create an entrypoint "postgres-socket" listening on port 5432 - --entrypoints.postgres-socket.address=:5432 # Others entrypoints can be created, like a TCP entrypoint - # - --entrypoints.mqtt.address=:1883 + - --entrypoints.mqtt.address=:1883 - --entrypoints.web-socket.address=:8083 - --entrypoints.web-socket-secure.address=:8084 - --entrypoints.bolt-socket.address=:7687 diff --git a/swarm/emqx.yml b/swarm/emqx.yml index aef1498..7503b5e 100644 --- a/swarm/emqx.yml +++ b/swarm/emqx.yml @@ -8,8 +8,11 @@ services: retries: 5 networks: - traefik-public - ports: - - "1883:1883" + # ports: + # - target: 1883 + # published: 1883 + # mode: host + # - "1883:1883" # - 8083:8083 # - 8084:8084 # - 8883:8883 @@ -21,6 +24,10 @@ services: - traefik.enable=true - traefik.docker.network=traefik-public - traefik.constraint-label=traefik-public + - traefik.tcp.routers.emqx1-tcp-mqtt.entrypoints=mqtt + - traefik.tcp.routers.emqx1-tcp-mqtt.rule=HostSNI(`*`) + - traefik.tcp.routers.emqx1-tcp-mqtt.service=emqx1-tcp-mqtt + - traefik.tcp.services.emqx1-tcp-mqtt.loadbalancer.server.port=1883 - traefik.tcp.routers.emqx1-tcp-ws.entrypoints=web-socket - traefik.tcp.routers.emqx1-tcp-ws.rule=HostSNI(`*`) - traefik.tcp.routers.emqx1-tcp-ws.service=emqx1-tcp-ws diff --git a/swarm/librechat.yml b/swarm/librechat.yml new file mode 100644 index 0000000..2f537a6 --- /dev/null +++ b/swarm/librechat.yml @@ -0,0 +1,115 @@ +# Do not edit this file directly. Use a ‘docker-compose.override.yaml’ file if you can. +# Refer to `docker-compose.override.yaml.example’ for some sample configurations. + +volumes: + mongodb-data-node: + pgdata2: + libre-images: + libre-logs: + meili_data: + +networks: + net: + driver: overlay + attachable: true + traefik-public: + external: true + +services: + librechat_api: + depends_on: + - mongodb + - rag_api + image: ghcr.io/danny-avila/librechat-dev:latest + restart: always + user: "${UID}:${GID}" + extra_hosts: + - "host.docker.internal:host-gateway" + environment: + - HOST=0.0.0.0 + - MONGO_URI=mongodb://mongodb:27017/LibreChat + - MEILI_HOST=http://meilisearch:7700 + - RAG_PORT=${RAG_PORT:-8000} + - RAG_API_URL=http://rag_api:${RAG_PORT:-8000} + - DOMAIN=${DOMAIN} + volumes: + - type: bind + source: ~/config/.env + target: /app/.env + - libre-images:/app/client/public/images + - libre-logs:/app/api/logs + - type: bind + source: ~/config/librechat.yaml + target: /app/librechat.yaml + networks: + - net + - traefik-public + deploy: + labels: + - traefik.enable=true + - traefik.docker.network=traefik-public + - traefik.constraint-label=traefik-public + - traefik.http.routers.librechat.entrypoints=https + - traefik.http.routers.librechat.rule=Host(`chat.${DOMAIN}`) || Host(`bot.${DOMAIN}`) + - traefik.http.routers.librechat.tls.certresolver=le + - traefik.http.routers.librechat.service=librechat_app + - traefik.http.services.librechat_app.loadbalancer.server.port=${PORT} + mongodb: + image: mongo + restart: always + user: "${UID}:${GID}" + command: mongod --noauth + volumes: + - mongodb-data-node:/data/db + networks: + - net + deploy: + placement: + constraints: + - node.labels.librechat.mongodb-data-node == true + meilisearch: + image: getmeili/meilisearch:v1.7.3 + restart: always + user: "${UID}:${GID}" + environment: + - MEILI_HOST=http://meilisearch:7700 + - MEILI_NO_ANALYTICS=true + volumes: + - meili_data:/meili_data + networks: + - net + deploy: + placement: + constraints: + - node.labels.librechat.meili_data == true + vectordb: + image: ankane/pgvector:latest + environment: + POSTGRES_DB: mydatabase + POSTGRES_USER: myuser + POSTGRES_PASSWORD: mypassword + restart: always + volumes: + - pgdata2:/var/lib/postgresql/data + networks: + - net + deploy: + placement: + constraints: + - node.labels.librechat.pgdata2 == true + rag_api: + image: ghcr.io/danny-avila/librechat-rag-api-dev:latest + environment: + POSTGRES_DB: mydatabase + POSTGRES_USER: myuser + POSTGRES_PASSWORD: mypassword + DB_HOST: vectordb + RAG_PORT: ${RAG_PORT:-8000} + restart: always + depends_on: + - vectordb + env_file: + - ~/config/.env + networks: + - net +