dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
main
ScadaBridge/docker/docker-compose.yml
T
Joseph Doherty a050170414 chore(docker): supply DEV-ONLY ApiKeyPepper to local Central nodes 
The Auth/Config normalization made ScadaBridge:InboundApi:ApiKeyPepper a hard
Central-only startup requirement (>=16 chars), but the local dev composes never
supplied it, so deploy.sh's freshly-built image crash-looped both Central nodes
on ConfigPreflight validation. Add a clearly-marked DEV-ONLY, insecure pepper
inline to each cluster's Central environment (distinct per environment). These
are NOT real secrets — production injects a true per-env secret out-of-band per
docs/operations/inbound-api-key-reissue.md; the inline values exist only so the
local docker / docker-env2 clusters start.
2026-06-03 05:30:38 -04:00

160 lines
5.2 KiB
YAML
Raw Permalink Blame History

services:
central-a:
image: scadabridge:latest
container_name: scadabridge-central-a
environment:
SCADABRIDGE_CONFIG: Central
ASPNETCORE_ENVIRONMENT: Development
ASPNETCORE_URLS: "http://+:5000"
# DEV-ONLY local-cluster value — NOT a real secret. The Auth/Config normalization
# (2026-06-03) made ScadaBridge:InboundApi:ApiKeyPepper a hard Central startup
# requirement (>=16 chars, per-environment). Real deployments inject a true secret
# out-of-band (env/secret store), never from source control — see
# docs/operations/inbound-api-key-reissue.md. Both Central nodes share one pepper.
ScadaBridge__InboundApi__ApiKeyPepper: "dev-only-insecure-pepper-docker-cluster-0001"
ports:
- "9001:5000" # Web UI + Inbound API
- "9011:8081" # Akka remoting (host access for CLI/debugging)
volumes:
- ./central-node-a/appsettings.Central.json:/app/appsettings.Central.json:ro
- ./central-node-a/logs:/app/logs
networks:
- scadabridge-net
restart: unless-stopped
central-b:
image: scadabridge:latest
container_name: scadabridge-central-b
environment:
SCADABRIDGE_CONFIG: Central
ASPNETCORE_ENVIRONMENT: Development
ASPNETCORE_URLS: "http://+:5000"
# DEV-ONLY local-cluster value — NOT a real secret. The Auth/Config normalization
# (2026-06-03) made ScadaBridge:InboundApi:ApiKeyPepper a hard Central startup
# requirement (>=16 chars, per-environment). Real deployments inject a true secret
# out-of-band (env/secret store), never from source control — see
# docs/operations/inbound-api-key-reissue.md. Both Central nodes share one pepper.
ScadaBridge__InboundApi__ApiKeyPepper: "dev-only-insecure-pepper-docker-cluster-0001"
ports:
- "9002:5000" # Web UI + Inbound API
- "9012:8081" # Akka remoting
volumes:
- ./central-node-b/appsettings.Central.json:/app/appsettings.Central.json:ro
- ./central-node-b/logs:/app/logs
networks:
- scadabridge-net
restart: unless-stopped
site-a-a:
image: scadabridge:latest
container_name: scadabridge-site-a-a
environment:
SCADABRIDGE_CONFIG: Site
ports:
- "9021:8082" # Akka remoting (host access for debugging)
- "9023:8083" # gRPC streaming
volumes:
- ./site-a-node-a/appsettings.Site.json:/app/appsettings.Site.json:ro
- ./site-a-node-a/data:/app/data
- ./site-a-node-a/logs:/app/logs
networks:
- scadabridge-net
restart: unless-stopped
site-a-b:
image: scadabridge:latest
container_name: scadabridge-site-a-b
environment:
SCADABRIDGE_CONFIG: Site
ports:
- "9022:8082" # Akka remoting
- "9024:8083" # gRPC streaming
volumes:
- ./site-a-node-b/appsettings.Site.json:/app/appsettings.Site.json:ro
- ./site-a-node-b/data:/app/data
- ./site-a-node-b/logs:/app/logs
networks:
- scadabridge-net
restart: unless-stopped
site-b-a:
image: scadabridge:latest
container_name: scadabridge-site-b-a
environment:
SCADABRIDGE_CONFIG: Site
ports:
- "9031:8082" # Akka remoting
- "9033:8083" # gRPC streaming
volumes:
- ./site-b-node-a/appsettings.Site.json:/app/appsettings.Site.json:ro
- ./site-b-node-a/data:/app/data
- ./site-b-node-a/logs:/app/logs
networks:
- scadabridge-net
restart: unless-stopped
site-b-b:
image: scadabridge:latest
container_name: scadabridge-site-b-b
environment:
SCADABRIDGE_CONFIG: Site
ports:
- "9032:8082" # Akka remoting
- "9034:8083" # gRPC streaming
volumes:
- ./site-b-node-b/appsettings.Site.json:/app/appsettings.Site.json:ro
- ./site-b-node-b/data:/app/data
- ./site-b-node-b/logs:/app/logs
networks:
- scadabridge-net
restart: unless-stopped
site-c-a:
image: scadabridge:latest
container_name: scadabridge-site-c-a
environment:
SCADABRIDGE_CONFIG: Site
ports:
- "9041:8082" # Akka remoting
- "9043:8083" # gRPC streaming
volumes:
- ./site-c-node-a/appsettings.Site.json:/app/appsettings.Site.json:ro
- ./site-c-node-a/data:/app/data
- ./site-c-node-a/logs:/app/logs
networks:
- scadabridge-net
restart: unless-stopped
site-c-b:
image: scadabridge:latest
container_name: scadabridge-site-c-b
environment:
SCADABRIDGE_CONFIG: Site
ports:
- "9042:8082" # Akka remoting
- "9044:8083" # gRPC streaming
volumes:
- ./site-c-node-b/appsettings.Site.json:/app/appsettings.Site.json:ro
- ./site-c-node-b/data:/app/data
- ./site-c-node-b/logs:/app/logs
networks:
- scadabridge-net
restart: unless-stopped
traefik:
image: traefik:v3.4
container_name: scadabridge-traefik
ports:
- "9000:80" # Central load-balanced entrypoint
- "8180:8080" # Traefik dashboard
volumes:
- ./traefik/traefik.yml:/etc/traefik/traefik.yml:ro
- ./traefik/dynamic.yml:/etc/traefik/dynamic.yml:ro
networks:
- scadabridge-net
restart: unless-stopped
networks:
scadabridge-net:
external: true
Reference in New Issue View Git Blame Copy Permalink