-
-
Notifications
You must be signed in to change notification settings - Fork 19
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
213 lines (174 loc) · 9.08 KB
/
docker-compose.yml
File metadata and controls
213 lines (174 loc) · 9.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
name: controlr
### Environment Variables Configuration ###
# This configuration uses environment variables to supply secrets to services.
# All sensitive values should be provided via the host's environment variables or .env file.
#
# Quick Start:
# 1. Set environment variables for all sensitive values (e.g., ControlR_POSTGRES_USER, ControlR_POSTGRES_PASSWORD)
# 2. Or create a .env file with the required variables
# 3. Run: sudo docker compose up -d
#
# See the README.md for more information on configuration options.
# These values are expected to be passed in by the host's environment or .env file.
x-postgres-user: &pgUser ${ControlR_POSTGRES_USER:?error}
x-postgres-password: &pgPassword ${ControlR_POSTGRES_PASSWORD:?error}
x-aspire-browser-token: &aspireToken ${ControlR_ASPIRE_BROWSER_TOKEN:?error}
# The public URL where the Aspire Dashboard will be accessible via browser.
# For example, if your reverse proxy is set up to route https://metrics.example.com
# to Aspire, that is the URL you should use here.
x-aspire-public-url: &aspirePublicUrl "http://localhost:18888"
services:
controlr:
# It's recommended to change 'latest' to a specific version tag and update manually.
image: bitbound/controlr:latest
container_name: controlr
restart: unless-stopped
depends_on:
- postgres
- aspire
ports:
- "5120:8080"
networks:
- controlr-network
environment:
# ASPNETCORE variables should not be changed.
ASPNETCORE_ENVIRONMENT: Production
ASPNETCORE_HTTP_PORTS: 8080
# Postgres connection details.
ControlR_POSTGRES_PORT: 5432
ControlR_POSTGRES_HOST: "postgres"
ControlR_POSTGRES_USER: *pgUser
ControlR_POSTGRES_PASSWORD: *pgPassword
ControlR_POSTGRES_DB: "controlr"
# Whether to enable the configuration provider for Docker Secrets.
ControlR_AppOptions__EnableDockerSecrets: false
# The access token for the Aspire Dashboard, where server logs and telemetry can be viewed.
#ControlR_AspireDashboard__Token: *aspireToken
# The public URL for the Aspire Dashboard's web interface.
ControlR_AspireDashboard__PublicWebUrl: *aspirePublicUrl
# Whether to make self-registration publicly available.
ControlR_AppOptions__EnablePublicRegistration: false
# Allows devices to self-register without requiring an installer key.
ControlR_AppOptions__AllowAgentsToSelfBootstrap: false
# The name that appears in TOTP authenticator apps.
ControlR_AppOptions__AuthenticatorIssuerName: "ControlR"
# If enabled, signing in with a passkey will effectively add the "remember me" option.
ControlR_AppOptions__PersistPasskeyLogin: false
# Automatically obtain Cloudflare IPs from https://www.cloudflare.com/ips-v4
# and add them to the KnownNetworks list for forwarded headers.
ControlR_AppOptions__EnableCloudflareProxySupport: false
# Enables detailed error messages from Entity Framework Core when database errors occur.
# This can be helpful for debugging but may leak sensitive information, so it is disabled by default.
# Enabling this incurs a small performance cost.
ControlR_AppOptions__EnableDatabaseDetailedErrors: false
# When enabled, bypasses KnownProxies/KnownIpNetworks checks and trusts all forwarded headers
# from the reverse proxy. Only enable this in secure environments where the reverse proxy
# is guaranteed to be the only source of incoming traffic.
ControlR_AppOptions__EnableNetworkTrust: false
# Add an Azure Monitor connection string to enable exporting of OpenTelemetry data to Azure.
#ControlR_AzureMonitor__ConnectionString:
# Add an OTLP endpoint URL to enable exporting of OpenTelemetry data to an OTLP endpoint.
ControlR_OTLP_ENDPOINT_URL: "http://aspire:18889"
# Set the minimum level for logs sent to OTLP exporter and/or Azure Monitor.
ControlR_Logging__LogLevel__Default: Information
# The log level to use for HttpLogging middleware (when it's enabled).
ControlR_Logging__LogLevel__Microsoft.AspNetCore.HttpLogging: Information
# The log level for ForwardedHeadersMiddleware, among others. When set to debug,
# this will log when a reverse proxy isn't trusted, which can help troubleshoot misconfigurations.
ControlR_Logging__LogLevel__Microsoft.AspNetCore.HttpOverrides: Debug
# For debugging. When enabled, extra logs will be written for all HTTP requests and responses.
# https://learn.microsoft.com/en-us/aspnet/core/fundamentals/http-logging
ControlR_AppOptions__UseHttpLogging: false
# If enabled, detailed errors will be sent to the SignalR client when exceptions occur during hub method invocations.
# This can be helpful for debugging but may leak sensitive information, so it is disabled by default.
ControlR_AppOptions__EnableSignalrDetailedErrors: false
# Configure X.509 certificate-based encryption for Data Protection keys at rest.
# If false, keys are not encrypted (not recommended for production).
# When true, Data Protection keys will be encrypted using the certificate specified below.
# An exception will be thrown at startup if the certificate is not configured or doesn't exist.
ControlR_KeyProtectionOptions__EncryptKeys: false
# The file path to a PFX (.pfx) certificate file for key encryption.
# Mount the certificate file into the container and provide the container path here.
#ControlR_KeyProtectionOptions__CertificatePath:
# An alternative means of supplying the certificate. It should be the
# base64-encoded contents of the PFX file If this is set, it will
# override CertificatePath.
#ControlR_KeyProtectionOptions__CertificateContentsBase64:
# The password for the PFX certificate file (if password-protected).
# Leave empty if the PFX file has no password.
#ControlR_KeyProtectionOptions__CertificatePassword:
# The Gateway IP here must match the IP address used by the Docker gateway.
ControlR_AppOptions__DockerGatewayIp: "::ffff:172.29.0.1"
# The maximum allowed file size for transfers in the remote File System component.
# Set to 0 or less for no limit. Default is 100MB.
ControlR_AppOptions__MaxFileTransferSize: 104857600
# Whether users must confirm their email address before being allowed to log in.
# If true, you must also configure SMTP settings below.
ControlR_AppOptions__RequireUserEmailConfirmation: true
# Disable all email sending from the application.
ControlR_AppOptions__DisableEmailSending: false
# SMTP settings are used for sending account-related emails, such as
# account confirmation and password reset emails. As of this writing,
# emails are only used for Microsoft's Identity system.
ControlR_AppOptions__SmtpDisplayName: ""
ControlR_AppOptions__SmtpEmail: ""
ControlR_AppOptions__SmtpHost: ""
ControlR_AppOptions__SmtpLocalDomain: ""
ControlR_AppOptions__SmtpCheckCertificateRevocation: true
ControlR_AppOptions__SmtpPassword: ""
ControlR_AppOptions__SmtpPort: 587
ControlR_AppOptions__SmtpUserName: ""
# Uncomment and add an entry for each proxy that will be forwarding traffic
# to ControlR. The app will not work correctly if this isn't done or if the
# forwarded headers are not in the correct format.
# See the docs for more details:
# https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer
#ControlR_AppOptions__KnownProxies__0:
#ControlR_AppOptions__KnownNetworks__0:
# To enable Microsoft account login, create an App Registration in Azure and
# set the values below. Instructions can be found here:
# https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins
#ControlR_AppOptions__MicrosoftClientId: ""
#ControlR_AppOptions__MicrosoftClientSecret: ""
# To enable GitHub login, create an OAuth app in GitHub set the values below.
# Instructions can be found here:
# https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps
#ControlR_AppOptions__GitHubClientId: ""
#ControlR_AppOptions__GitHubClientSecret: ""
postgres:
image: postgres:18
container_name: postgres
restart: unless-stopped
expose:
- "5432"
networks:
- controlr-network
volumes:
- controlr-data:/var/lib/postgresql
environment:
POSTGRES_USER: *pgUser
POSTGRES_PASSWORD: *pgPassword
POSTGRES_DB: controlr
aspire:
image: mcr.microsoft.com/dotnet/aspire-dashboard:latest
container_name: aspire
restart: unless-stopped
ports:
- "18888:18888"
expose:
- "18889"
networks:
- controlr-network
environment:
Dashboard__Frontend__BrowserToken: *aspireToken
Dashboard__Frontend__PublicUrl: *aspirePublicUrl
volumes:
controlr-data:
name: "controlr-data"
networks:
controlr-network:
driver: bridge
ipam:
config:
- subnet: 172.29.0.0/16
gateway: 172.29.0.1