docker-compose.yml

version: '3.8'

# Volumes #####################################################################
volumes:
  caddy_config:

  caddy_data:
    # external: true

  grafana_data:
    # external: true

  grafana_config:

  frost_db_data:
    # external: true

  nodered_data:
    # external: true

# Networks ####################################################################
networks:
  net:
    driver: bridge

# Services ####################################################################
services:
  # Caddy ---------------------------------------------------------------------
  caddy:
    image: lucaslorentz/caddy-docker-proxy:${CADDY_VERSION:?CADDY_VERSION not set}
    # container_name: caddy
    ports:
      - 80:80
      - 443:443
      # - 2019:2019
    networks:
      - net
    healthcheck:
      test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:2019/metrics || exit 1"]
      # interval: 1m30s
      interval: 10s
      timeout: 10s
      retries: 3
      start_period: 10s
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - caddy_data:/data
      - caddy_config:/config
    restart: unless-stopped
    labels:
      caddy.email: "${ADMIN_EMAIL}"
      # Avoids exceeding rate limit for Let's Encrypt certificates
      # Disable to obtain production SSL certificate
      # https://caddyserver.com/docs/automatic-https#testing
      caddy.acme_ca: "https://acme-staging-v02.api.letsencrypt.org/directory"

  # FROST Server - Web --------------------------------------------------------
  frost-web:
    image: fraunhoferiosb/frost-server:${FROST_VERSION:?FROST_VERSION not set}
    # container_name: frost-web
    networks:
      - net
    ports:
      - 1883:1883
      # - 8080:8080
    depends_on:
      frost-db:
        condition: service_healthy
    restart: unless-stopped
    healthcheck:
      test: ["CMD", 'bash', '-c', 'curl -f "http://127.0.0.1:8080/FROST-Server/"']
      interval: 10s
      timeout: 5s
      retries: 20
    environment:
      serviceRootUrl: "https://${DOMAIN:?DOMAIN not set}${FROST_SUBPATH:?FROST_SUBPATH not set}"
      persistence_db_driver: "org.postgresql.Driver"
      persistence_db_url: "jdbc:postgresql://frost-db:5432/${FROST_DB_NAME:?FROST_DB_NAME not set}"
      persistence_db_username: "${FROST_DB_USER:?FROST_DB_USER not set}"
      persistence_db_password: "${FROST_DB_PASSWORD:?FROST_DB_PASSWORD not set}"
      mqtt_host: ${DOMAIN:?DOMAIN not set}
      # Uncomment this to enable BasicAuth
      # https://fraunhoferiosb.github.io/FROST-Server/settings/auth.html
      # auth_provider: "de.fraunhofer.iosb.ilt.frostserver.auth.basic.BasicAuthProvider"
      # auth_db_driver: "org.postgresql.Driver"
      # auth_db_url: "jdbc:postgresql://frost-db:5432/${FROST_DB_NAME:?FROST_DB_NAME not set}"
      # auth_db_username: "${FROST_DB_USER:?FROST_DB_USER not set}"
      # auth_db_password: "${FROST_DB_PASSWORD:?FROST_DB_PASSWORD not set}"
      # auth_autoUpdateDatabase: "true"

    env_file:
      - frost.env
    labels:
      caddy: "${DOMAIN:?DOMAIN not set}"
      caddy.handle_path: "${FROST_SUBPATH:?FROST_SUBPATH not set}/*"
      caddy.handle_path.0_rewrite: "* /FROST-Server{uri}"
      caddy.handle_path.1_reverse_proxy: "{{upstreams http 8080}}"
      caddy.redir: "${FROST_SUBPATH:?FROST_SUBPATH not set} ${FROST_SUBPATH:?FROST_SUBPATH not set}/"

      # Use this if no suburl for FROST is used
      # caddy.handle: "/FROST-Server/*"
      # caddy.handle.reverse_proxy: "{{upstreams http 8080}}"
      # caddy.redir: "/FROST-Server /FROST-Server/"

  # FROST Server - DB ---------------------------------------------------------
  frost-db:
    image: "postgis/postgis:${FROST_DB_VERSION:?FROST_DB_VERSION not set}"
    # container_name: frost-db
    # ports:
    #  - 5432:5432
    networks:
      - net
    shm_size: '1gb'
    environment:
      POSTGRES_DB: "${FROST_DB_NAME:?FROST_DB_NAME not set}"
      POSTGRES_USER: "${FROST_DB_USER:?FROST_DB_USER not set}"
      POSTGRES_PASSWORD: "${FROST_DB_PASSWORD:?FROST_DB_PASSWORD not set}"
    volumes:
      - frost_db_data:/var/lib/postgresql/data
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${FROST_DB_USER:?FROST_DB_USER not set} -d ${FROST_DB_NAME:?FROST_DB_NAME not set}"]
      interval: 10s
      timeout: 5s
      retries: 5
    # Adapt and uncomment for optimized DB settings with: https://pgtune.leopard.in.ua/#/
    # command:
    #   postgres
    #   -c max_connections=100
    #   -c shared_buffers=7680MB
    #   -c effective_cache_size=23040MB
    #   -c maintenance_work_mem=1920MB
    #   -c checkpoint_completion_target=0.9
    #   -c wal_buffers=16MB
    #   -c default_statistics_target=100
    #   -c random_page_cost=1.1
    #   -c effective_io_concurrency=200
    #   -c work_mem=19660kB
    #   -c min_wal_size=1GB
    #   -c max_wal_size=4GB
    #   -c max_worker_processes=8
    #   -c max_parallel_workers_per_gather=4
    #   -c max_parallel_workers=8
    #   -c max_parallel_maintenance_workers=4

# Grafana -------------------------------------------------------------------
  grafana:
    image: grafana/grafana-oss:${GRAFANA_VERSION:?GRAFANA_VERSION not set}
    volumes:
      - grafana_data:/var/lib/grafana
      - grafana_config:/etc/grafana
    networks:
      - net
    # ports:
    #  - 3000:3000/tcp
    restart: unless-stopped
    healthcheck:
      test: ["CMD", 'bash', '-c', 'wget -S "http://127.0.0.1:3000/api/health" |& grep "200 OK"']
      interval: 10s
      timeout: 5s
      retries: 5
    environment:
      GF_INSTALL_PLUGINS: "grafana-clock-panel,grafana-simple-json-datasource, marcusolsson-json-datasource,
        snuids-trafficlights-panel, citilogics-geoloop-panel, iosb-sensorthings-datasource, yesoreyeram-boomtheme-panel,
        snuids-svg-panel, marcusolsson-hourly-heatmap-panel, citilogics-geoloop-panel,
        fatcloud-windrose-panel,https://github.com/briangann/grafana-gauge-panel/releases/download/v0.0.9/briangann-gauge-panel-0.0.9.zip;briangann-gauge-panel"
      GF_SERVER_DOMAIN: "${DOMAIN:?DOMAIN not set}"
      GF_SERVER_ROOT_URL: "https://${DOMAIN:?DOMAIN not set}${GRAFANA_SUBPATH:?GRAFANA_SUBPATH not set}"
      GF_SERVER_SERVE_FROM_SUB_PATH: "true"
      # See for date formats: https://momentjs.com/docs/#/displaying/
      # GF_DATE_FORMATS_FULL_DATE: "Do MMM, YYYY @ hh:mm:ss"
      GF_DATE_FORMATS_INTERVAL_MONTH: "YYYY.MM"
      GF_DATE_FORMATS_INTERVAL_DAY: "dd, DD.MM"
      GF_DATE_FORMATS_INTERVAL_HOUR: "dd, DD.MM HH:mm"
      GF_DATE_FORMATS_INTERVAL_MINUTE: "dd, HH:mm"
      # Admin user
      GF_SECURITY_ADMIN_USER: "${GRAFANA_ADMIN_USER:?GRAFANA_ADMIN_USER not set}"
      GF_SECURITY_ADMIN_PASSWORD: "${GRAFANA_ADMIN_PASSWORD:?GRAFANA_ADMIN_PASSWORD not set}"
      # Dashbord embedding
      GF_SECURITY_ALLOW_EMBEDDING: "true"
      # Grafana 10 feature toggles
      GF_FEATURE_TOGGLES_ENABLE: publicDashboards
    labels:
      caddy: "${DOMAIN:?DOMAIN not set}"
      caddy.handle: "${GRAFANA_SUBPATH:?GRAFANA_SUBPATH not set}/*"
      caddy.handle.reverse_proxy: "{{upstreams http 3000}}"
      caddy.redir: "${GRAFANA_SUBPATH:?GRAFANA_SUBPATH not set} ${GRAFANA_SUBPATH:?GRAFANA_SUBPATH not set}/"

  # NodeRED -------------------------------------------------------------------
  nodered:
    # container_name: nodered
    networks:
      - net
    # ports:
    #   - 1880:1880
    volumes:
      - nodered_data:/data
    restart: unless-stopped
    environment:
      DOMAIN: "${DOMAIN:?DOMAIN not set}"
      NODE_RED_CREDENTIAL_SECRET: "${NODE_RED_CREDENTIAL_SECRET:?NODE_RED_CREDENTIAL_SECRET not set}"
      TZ: "Europe/Berlin"
      NODE_RED_ENABLE_PROJECTS: "${NODE_RED_ENABLE_PROJECTS:?NODE_RED_ENABLE_PROJECTS not set}"
      # Admin access
      # See: https://nodered.org/docs/user-guide/runtime/securing-node-red#generating-the-password-hash
      NODE_RED_ADMIN_USERNAME: "${NODE_RED_ADMIN_USERNAME:?NODE_RED_ADMIN_USERNAME not set}"
      NODE_RED_ADMIN_PASSWORD: "${NODE_RED_ADMIN_PASSWORD:?NODE_RED_ADMIN_PASSWORD not set}"
      # NODE_OPTIONS: "--max_old_space_size=128"
    build:
      context: nodered
      # dockerfile:
      args:
        - BASEIMAGE_TAG=${NODE_RED_VERSION:?NODE_RED_VERSION not set}
    labels:
      caddy: "${DOMAIN:?DOMAIN not set}"
      # Serve Node-RED from subpath /nodered
      caddy.handle_path: "${NODE_RED_SUBPATH:?NODE_RED_SUBPATH not set}/*"
      caddy.handle_path.reverse_proxy: "{{upstreams http 1880}}"
       # Serve Node-RED UI from subpath /nodered/ui
      caddy.handle_path_1: "${NODE_RED_SUBPATH:?NODE_RED_SUBPATH not set}/ui/*"
      caddy.handle_path_1.rewrite: "* /ui{uri}"
      caddy.handle_path_1.reverse_proxy: "{{upstreams http 1880}}"
      # Handle URLs with no trailing /
      caddy.redir: "${NODE_RED_SUBPATH:?NODE_RED_SUBPATH not set} ${NODE_RED_SUBPATH:?NODE_RED_SUBPATH not set}/"
      caddy.redir_1: "${NODE_RED_SUBPATH:?NODE_RED_SUBPATH not set}/ui ${NODE_RED_SUBPATH:?NODE_RED_SUBPATH not set}/ui/"