version: '3' services: # kasm: # image: linuxserver/kasm:latest # container_name: kasm_kasm # privileged: true # deploy: # resources: # reservations: # devices: # - driver: nvidia # count: all # capabilities: [gpu] # environment: # - KASM_PORT=4443 # - NVIDIA_VISIBLE_DEVICES=all # #- DOCKER_HUB_USERNAME= # #- DOCKER_HUB_PASSWORD= # volumes: # - ${APP_DATA}/opt:/opt # - ${APP_DATA}/profiles:/profiles # - /dev/input:/dev/input # - /run/udev/data:/run/udev/data # networks: # - web # ports: # - 43000:3000 # - 4443:4443 # labels: # - traefik.http.routers.kasm.rule=Host(`kasm.jafner.net`) # - traefik.http.routers.kasm.tls.certresolver=lets-encrypt # - traefik.http.routers.kasm.middlewares=traefik-forward-auth-privileged@file # - traefik.http.routers.kasm.service=kasm@docker # - traefik.http.routers.kasm.entrypoints=websecure # - traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https # - traefik.http.services.kasm.loadbalancer.server.port=4443 # - traefik.http.services.kasm.loadbalancer.serverstransport=insecureskipverify@file # #- traefik.http.routers.kasm-setup.rule=Host(`setup.kasm.jafner.net`) # #- traefik.http.routers.kasm-setup.tls.certresolver=lets-encrypt # #- traefik.http.routers.kasm-setup.middlewares=traefik-forward-auth-privileged@file # #- traefik.http.routers.kasm-setup.service=kasm-setup@docker # #- traefik.http.routers.kasm-setup.entrypoints=websecure # #- traefik.http.services.kasm-setup.loadbalancer.server.port=3000 # #- traefik.http.services.kasm-setup.loadbalancer.serverstransport=insecureskipverify@file version: '3' services: db: container_name: kasm_db image: postgres:12-alpine healthcheck: test: "pg_isready --username=kasmapp && cat /proc/1/cmdline | grep -q '^postgres'" timeout: 5s retries: 20 networks: - kasm_default_network env_file: - kasm.env - kasm_secrets.env volumes: - ${APP_DATA}/conf/database/data.sql:/docker-entrypoint-initdb.d/data.sql - ${APP_DATA}/conf/database/pg_hba.conf:/var/lib/postgresql/conf/pg_hba.conf - ${APP_DATA}/conf/database/postgresql.conf:/var/lib/postgresql/conf/postgresql.conf - ${APP_DATA}/conf/database/:/tmp/ - ${APP_DATA}/certs/db_server.crt:/etc/ssl/certs/db_server.crt - ${APP_DATA}/certs/db_server.key:/etc/ssl/certs/db_server.key - ${APP_DATA}/log/postgres/:/var/log/postgres/ - kasm_db_1.14.0:/var/lib/postgresql/data logging: driver: "json-file" options: max-size: "10m" max-file: "20" command: postgres -c ssl=on -c ssl_cert_file=/etc/ssl/certs/db_server.crt -c ssl_key_file=/etc/ssl/certs/db_server.key -c config_file=/var/lib/postgresql/conf/postgresql.conf -c hba_file=/var/lib/postgresql/conf/pg_hba.conf restart: "always" kasm_redis: container_name: kasm_redis command: ["sh", "-c", "redis-server --requirepass $${REDIS_PASSWORD}"] user: "1000:1000" image: redis:5-alpine networks: - kasm_default_network env_file: - kasm_secrets.env logging: driver: "json-file" options: max-size: "10m" max-file: "20" restart: "always" kasm_api: container_name: kasm_api user: "1000:1000" image: "kasmweb/api:1.14.0" read_only: true networks: - kasm_default_network volumes: - ${APP_DATA}:/opt/kasm/current - ${APP_DATA}/tmp/api:/tmp depends_on: - db restart: always logging: driver: "json-file" options: max-size: "10m" max-file: "20" kasm_manager: container_name: kasm_manager user: "1000:1000" image: "kasmweb/manager:1.14.0" read_only: true networks: - kasm_default_network volumes: - ${APP_DATA}:/opt/kasm/current depends_on: - db restart: always logging: driver: "json-file" options: max-size: "10m" max-file: "20" kasm_agent: container_name: kasm_agent user: root image: "kasmweb/agent:1.14.0" read_only: true networks: - kasm_default_network volumes: - ${APP_DATA}:/opt/kasm/current - /var/run/docker.sock:/var/run/docker.sock - ${APP_DATA}/conf/nginx:/etc/nginx/conf.d depends_on: - kasm_manager restart: always logging: driver: "json-file" options: max-size: "10m" max-file: "20" kasm_share: container_name: kasm_share user: root image: "kasmweb/share:1.14.0" read_only: true networks: - kasm_default_network volumes: - ${APP_DATA}:/opt/kasm/current restart: always depends_on: - db - kasm_redis logging: driver: "json-file" options: max-size: "10m" max-file: "20" kasm_guac: container_name: kasm_guac user: "1000:1000" image: "kasmweb/kasm-guac:1.14.0" read_only: true networks: - kasm_default_network volumes: - ${APP_DATA}:/opt/kasm/current - ${APP_DATA}/tmp/guac:/tmp restart: always logging: driver: "json-file" options: max-size: "10m" max-file: "20" proxy: container_name: kasm_proxy image: "kasmweb/nginx:1.25.1" expose: - 443 networks: - kasm_default_network volumes: - ${APP_DATA}/conf/nginx:/etc/nginx/conf.d:ro - ${APP_DATA}/certs/kasm_nginx.key:/etc/ssl/private/kasm_nginx.key - ${APP_DATA}/certs/kasm_nginx.crt:/etc/ssl/certs/kasm_nginx.crt - ${APP_DATA}/www:/srv/www:ro - ${APP_DATA}/log/nginx:/var/log/external/nginx/ - ${APP_DATA}/log/logrotate:/var/log/external/logrotate/ depends_on: - kasm_manager - kasm_api - kasm_agent - kasm_share - kasm_guac labels: - traefik.http.routers.kasm.rule=Host(`kasm.jafner.net`) - traefik.http.routers.kasm.tls.certresolver=lets-encrypt - traefik.http.routers.kasm.middlewares=traefik-forward-auth-privileged@file - traefik.http.routers.kasm.entrypoints=websecure - traefik.http.services.kasm-proxy.loadbalancer.server.port=443 - traefik.http.services.kasm-proxy.loadbalancer.server.scheme=https #- traefik.http.routers.kasm.service=kasm@docker #- traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https #- traefik.http.services.kasm-proxy.loadbalancer.serverstransport=insecureskipverify@file restart: always logging: driver: "json-file" options: max-size: "10m" max-file: "20" volumes: kasm_db_1.14.0: external: true networks: kasm_default_network: external: true web: external: true