docker-compose-ha.yml

version: "3"
services:
  frontend:
    image: ${frontend_image}:${frontend_tag}
    restart: unless-stopped
    volumes:
      - ./logs/frontend/nginx:/var/log/nginx
    environment:
      PUBLIC_URL_DYNAMIC: ${url_omnikeeper}:${http_port}
      REACT_APP_KEYCLOAK_URL: ${keycloak_url}
      REACT_APP_KEYCLOAK_REALM: ${keycloak_realm}
      REACT_APP_KEYCLOAK_CLIENT_ID: ${keycloak_client}
      REACT_APP_BACKEND_URL: ${url_omnikeeper}:${http_port}/backend
      REACT_APP_BASE_NAME: /
    labels:
      traefik.enable: "true"
      traefik.http.routers.frontend.entrypoints: web
      traefik.http.routers.frontend.rule: "PathPrefix(`/`)"
      traefik.http.services.frontend.loadbalancer.server.port: "80"

  backend_a:
    image: ${backend_image}:${backend_tag}
    restart: unless-stopped
    volumes:
      - ./logs/backend_a:/app/Logs
    environment:
      ConnectionStrings__OmnikeeperDatabaseConnection: Server=db;User Id=${db_user};Password=${db_password};Database=${db_database};Pooling=true;Maximum Pool Size=40;Keepalive=1024;Timeout=1024;CommandTimeout=1024
      ConnectionStrings__QuartzDatabaseConnection: Server=db;User Id=${db_user};Password=${db_password};Database=${db_database};Pooling=true;Keepalive=1024;Timeout=1024;CommandTimeout=1024
      Authentication__Audience: ${keycloak_client}
      Authentication__Authority: http://keycloak:8080/realms/${keycloak_realm}
      Authentication__AuthorityForFrontend: ${keycloak_url}/realms/${keycloak_realm} # must be set because in this setup, frontend and backend "speak" with keycloak through different URLs
      Authentication__ValidateIssuer: "false" # must be false because in this setup, frontend and backend "speak" with keycloak through different URLs
      CORS__AllowedHosts: ${url_omnikeeper}
      BaseURL: /backend
      ShowPII: "true" # to improve error messages; should not be set in production
      DistributedQuartzInstanceID: "instance-A"
    labels:
      traefik.enable: "true"
      traefik.http.routers.backend.entrypoints: web
      traefik.http.routers.backend.rule: "PathPrefix(`/backend`)"
      traefik.http.services.backend.loadbalancer.server.port: "80"
    depends_on:
      - db
  backend_b:
    image: ${backend_image}:${backend_tag}
    restart: unless-stopped
    volumes:
      - ./logs/backend_b:/app/Logs
    environment:
      ConnectionStrings__OmnikeeperDatabaseConnection: Server=db;User Id=${db_user};Password=${db_password};Database=${db_database};Pooling=true;Keepalive=1024;Timeout=1024;CommandTimeout=1024
      ConnectionStrings__QuartzDatabaseConnection: Server=db;User Id=${db_user};Password=${db_password};Database=${db_database};Pooling=true;Keepalive=1024;Timeout=1024;CommandTimeout=1024
      Authentication__Audience: ${keycloak_client}
      Authentication__Authority: http://keycloak:8080/realms/${keycloak_realm}
      Authentication__AuthorityForFrontend: ${keycloak_url}/realms/${keycloak_realm} # must be set because in this setup, frontend and backend "speak" with keycloak through different URLs
      Authentication__ValidateIssuer: "false" # must be false because in this setup, frontend and backend "speak" with keycloak through different URLs
      CORS__AllowedHosts: ${url_omnikeeper}
      BaseURL: /backend
      ShowPII: "true" # to improve error messages; should not be set in production
      DistributedQuartzInstanceID: "instance-B"
      RunComputelayers: "false"
    labels:
      traefik.enable: "true"
      traefik.http.routers.backend.entrypoints: web
      traefik.http.routers.backend.rule: "PathPrefix(`/backend`)"
      traefik.http.services.backend.loadbalancer.server.port: "80"
    depends_on:
      - db

  traefik:
    image: traefik:v2.5
    command:
      - --log.level=INFO
      - --global.sendAnonymousUsage=false
      - --accessLog
      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --providers.docker.swarmMode=false
      - --providers.file.directory=/conf
      - --providers.file.watch=true
      - --entrypoints.web.address=:80
      - --entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,212.31.95.60,212.31.95.61,212.31.95.62
    ports:
      - ${http_port}:80
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./conf/traefik/conf:/conf/
      - ./data/traefik/data:/data/

  keycloak:
    image: quay.io/keycloak/keycloak:19.0.1
    volumes:
      - keycloak-data-volume:/opt/keycloak/data/h2/
    environment:
      - KC_DB=dev-file
      - KEYCLOAK_ADMIN=admin
      - KEYCLOAK_ADMIN_PASSWORD=123123
    ports:
      - ${keycloak_port}:8080
    entrypoint: ["/opt/keycloak/bin/kc.sh", "start-dev"]

  db:
    image: postgres:12
    volumes:
      - ./data/db/data:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: ${db_database}
      POSTGRES_USER: ${db_user}
      POSTGRES_PASSWORD: ${db_password}
      shm_size: 256mb
    ports:
      - ${db_management_port}:5432
    networks:
      default:
        aliases:
          - db
    command:
      - "postgres"
      - "-c"
      - "shared_preload_libraries=pg_stat_statements"

  dbadmin:
    image: dpage/pgadmin4:4.20
    ports:
      - ${http_port_dbadmin}:80
    environment:
      - PGADMIN_DEFAULT_EMAIL=${dbadmin_email}
      - PGADMIN_DEFAULT_PASSWORD=${dbadmin_password}
    depends_on:
      - db

volumes:
  keycloak-data-volume: