ScadaBridge/docker-env2/docker-compose.yml

services:
  central-a:
    image: scadabridge:latest
    container_name: scadabridge-env2-central-a
    environment:
      SCADABRIDGE_CONFIG: Central
      ASPNETCORE_ENVIRONMENT: Development
      ASPNETCORE_URLS: "http://+:5000"
      # DEV-ONLY local-cluster value — NOT a real secret. The Auth/Config normalization
      # (2026-06-03) made ScadaBridge:InboundApi:ApiKeyPepper a hard Central startup
      # requirement (>=16 chars, per-environment). Distinct from the docker/ cluster's
      # pepper per the "different per environment" guidance; real deployments inject a
      # true secret out-of-band, never from source control. Both Central nodes share it.
      ScadaBridge__InboundApi__ApiKeyPepper: "dev-only-insecure-pepper-env2-cluster-0001"
    ports:
      - "9101:5000"   # Web UI + Inbound API
      - "9111:8081"   # Akka remoting
    volumes:
      - ./central-node-a/appsettings.Central.json:/app/appsettings.Central.json:ro
      - ./central-node-a/logs:/app/logs
    networks:
      - scadabridge-net
    restart: unless-stopped

  central-b:
    image: scadabridge:latest
    container_name: scadabridge-env2-central-b
    environment:
      SCADABRIDGE_CONFIG: Central
      ASPNETCORE_ENVIRONMENT: Development
      ASPNETCORE_URLS: "http://+:5000"
      # DEV-ONLY local-cluster value — NOT a real secret. The Auth/Config normalization
      # (2026-06-03) made ScadaBridge:InboundApi:ApiKeyPepper a hard Central startup
      # requirement (>=16 chars, per-environment). Distinct from the docker/ cluster's
      # pepper per the "different per environment" guidance; real deployments inject a
      # true secret out-of-band, never from source control. Both Central nodes share it.
      ScadaBridge__InboundApi__ApiKeyPepper: "dev-only-insecure-pepper-env2-cluster-0001"
    ports:
      - "9102:5000"   # Web UI + Inbound API
      - "9112:8081"   # Akka remoting
    volumes:
      - ./central-node-b/appsettings.Central.json:/app/appsettings.Central.json:ro
      - ./central-node-b/logs:/app/logs
    networks:
      - scadabridge-net
    restart: unless-stopped

  site-x-a:
    image: scadabridge:latest
    container_name: scadabridge-env2-site-x-a
    environment:
      SCADABRIDGE_CONFIG: Site
    ports:
      - "9121:8082"   # Akka remoting
      - "9123:8083"   # gRPC streaming
    volumes:
      - ./site-x-node-a/appsettings.Site.json:/app/appsettings.Site.json:ro
      - ./site-x-node-a/data:/app/data
      - ./site-x-node-a/logs:/app/logs
    networks:
      - scadabridge-net
    restart: unless-stopped

  site-x-b:
    image: scadabridge:latest
    container_name: scadabridge-env2-site-x-b
    environment:
      SCADABRIDGE_CONFIG: Site
    ports:
      - "9122:8082"   # Akka remoting
      - "9124:8083"   # gRPC streaming
    volumes:
      - ./site-x-node-b/appsettings.Site.json:/app/appsettings.Site.json:ro
      - ./site-x-node-b/data:/app/data
      - ./site-x-node-b/logs:/app/logs
    networks:
      - scadabridge-net
    restart: unless-stopped

  traefik:
    image: traefik:v3.4
    container_name: scadabridge-env2-traefik
    ports:
      - "9100:80"        # Env2 central load-balanced entrypoint
      - "8181:8080"      # Env2 Traefik dashboard
    volumes:
      - ./traefik/traefik.yml:/etc/traefik/traefik.yml:ro
      - ./traefik/dynamic.yml:/etc/traefik/dynamic.yml:ro
    networks:
      - scadabridge-net
    restart: unless-stopped

networks:
  scadabridge-net:
    external: true