docker-compose.yml

version: "2.3"
services:
  nginx:
    image: atomgraph/nginx:d329ba2207773d849c41894408fc073dbe27e3b8
    mem_limit: 128m
    command: /bin/bash -c "envsubst '$$HTTPS_PORT $$UPSTREAM_SERVER $$UPSTREAM_HTTP_PORT $$SERVER_NAME $$SERVER_HTTPS_PORT $$SERVER_HTTP_PORT $$SERVER_CERT_FILE $$SERVER_KEY_FILE $$SSL_VERIFY_CLIENT $$MAX_BODY_SIZE $$SERVER_CLIENT_CERT_HTTPS_PORT' < /etc/nginx/nginx.conf.template > /etc/nginx/nginx.conf && nginx -g 'daemon off;'"
    ports:
      - ${HTTP_PORT}:8080 # allow Tomcat to do HTTP to HTTPS redirect
      - ${HTTPS_PORT}:8443 # HTTPS
      - ${HTTPS_CLIENT_CERT_PORT:-5443}:9443 # HTTPS client cert
    environment:
      - HTTPS_PORT=${HTTPS_PORT}
      - UPSTREAM_SERVER=linkeddatahub
      - UPSTREAM_HTTP_PORT=7070
      - SERVER_NAME=${HOST}
      - SERVER_HTTPS_PORT=8443 # because of nginx-unprivileged
      - SERVER_HTTP_PORT=8080 # because of nginx-unprivileged
      - SERVER_CLIENT_CERT_HTTPS_PORT=9443 # 
      - SERVER_CERT_FILE=/etc/nginx/ssl/server.crt
      - SERVER_KEY_FILE=/etc/nginx/ssl/server.key
      - SSL_VERIFY_CLIENT=optional_no_ca
      - MAX_BODY_SIZE=2097152
    volumes:
      - ./platform/nginx.conf.template:/etc/nginx/nginx.conf.template:ro
      - ./ssl/server:/etc/nginx/ssl:ro
  linkeddatahub:
    user: root # otherwise the ldh user does not have permissions to the mounted folder which is owner by root
    build: .
    environment:
    #  - JPDA_ADDRESS=*:8000 # debugger host - performance hit when enabled
      - CATALINA_OPTS=-XX:+UseContainerSupport -XX:MaxRAMPercentage=75 --add-exports java.base/sun.security.tools.keytool=ALL-UNNAMED # heap will use up to 75% of container's RAM
      - TZ="Europe/Copenhagen"
      #- CATALINA_OPTS="-Duser.timezone=Europe/Copenhagen"
      - PROXY_HOST=nginx
      - PROXY_PORT=9443
      - PROTOCOL=${PROTOCOL}
      - HOST=${HOST}
      - ABS_PATH=${ABS_PATH}
      - HTTP_SCHEME=https
      - HTTP_PORT=7070
      - HTTP_PROXY_NAME=${HOST}
      - HTTP_PROXY_PORT=${HTTPS_PORT}
      - HTTP_REDIRECT_PORT=${HTTPS_PORT}
      - HTTPS_PROXY_PORT=${HTTPS_PORT}
      - HTTPS=false
      - CLIENT_KEYSTORE_PASSWORD=${SECRETARY_CERT_PASSWORD}
      - CLIENT_TRUSTSTORE_PASSWORD=LinkedDataHub
      - SELF_SIGNED_CERT=true # only on localhost
      - SIGN_UP_CERT_VALIDITY=180
      - IMPORT_KEEPALIVE=1200000
      - MAX_CONTENT_LENGTH=2097152
      - NOTIFICATION_ADDRESS=LinkedDataHub <notifications@localhost>
      - MAIL_SMTP_HOST=email-server
      - MAIL_SMTP_PORT=25
      - MAIL_USER=linkeddatahub@localhost
      - OWNER_MBOX=${OWNER_MBOX}
      # - GOOGLE_CLIENT_ID=
      # - GOOGLE_CLIENT_SECRET=
    volumes:
      - /var/linkeddatahub/oidc
      - ./ssl/server:/var/linkeddatahub/ssl/server:ro
      - ./ssl/owner/public.pem:/var/linkeddatahub/ssl/owner/public.pem:ro
      - ./ssl/secretary:/var/linkeddatahub/ssl/secretary:ro
      - ./uploads:/var/www/linkeddatahub/uploads
      - ./config/dev.log4j.properties:/usr/local/tomcat/webapps/ROOT/WEB-INF/classes/log4j.properties:ro
      - ./config/system-varnish.trig:/var/linkeddatahub/datasets/system.trig:ro
      - ./platform/datasets/admin.trig:/var/linkeddatahub/datasets/admin.trig:ro
      - ./platform/datasets/end-user.trig:/var/linkeddatahub/datasets/end-user.trig:ro
      - ./src/main/webapp/static/com/atomgraph/linkeddatahub/xsl/bootstrap/2.3.2:/usr/local/tomcat/webapps/ROOT/static/com/atomgraph/linkeddatahub/xsl/bootstrap/2.3.2:ro
      - ./src/main/webapp/static/com/atomgraph/linkeddatahub/css/bootstrap.css:/usr/local/tomcat/webapps/ROOT/static/com/atomgraph/linkeddatahub/css/bootstrap.css
  fuseki-admin:
    image: atomgraph/fuseki:9985c4edd850c9277d241f6edc0d883013713ad3
    user: root # otherwise fuseki user does not have permissions to the mounted folder which is owner by root
    expose:
      - 3030
    volumes:
      - ./config/fuseki/config.ttl:/fuseki/config.ttl:ro
      - ./data/admin:/fuseki/databases
    command: [ "--config", "/fuseki/config.ttl" ]
  fuseki-end-user:
    image: atomgraph/fuseki:9985c4edd850c9277d241f6edc0d883013713ad3
    user: root # otherwise the fuseki user does not have permissions to the mounted folder which is owner by root
    expose:
      - 3030
    volumes:
      - ./config/fuseki/config.ttl:/fuseki/config.ttl:ro
      - ./data/end-user:/fuseki/databases
    command: [ "--config", "/fuseki/config.ttl" ]
  varnish-admin:
    image: atomgraph/varnish:446f28a3cfedc276b2c27a971455659be98d7351
    user: root # otherwise the varnish user does not have permissions to the mounted folder which is owner by root
    depends_on:
      - linkeddatahub
    tmpfs: /var/lib/varnish:exec
    environment:
      - BACKEND_HOST=fuseki-admin
      - BACKEND_PORT=3030
      - CLIENT_HOST=linkeddatahub
      - VARNISH_TTL=86400
      - VARNISH_SIZE=1G
    entrypoint: /bin/sh -c "envsubst < /etc/varnish/default.vcl.template > /etc/varnish/default.vcl && /usr/local/bin/docker-varnish-entrypoint"
    volumes:
      - ./platform/varnish.vcl.template:/etc/varnish/default.vcl.template:ro
  varnish-end-user:
    image: atomgraph/varnish:446f28a3cfedc276b2c27a971455659be98d7351
    user: root # otherwise varnish user does not have permissions to the mounted folder which is owner by root
    depends_on:
      - linkeddatahub
    tmpfs: /var/lib/varnish:exec
    environment:
      - BACKEND_HOST=fuseki-end-user
      - BACKEND_PORT=3030
      - CLIENT_HOST=linkeddatahub
      - VARNISH_TTL=86400
      - VARNISH_SIZE=1G
    entrypoint: /bin/sh -c "envsubst < /etc/varnish/default.vcl.template > /etc/varnish/default.vcl && /usr/local/bin/docker-varnish-entrypoint"
    volumes:
      - ./platform/varnish.vcl.template:/etc/varnish/default.vcl.template:ro
  email-server:
    image: namshi/smtp
    environment:
      - DISABLE_IPV6=true