73 lines
2.1 KiB
YAML
73 lines
2.1 KiB
YAML
services:
|
|
# 1. The Database
|
|
guac-db:
|
|
image: postgres:15-alpine
|
|
container_name: guac-db
|
|
user: root
|
|
cpus: 2.0
|
|
mem_limit: "4096m"
|
|
mem_reservation: "1024m"
|
|
restart: unless-stopped
|
|
environment:
|
|
POSTGRESQL_USERNAME: ${PG_USERNAME}
|
|
POSTGRESQL_PASSWORD: ${PG_PASSWORD}
|
|
POSTGRESQL_DB: guacamole_db
|
|
volumes:
|
|
- /docker/guacamole/init:/docker-entrypoint-initdb.d:ro # Loads schema on first boot
|
|
- /docker/guacamole/db:/var/lib/postgresql/data
|
|
networks:
|
|
- guac_internal
|
|
|
|
# 2. The "Proxy Daemon" (Translates RDP/SSH to HTML5)
|
|
guacd:
|
|
image: guacamole/guacd
|
|
container_name: guacd
|
|
cpus: 1.0
|
|
mem_limit: "1024m"
|
|
mem_reservation: "256m"
|
|
restart: unless-stopped
|
|
networks:
|
|
- guac_internal
|
|
- guac_ssh
|
|
|
|
# 3. The Web Interface
|
|
guacamole:
|
|
image: guacamole/guacamole
|
|
container_name: guacamole
|
|
restart: unless-stopped
|
|
user: root
|
|
cpus: 2.0
|
|
mem_limit: "3072m" # 3 GB
|
|
mem_reservation: "1024m"
|
|
depends_on:
|
|
- guac-db
|
|
- guacd
|
|
environment:
|
|
GUACD_HOSTNAME: guacd
|
|
POSTGRESQL_HOSTNAME: guac-db
|
|
POSTGRESQL_DATABASE: guacamole_db
|
|
POSTGRESQL_USERNAME: ${PG_USERNAME}
|
|
POSTGRESQL_PASSWORD: ${PG_PASSWORD}
|
|
CATALINA_OPTS: "-Djava.security.egd=file:/dev/./urandom -Xms1g -Xmx2g"
|
|
networks:
|
|
- guac_internal
|
|
- guac_external # Connects to Traefik
|
|
labels:
|
|
- "traefik.enable=${TRAEFIK_ENABLED:-false}"
|
|
# Routing Logic
|
|
- "traefik.http.routers.${SERVICE_NAME}.rule=Host(`${SUBDOMAIN}.${ENV_DOMAIN}`)"
|
|
- "traefik.http.routers.${SERVICE_NAME}.entrypoints=${TRAEFIK_ENTRYPOINT:-websecure}"
|
|
- "traefik.http.routers.${SERVICE_NAME}.tls=true"
|
|
- "traefik.http.routers.${SERVICE_NAME}.tls.certresolver=${TRAEFIK_RESOLVER:-myresolver}"
|
|
# Service Logic
|
|
- "traefik.http.services.${SERVICE_NAME}.loadbalancer.server.port=${INTERNAL_PORT:-80}"
|
|
# Middleware Logic
|
|
- "traefik.http.routers.${SERVICE_NAME}.middlewares=${MIDDLEWARES:-}"
|
|
|
|
networks:
|
|
guac_internal:
|
|
internal: true
|
|
guac_external:
|
|
external: true
|
|
guac_ssh:
|
|
external: true
|