Refactor traefik.yml to enable MQTT support and update routing rules

2026-05-23 16:36:00 +00:00 · 2024-06-01 22:28:16 +08:00
parent 374d07f979
commit 8da24cf80a
4 changed files with 209 additions and 81 deletions
@@ -7,8 +7,10 @@ x-environment: &app-environment
 volumes:
  bai_cache: {}
  pgadmin: {}
-  privatebin_data: {}
+
-  thelounge_data: {}
+networks:
  traefik-public:
    external: true
 services:
@@ -26,26 +28,18 @@ services:
    restart: unless-stopped
    depends_on:
      - postgres
    expose:
      - 8080
    networks:
      - traefik-public
    deploy:
      labels:
-        - "traefik.enable=true"
+        - traefik.enable=true
-        - "traefik.http.routers.adminer.entrypoints=web-secure"
+        - traefik.docker.network=traefik-public
-        - "traefik.http.routers.adminer.rule=Host(`adminer.${DOMAIN}`) || Host(`dbadmin.${DOMAIN}`)"
+        - traefik.constraint-label=traefik-public
-        - "traefik.http.routers.adminer.tls.certresolver=letsencrypt"
+        - traefik.http.routers.adminer.entrypoints=https
-        - "traefik.http.routers.adminer.service=adminer_app"
+        - traefik.http.routers.adminer.rule=Host(`adminer.${DOMAIN}`) || Host(`dbadmin.${DOMAIN}`)
-        - "traefik.http.services.adminer_app.loadbalancer.server.port=8080"
+        - traefik.http.routers.adminer.tls.certresolver=le
-    labels:
+        - traefik.http.routers.adminer.service=adminer_app
-      - "traefik.enable=true"
+        - traefik.http.services.adminer_app.loadbalancer.server.port=8080
      - "traefik.http.routers.adminer.entrypoints=web-secure"
      - "traefik.http.routers.adminer.rule=Host(`adminer.${DOMAIN}`) || Host(`dbadmin.${DOMAIN}`)"
      - "traefik.http.routers.adminer.middlewares=csrf@file"
      - "traefik.http.routers.adminer.tls.certresolver=letsencrypt"
      - "traefik.http.routers.adminer.service=adminer_app"
      - "traefik.http.services.adminer_app.loadbalancer.server.port=8080"
  heynote_app:
    image: furyhawk/heynote:${HEYNOTETAG:-latest}
@@ -53,18 +47,18 @@ services:
    environment:
      NODE_ENV: production
      DOMAIN: ${DOMAIN}
    expose:
      - 5173
    networks:
-      - net
+      - traefik-public
-    labels:
+    deploy:
-      - "traefik.enable=true"
+      labels:
-      - "traefik.http.routers.heynote.entrypoints=web-secure"
+        - traefik.enable=true
-      - "traefik.http.routers.heynote.rule=HostRegexp(`note[0-9]{0,2}.${DOMAIN}`) || Host(`pad.${DOMAIN}`)"
+        - traefik.docker.network=traefik-public
-      - "traefik.http.routers.heynote.middlewares=csrf@file"
+        - traefik.constraint-label=traefik-public
-      - "traefik.http.routers.heynote.tls.certresolver=letsencrypt"
+        - "traefik.http.routers.heynote.entrypoints=https"
-      - "traefik.http.routers.heynote.service=heynote_app"
+        - "traefik.http.routers.heynote.rule=HostRegexp(`note[0-9]{0,2}.${DOMAIN}`) || Host(`pad.${DOMAIN}`)"
-      - "traefik.http.services.heynote_app.loadbalancer.server.port=5173"
+        - "traefik.http.routers.heynote.tls.certresolver=le"
        - "traefik.http.routers.heynote.service=heynote_app"
        - "traefik.http.services.heynote_app.loadbalancer.server.port=5173"
  streamlit-bai:
    environment:
@@ -74,63 +68,64 @@ services:
    command: streamlit run --server.port=$STREAMLIT_BAI_SERVER_PORT --server.address=0.0.0.0 --server.baseUrlPath=$BAI_LOCATION src/app.py
    volumes:
      - bai_cache:/app/cache
    expose:
      - ${STREAMLIT_BAI_SERVER_PORT}
    networks:
-      - net
+      - traefik-public
-    labels:
+    deploy:
-      - "traefik.enable=true"
+      labels:
-      - "traefik.http.routers.streamlit-bai.entrypoints=web-secure"
+        - traefik.enable=true
-      - "traefik.http.routers.streamlit-bai.rule=Host(`bai.${DOMAIN}`)"
+        - traefik.docker.network=traefik-public
-      - "traefik.http.routers.streamlit-bai.middlewares=csrf@file"
+        - traefik.constraint-label=traefik-public
-      - "traefik.http.routers.streamlit-bai.tls.certresolver=letsencrypt"
+        - traefik.http.routers.streamlit-bai.entrypoints=https
-      - "traefik.http.routers.streamlit-bai.service=streamlit_bai_app"
+        - traefik.http.routers.streamlit-bai.rule=Host(`bai.${DOMAIN}`)
-      - "traefik.http.services.streamlit_bai_app.loadbalancer.server.port=${STREAMLIT_BAI_SERVER_PORT}"
+        - traefik.http.routers.streamlit-bai.tls.certresolver=le
        - traefik.http.routers.streamlit-bai.service=streamlit_bai_app
        - traefik.http.services.streamlit_bai_app.loadbalancer.server.port=${STREAMLIT_BAI_SERVER_PORT}
  streamlit-fin:
    environment:
      <<: *app-environment
    image: furyhawk/llama3toolsfin:main
    restart: unless-stopped
    expose:
      - ${STREAMLIT_FIN_SERVER_PORT}
    networks:
-      - net
+      - traefik-public
-    labels:
+    deploy:
-      - "traefik.enable=true"
+      labels:
-      - "traefik.http.routers.streamlit-fin.entrypoints=web-secure"
+        - traefik.enable=true
-      - "traefik.http.routers.streamlit-fin.rule=Host(`fin.${DOMAIN}`)"
+        - traefik.docker.network=traefik-public
-      - "traefik.http.routers.streamlit-fin.middlewares=csrf@file"
+        - traefik.constraint-label=traefik-public
-      - "traefik.http.routers.streamlit-fin.tls.certresolver=letsencrypt"
+        - traefik.http.routers.streamlit-fin.entrypoints=https
-      - "traefik.http.routers.streamlit-fin.service=streamlit_fin_app"
+        - traefik.http.routers.streamlit-fin.rule=Host(`fin.${DOMAIN}`)
-      - "traefik.http.services.streamlit_fin_app.loadbalancer.server.port=${STREAMLIT_FIN_SERVER_PORT}"
+        - traefik.http.routers.streamlit-fin.tls.certresolver=le
        - traefik.http.routers.streamlit-fin.service=streamlit_fin_app
        - traefik.http.services.streamlit_fin_app.loadbalancer.server.port=${STREAMLIT_FIN_SERVER_PORT}
  site_server:
    image: nginx:alpine
    restart: unless-stopped
    volumes:
      - ~/site:/usr/share/nginx/html:ro
    expose:
      - 80
    networks:
-      - net
+      - traefik-public
-    labels:
+    deploy:
-      - "traefik.enable=true"
+      labels:
-      - "traefik.http.routers.site_server.entrypoints=web-secure"
+        - traefik.enable=true
-      - "traefik.http.routers.site_server.rule=Host(`${DOMAIN}`) || Host(`www.${DOMAIN}`) || Host(`info.${DOMAIN}`) || Host(`124c41.${DOMAIN}`)"
+        - traefik.docker.network=traefik-public
-      - "traefik.http.routers.site_server.middlewares=csrf@file, no-www@file"
+        - traefik.constraint-label=traefik-public
-      - "traefik.http.routers.site_server.tls.certresolver=letsencrypt"
+        - traefik.http.routers.site_server.entrypoints=https
-      - "traefik.http.routers.site_server.service=site_server_app"
+        - traefik.http.routers.site_server.rule=Host(`${DOMAIN}`) || Host(`www.${DOMAIN}`) || Host(`info.${DOMAIN}`) || Host(`124c41.${DOMAIN}`)
-      - "traefik.http.services.site_server_app.loadbalancer.server.port=80"
+        - traefik.http.routers.site_server.middlewares=no-www
-      - "traefik.http.routers.resume_router.entrypoints=web-secure"
+        - traefik.http.routers.site_server.tls.certresolver=le
-      - "traefik.http.routers.resume_router.rule=Host(`resume.${DOMAIN}`)"
+        - traefik.http.routers.site_server.service=site_server_app
-      - "traefik.http.routers.resume_router.middlewares=csrf@file, redirect-resume@file"
+        - traefik.http.services.site_server_app.loadbalancer.server.port=80
-      - "traefik.http.routers.resume_router.tls.certresolver=letsencrypt"
+        - "traefik.http.routers.resume_router.entrypoints=https"
-      - "traefik.http.routers.resume_router.service=resume_server"
+        - "traefik.http.routers.resume_router.rule=Host(`resume.${DOMAIN}`)"
-      - "traefik.http.services.resume_server.loadbalancer.server.port=80"
+        - "traefik.http.routers.resume_router.middlewares=redirect-resume"
-      - "traefik.http.routers.blog_router.entrypoints=web-secure"
+        - "traefik.http.routers.resume_router.tls.certresolver=le"
-      - "traefik.http.routers.blog_router.rule=Host(`blog.${DOMAIN}`)"
+        - "traefik.http.routers.resume_router.service=resume_server"
-      - "traefik.http.routers.blog_router.middlewares=redirect-blog@file"
+        - "traefik.http.services.resume_server.loadbalancer.server.port=80"
-      - "traefik.http.routers.blog_router.tls.certresolver=letsencrypt"
+        - "traefik.http.routers.blog_router.entrypoints=https"
-      - "traefik.http.routers.blog_router.service=blog_server"
+        - "traefik.http.routers.blog_router.rule=Host(`blog.${DOMAIN}`)"
-      - "traefik.http.services.blog_server.loadbalancer.server.port=80"
+        - "traefik.http.routers.blog_router.middlewares=redirect-blog"
        - "traefik.http.routers.blog_router.tls.certresolver=le"
        - "traefik.http.routers.blog_router.service=blog_server"
        - "traefik.http.services.blog_server.loadbalancer.server.port=80"
@@ -10,11 +10,22 @@ services:
      - target: 443
        published: 443
        mode: host
      - target: 5432
        published: 5432
        mode: host
      - target: 8083
        published: 8083
        mode: host
      - target: 8084
        published: 8084
        mode: host
      # - target: 8883
      #   published: 8883
      #   mode: host
      # - "8083:8083"
      # - "8084:8084"
      # - "5432:5432"
      # - "7687:7687"
      - "8083:8083"
      - "8084:8084"
      - "8883:8883"
      - "5432:5432"
    deploy:
      placement:
        constraints:
@@ -88,7 +99,7 @@ services:
      # Create an entrypoint "postgres-socket" listening on port 5432
      - --entrypoints.postgres-socket.address=:5432
      # Others entrypoints can be created, like a TCP entrypoint
-      # - --entrypoints.mqtt.address=:1883
+      - --entrypoints.mqtt.address=:1883
      - --entrypoints.web-socket.address=:8083
      - --entrypoints.web-socket-secure.address=:8084
      - --entrypoints.bolt-socket.address=:7687
@@ -8,8 +8,11 @@ services:
      retries: 5
    networks:
      - traefik-public
-    ports:
+    # ports:
-      - "1883:1883"
+    #   - target: 1883
    #     published: 1883
    #     mode: host
    #   - "1883:1883"
    #   - 8083:8083
    #   - 8084:8084
    #   - 8883:8883
@@ -21,6 +24,10 @@ services:
        - traefik.enable=true
        - traefik.docker.network=traefik-public
        - traefik.constraint-label=traefik-public
        - traefik.tcp.routers.emqx1-tcp-mqtt.entrypoints=mqtt
        - traefik.tcp.routers.emqx1-tcp-mqtt.rule=HostSNI(`*`)
        - traefik.tcp.routers.emqx1-tcp-mqtt.service=emqx1-tcp-mqtt
        - traefik.tcp.services.emqx1-tcp-mqtt.loadbalancer.server.port=1883
        - traefik.tcp.routers.emqx1-tcp-ws.entrypoints=web-socket
        - traefik.tcp.routers.emqx1-tcp-ws.rule=HostSNI(`*`)
        - traefik.tcp.routers.emqx1-tcp-ws.service=emqx1-tcp-ws
@@ -0,0 +1,115 @@
 # Do not edit this file directly. Use a ‘docker-compose.override.yaml’ file if you can.
 # Refer to `docker-compose.override.yaml.example’ for some sample configurations.
 volumes:
  mongodb-data-node:
  pgdata2:
  libre-images:
  libre-logs:
  meili_data:
 networks:
  net:
    driver: overlay
    attachable: true
  traefik-public:
    external: true
 services:
  librechat_api:
    depends_on:
      - mongodb
      - rag_api
    image: ghcr.io/danny-avila/librechat-dev:latest
    restart: always
    user: "${UID}:${GID}"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    environment:
      - HOST=0.0.0.0
      - MONGO_URI=mongodb://mongodb:27017/LibreChat
      - MEILI_HOST=http://meilisearch:7700
      - RAG_PORT=${RAG_PORT:-8000}
      - RAG_API_URL=http://rag_api:${RAG_PORT:-8000}
      - DOMAIN=${DOMAIN}
    volumes:
      - type: bind
        source: ~/config/.env
        target: /app/.env
      - libre-images:/app/client/public/images
      - libre-logs:/app/api/logs
      - type: bind
        source: ~/config/librechat.yaml
        target: /app/librechat.yaml
    networks:
      - net
      - traefik-public
    deploy:
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik-public
        - traefik.constraint-label=traefik-public
        - traefik.http.routers.librechat.entrypoints=https
        - traefik.http.routers.librechat.rule=Host(`chat.${DOMAIN}`) || Host(`bot.${DOMAIN}`)
        - traefik.http.routers.librechat.tls.certresolver=le
        - traefik.http.routers.librechat.service=librechat_app
        - traefik.http.services.librechat_app.loadbalancer.server.port=${PORT}
  mongodb:
    image: mongo
    restart: always
    user: "${UID}:${GID}"
    command: mongod --noauth
    volumes:
      - mongodb-data-node:/data/db
    networks:
      - net
    deploy:
      placement:
        constraints:
          - node.labels.librechat.mongodb-data-node == true
  meilisearch:
    image: getmeili/meilisearch:v1.7.3
    restart: always
    user: "${UID}:${GID}"
    environment:
      - MEILI_HOST=http://meilisearch:7700
      - MEILI_NO_ANALYTICS=true
    volumes:
      - meili_data:/meili_data
    networks:
      - net
    deploy:
      placement:
        constraints:
          - node.labels.librechat.meili_data == true
  vectordb:
    image: ankane/pgvector:latest
    environment:
      POSTGRES_DB: mydatabase
      POSTGRES_USER: myuser
      POSTGRES_PASSWORD: mypassword
    restart: always
    volumes:
      - pgdata2:/var/lib/postgresql/data
    networks:
      - net
    deploy:
      placement:
        constraints:
          - node.labels.librechat.pgdata2 == true
  rag_api:
    image: ghcr.io/danny-avila/librechat-rag-api-dev:latest
    environment:
      POSTGRES_DB: mydatabase
      POSTGRES_USER: myuser
      POSTGRES_PASSWORD: mypassword
      DB_HOST: vectordb
      RAG_PORT: ${RAG_PORT:-8000}
    restart: always
    depends_on:
      - vectordb
    env_file:
      - ~/config/.env
    networks:
      - net