# docker/docker-compose.yml services: # ================== Балансировщик нагрузки (HTTPS/WSS) ================== traefik: image: traefik:latest user: "0:1001" # группа docker на хосте (подберите под свою систему, см. ls -la /var/run/docker.sock) command: - "--api.insecure=true" # дашборд (можно удалить в production) - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--providers.file.filename=/etc/traefik/dynamic_conf.yml" # самоподписанный сертификат и редирект - "--entrypoints.web.address=:80" # HTTP (для редиректа) - "--entrypoints.websecure.address=:443" # HTTPS/WSS # Метрики Prometheus - "--metrics.prometheus=true" - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0" - "--metrics.prometheus.addEntryPointsLabels=true" - "--metrics.prometheus.addServicesLabels=true" ports: - "80:80" - "443:443" # порт дашборда (опционально) - "8080:8080" volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" - "./traefik/certs:/etc/traefik/certs:ro" # самоподписанный сертификат - "./traefik/dynamic_conf.yml:/etc/traefik/dynamic_conf.yml:ro" networks: - eventhub-net restart: unless-stopped # ================== Кластер EventHub (3 ноды) ================== eventhub-node1: build: context: .. dockerfile: docker/Dockerfile hostname: eventhub-node1.local environment: - NODE_NAME=eventhub-node1@eventhub-node1.local - RELEASE_COOKIE=${RELEASE_COOKIE} - JWT_SECRET=${JWT_SECRET} - JOIN_NODES=eventhub-node1@eventhub-node1.local,eventhub-node2@eventhub-node2.local,eventhub-node3@eventhub-node3.local networks: - eventhub-net volumes: - eventhub-node1-data:/app/data labels: - "traefik.enable=true" # --- REST API пользователей --- - "traefik.http.routers.api.rule=Host(`api.eventhub.local`)" - "traefik.http.routers.api.entrypoints=web" - "traefik.http.routers.api.middlewares=redirect-to-https@file" - "traefik.http.routers.api-secure.rule=Host(`api.eventhub.local`)" - "traefik.http.routers.api-secure.entrypoints=websecure" - "traefik.http.routers.api-secure.tls=true" - "traefik.http.routers.api-secure.service=api" - "traefik.http.services.api.loadbalancer.server.port=8080" # --- WebSocket пользователей (WSS через websecure) --- - "traefik.http.routers.ws.rule=Host(`ws.eventhub.local`)" - "traefik.http.routers.ws.entrypoints=web" - "traefik.http.routers.ws.middlewares=redirect-to-https@file" - "traefik.http.routers.ws-secure.rule=Host(`ws.eventhub.local`)" - "traefik.http.routers.ws-secure.entrypoints=websecure" - "traefik.http.routers.ws-secure.tls=true" - "traefik.http.routers.ws-secure.service=ws" - "traefik.http.services.ws.loadbalancer.server.port=8081" # --- Админский REST --- - "traefik.http.routers.admin-api.rule=Host(`admin.eventhub.local`)" - "traefik.http.routers.admin-api.entrypoints=web" - "traefik.http.routers.admin-api.middlewares=redirect-to-https@file" - "traefik.http.routers.admin-api-secure.rule=Host(`admin.eventhub.local`)" - "traefik.http.routers.admin-api-secure.entrypoints=websecure" - "traefik.http.routers.admin-api-secure.tls=true" - "traefik.http.routers.admin-api-secure.service=admin-api" - "traefik.http.services.admin-api.loadbalancer.server.port=8445" # --- Админский WebSocket (WSS) --- - "traefik.http.routers.admin-ws.rule=Host(`admin-ws.eventhub.local`)" - "traefik.http.routers.admin-ws.entrypoints=web" - "traefik.http.routers.admin-ws.middlewares=redirect-to-https@file" - "traefik.http.routers.admin-ws-secure.rule=Host(`admin-ws.eventhub.local`)" - "traefik.http.routers.admin-ws-secure.entrypoints=websecure" - "traefik.http.routers.admin-ws-secure.tls=true" - "traefik.http.routers.admin-ws-secure.service=admin-ws" - "traefik.http.services.admin-ws.loadbalancer.server.port=8446" restart: unless-stopped eventhub-node2: build: context: .. dockerfile: docker/Dockerfile hostname: eventhub-node2.local environment: - NODE_NAME=eventhub-node2@eventhub-node2.local - RELEASE_COOKIE=${RELEASE_COOKIE} - JWT_SECRET=${JWT_SECRET} - JOIN_NODES=eventhub-node1@eventhub-node1.local,eventhub-node2@eventhub-node2.local,eventhub-node3@eventhub-node3.local networks: - eventhub-net volumes: - eventhub-node2-data:/app/data labels: - "traefik.enable=true" - "traefik.http.routers.api.rule=Host(`api.eventhub.local`)" - "traefik.http.routers.api.entrypoints=web" - "traefik.http.routers.api.middlewares=redirect-to-https@file" - "traefik.http.routers.api-secure.rule=Host(`api.eventhub.local`)" - "traefik.http.routers.api-secure.entrypoints=websecure" - "traefik.http.routers.api-secure.tls=true" - "traefik.http.routers.api-secure.service=api" - "traefik.http.services.api.loadbalancer.server.port=8080" - "traefik.http.routers.ws.rule=Host(`ws.eventhub.local`)" - "traefik.http.routers.ws.entrypoints=web" - "traefik.http.routers.ws.middlewares=redirect-to-https@file" - "traefik.http.routers.ws-secure.rule=Host(`ws.eventhub.local`)" - "traefik.http.routers.ws-secure.entrypoints=websecure" - "traefik.http.routers.ws-secure.tls=true" - "traefik.http.routers.ws-secure.service=ws" - "traefik.http.services.ws.loadbalancer.server.port=8081" - "traefik.http.routers.admin-api.rule=Host(`admin.eventhub.local`)" - "traefik.http.routers.admin-api.entrypoints=web" - "traefik.http.routers.admin-api.middlewares=redirect-to-https@file" - "traefik.http.routers.admin-api-secure.rule=Host(`admin.eventhub.local`)" - "traefik.http.routers.admin-api-secure.entrypoints=websecure" - "traefik.http.routers.admin-api-secure.tls=true" - "traefik.http.routers.admin-api-secure.service=admin-api" - "traefik.http.services.admin-api.loadbalancer.server.port=8445" - "traefik.http.routers.admin-ws.rule=Host(`admin-ws.eventhub.local`)" - "traefik.http.routers.admin-ws.entrypoints=web" - "traefik.http.routers.admin-ws.middlewares=redirect-to-https@file" - "traefik.http.routers.admin-ws-secure.rule=Host(`admin-ws.eventhub.local`)" - "traefik.http.routers.admin-ws-secure.entrypoints=websecure" - "traefik.http.routers.admin-ws-secure.tls=true" - "traefik.http.routers.admin-ws-secure.service=admin-ws" - "traefik.http.services.admin-ws.loadbalancer.server.port=8446" restart: unless-stopped eventhub-node3: build: context: .. dockerfile: docker/Dockerfile hostname: eventhub-node3.local environment: - NODE_NAME=eventhub-node3@eventhub-node3.local - RELEASE_COOKIE=${RELEASE_COOKIE} - JWT_SECRET=${JWT_SECRET} - JOIN_NODES=eventhub-node1@eventhub-node1.local,eventhub-node2@eventhub-node2.local,eventhub-node3@eventhub-node3.local networks: - eventhub-net volumes: - eventhub-node3-data:/app/data labels: - "traefik.enable=true" - "traefik.http.routers.api.rule=Host(`api.eventhub.local`)" - "traefik.http.routers.api.entrypoints=web" - "traefik.http.routers.api.middlewares=redirect-to-https@file" - "traefik.http.routers.api-secure.rule=Host(`api.eventhub.local`)" - "traefik.http.routers.api-secure.entrypoints=websecure" - "traefik.http.routers.api-secure.tls=true" - "traefik.http.routers.api-secure.service=api" - "traefik.http.services.api.loadbalancer.server.port=8080" - "traefik.http.routers.ws.rule=Host(`ws.eventhub.local`)" - "traefik.http.routers.ws.entrypoints=web" - "traefik.http.routers.ws.middlewares=redirect-to-https@file" - "traefik.http.routers.ws-secure.rule=Host(`ws.eventhub.local`)" - "traefik.http.routers.ws-secure.entrypoints=websecure" - "traefik.http.routers.ws-secure.tls=true" - "traefik.http.routers.ws-secure.service=ws" - "traefik.http.services.ws.loadbalancer.server.port=8081" - "traefik.http.routers.admin-api.rule=Host(`admin.eventhub.local`)" - "traefik.http.routers.admin-api.entrypoints=web" - "traefik.http.routers.admin-api.middlewares=redirect-to-https@file" - "traefik.http.routers.admin-api-secure.rule=Host(`admin.eventhub.local`)" - "traefik.http.routers.admin-api-secure.entrypoints=websecure" - "traefik.http.routers.admin-api-secure.tls=true" - "traefik.http.routers.admin-api-secure.service=admin-api" - "traefik.http.services.admin-api.loadbalancer.server.port=8445" - "traefik.http.routers.admin-ws.rule=Host(`admin-ws.eventhub.local`)" - "traefik.http.routers.admin-ws.entrypoints=web" - "traefik.http.routers.admin-ws.middlewares=redirect-to-https@file" - "traefik.http.routers.admin-ws-secure.rule=Host(`admin-ws.eventhub.local`)" - "traefik.http.routers.admin-ws-secure.entrypoints=websecure" - "traefik.http.routers.admin-ws-secure.tls=true" - "traefik.http.routers.admin-ws-secure.service=admin-ws" - "traefik.http.services.admin-ws.loadbalancer.server.port=8446" restart: unless-stopped # ================== Мониторинг ================== prometheus: image: prom/prometheus:latest command: - '--config.file=/etc/prometheus/prometheus.yml' - '--storage.tsdb.path=/prometheus' - '--web.console.libraries=/usr/share/prometheus/console_libraries' - '--web.console.templates=/usr/share/prometheus/consoles' - '--storage.tsdb.retention.time=30d' - '--storage.tsdb.retention.size=15GB' volumes: - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml - prometheus-data:/prometheus networks: - eventhub-net ports: - "9090:9090" restart: unless-stopped grafana: image: grafana/grafana:latest environment: - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD} - GF_SECURITY_DISABLE_INITIAL_ADMIN_PASSWORD_CHANGE=false - GF_USERS_ALLOW_SIGN_UP=false - GF_AUTH_ANONYMOUS_ENABLED=false volumes: - ./grafana/provisioning:/etc/grafana/provisioning - ./grafana/dashboards:/etc/grafana/dashboards - grafana-data:/var/lib/grafana networks: - eventhub-net ports: - "3000:3000" restart: unless-stopped # ================== Инструмент отладки ================== observer_web: build: context: .. dockerfile: docker/ObserverWeb.Dockerfile environment: - RELEASE_COOKIE=${RELEASE_COOKIE} networks: - eventhub-net ports: - "4000:4000" restart: unless-stopped # ================== Сети и тома ================== networks: eventhub-net: driver: bridge volumes: eventhub-node1-data: eventhub-node2-data: eventhub-node3-data: prometheus-data: grafana-data: