moqui-framework/docker/moqui-acme-postgres.yml at d7af0771616a0d63370a5dd5bcf4ee77ea37133c · moqui/moqui-framework · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
# A Docker Compose application with Moqui, Postgres, OpenSearch, OpenSearch Dashboards, and virtual hosting through
# nginx-proxy supporting multiple moqui instances on different hostnames.

# Run with something like this for detached mode:
# $ docker compose -f moqui-postgres-compose.yml -p moqui up -d
# Or to copy runtime directories for mounted volumes, set default settings, etc use something like this:
# $ ./compose-run.sh moqui-postgres-compose.yml
# This sets the project/app name to 'moqui' and the network will be 'moqui_default', to be used by external moqui containers

# Test locally by adding the virtual host to /etc/hosts or with something like:
# $ curl -H "Host: moqui.local" localhost/Login

# To run an additional instance of moqui run something like this (but with
# many more arguments for volume mapping, db setup, etc):
# $ docker run -e VIRTUAL_HOST=moqui2.local --name moqui2_local --network moqui_default moqui

# To import data from the docker host using port 5432 mapped for 127.0.0.1 only use something like this:
# $ psql -h 127.0.0.1 -p 5432 -U moqui -W moqui < pg-dump.sql

services:
  nginx-proxy:
    # For documentation on SSL and other settings see:
    # https://github.com/nginxproxy/nginx-proxy
    image: nginxproxy/nginx-proxy
    container_name: nginx-proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - /etc/localtime:/etc/localtime:ro
      # note: .crt, .key, and .dhparam.pem files start with the domain name in VIRTUAL_HOST (ie 'acetousk.com.*') or use CERT_NAME env var
      - ./certs:/etc/nginx/certs
      - ./nginx/conf.d:/etc/nginx/conf.d
      - ./nginx/vhost.d:/etc/nginx/vhost.d
      - ./nginx/html:/usr/share/nginx/html
    environment:
      # change this for the default host to use when accessing directly by IP, etc
      - DEFAULT_HOST=moqui.local
      # use SSL_POLICY to disable TLSv1.0, etc in nginx-proxy
      - SSL_POLICY=AWS-TLS-1-1-2017-01
    networks:
      - proxy-tier

  acme-companion:
    image: nginxproxy/acme-companion
    container_name: acme-companion
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /etc/localtime:/etc/localtime:ro
      - ./certs:/etc/nginx/certs
      - ./nginx/conf.d:/etc/nginx/conf.d
      - ./nginx/vhost.d:/etc/nginx/vhost.d
      - ./nginx/html:/usr/share/nginx/html
      - ./acme.sh:/etc/acme.sh
    networks:
      - proxy-tier
    environment:
      # TODO: For production change this to your email
      - DEFAULT_EMAIL=mail@yourdomain.tld
      # TODO: For production change this to false
      - LETSENCRYPT_TEST=true
    depends_on:
      - nginx-proxy

  moqui-server:
    image: moqui
    container_name: moqui-server
    command: conf=conf/MoquiProductionConf.xml port=80 no-run-es
    restart: always
    links:
      - moqui-database
      - moqui-search
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./runtime/conf:/opt/moqui/runtime/conf
      - ./runtime/lib:/opt/moqui/runtime/lib
      - ./runtime/classes:/opt/moqui/runtime/classes
      - ./runtime/ecomponent:/opt/moqui/runtime/ecomponent
      - ./runtime/log:/opt/moqui/runtime/log
      - ./runtime/txlog:/opt/moqui/runtime/txlog
      - ./runtime/sessions:/opt/moqui/runtime/sessions
      - ./runtime/db:/opt/moqui/runtime/db
      - ./runtime/opensearch:/opt/moqui/runtime/opensearch
    environment:
      - "JAVA_TOOL_OPTIONS=-Xms1024m -Xmx4096m"
      - instance_purpose=production
      - entity_ds_db_conf=postgres
      - entity_ds_host=moqui-database
      - entity_ds_port=5432
      - entity_ds_database=moqui
      - entity_ds_schema=public
      - entity_ds_user=moqui
      - entity_ds_password='MOQUI_CHANGE_ME!!!'
      - entity_ds_crypt_pass='DEFAULT_CHANGE_ME!!!'
      # configuration for ElasticFacade.ElasticClient, make sure the old moqui-elasticsearch component is NOT included in the Moqui build
      - elasticsearch_url=https://moqui-search:9200
      # prefix for index names, use something distinct and not 'moqui_' or 'mantle_' which match the beginning of OOTB index names
      - elasticsearch_index_prefix=default_
      - elasticsearch_user=admin
      - elasticsearch_password=MoquiElasticChangeMe@2026
      # CHANGE ME - note that VIRTUAL_HOST is for nginx-proxy so it picks up this container as one it should reverse proxy
      # this can be a comma separate list of hosts like 'example.com,www.example.com'
      - VIRTUAL_HOST=moqui.local
      - LETSENCRYPT_HOST=moqui.local
      # moqui will accept traffic from other hosts but these are the values used for URL writing when specified:
      # - webapp_http_host=moqui.local
      - webapp_http_port=80
      - webapp_https_port=443
      - webapp_https_enabled=true
      # nginx-proxy populates X-Real-IP with remote_addr by default, better option for outer proxy than X-Forwarded-For which defaults to proxy_add_x_forwarded_for
      - webapp_client_ip_header=X-Real-IP
      - default_locale=en_US
      - default_time_zone=UTC
    networks:
      - proxy-tier
      - default

  moqui-database:
    image: postgres:18.1
    container_name: moqui-database
    restart: always
    ports:
      # change this as needed to bind to any address or even comment to not expose port outside containers
      - 127.0.0.1:5432:5432
    volumes:
      - /etc/localtime:/etc/localtime:ro
      # edit these as needed to map configuration and data storage
      - ./db/postgres:/var/lib/postgresql
    environment:
      - POSTGRES_DB=moqui
      - POSTGRES_DB_SCHEMA=public
      - POSTGRES_USER=moqui
      - POSTGRES_PASSWORD='MOQUI_CHANGE_ME!!!'
      # PGDATA, POSTGRES_INITDB_ARGS
    networks:
      default:

  moqui-search:
    image: opensearchproject/opensearch:3.4.0
    container_name: moqui-search
    restart: always
    ports:
      # change this as needed to bind to any address or even comment to not expose port outside containers
      - 127.0.0.1:9200:9200
      - 127.0.0.1:9300:9300
    volumes:
      - /etc/localtime:/etc/localtime:ro
      # edit these as needed to map configuration and data storage
      - ./opensearch/data/nodes:/usr/share/opensearch/data/nodes
      # - ./opensearch/config/opensearch.yml:/usr/share/opensearch/config/opensearch.yml
      # - ./opensearch/logs:/usr/share/opensearch/logs
    environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m"
      - OPENSEARCH_INITIAL_ADMIN_PASSWORD=MoquiElasticChangeMe@2026
      - discovery.type=single-node
      - network.host=_site_
    ulimits:
      memlock:
        soft: -1
        hard: -1
      nofile:
        soft: 65536
        hard: 65536
    networks:
      proxy-tier:

  opensearch-dashboards:
    image: opensearchproject/opensearch-dashboards:3.4.0
    container_name: opensearch-dashboards
    volumes:
      - /etc/localtime:/etc/localtime:ro
    links:
      - moqui-search
    ports:
      - 127.0.0.1:5601:5601
    environment:
      OPENSEARCH_HOSTS: '["https://moqui-search:9200"]'
    networks:
      default:
      proxy-tier:

networks:
  proxy-tier: