a2af06f925
Adds a guacamole/guacd service to docker-compose.yml and points the backend at it (ARCHNEST_GUACD_HOST/PORT) plus passes through ARCHNEST_GUAC_CRYPT_KEY, with depends_on ordering. Documents ARCHNEST_GUACD_* in backend/.env.example. Closes the Phase 5 deployment gap. Compose validated via `docker compose config`. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbJV5nm8KPVH1oNJYKpnoF
45 lines
1.4 KiB
YAML
45 lines
1.4 KiB
YAML
services:
|
|
archnest:
|
|
build: .
|
|
image: archnest:latest
|
|
container_name: archnest
|
|
restart: unless-stopped
|
|
ports:
|
|
- "8080:8080"
|
|
depends_on:
|
|
- archnest-backend
|
|
|
|
archnest-backend:
|
|
build: ./backend
|
|
image: archnest-backend:latest
|
|
container_name: archnest-backend
|
|
restart: unless-stopped
|
|
environment:
|
|
- PORT=4000
|
|
- ARCHNEST_DB_PATH=/data/archnest.db
|
|
- ARCHNEST_JWT_SECRET=${ARCHNEST_JWT_SECRET}
|
|
- ARCHNEST_SECRET_KEY=${ARCHNEST_SECRET_KEY}
|
|
- ARCHNEST_CORS_ORIGIN=${ARCHNEST_CORS_ORIGIN:-https://archnest.snsnetlabs.com}
|
|
# Remote Desktop (RDP/VNC/Telnet via Guacamole). The crypt key must be exactly
|
|
# 32 bytes (AES-256-CBC); guacd runs as the sidecar service below.
|
|
- ARCHNEST_GUAC_CRYPT_KEY=${ARCHNEST_GUAC_CRYPT_KEY}
|
|
- ARCHNEST_GUACD_HOST=guacd
|
|
- ARCHNEST_GUACD_PORT=4822
|
|
volumes:
|
|
- archnest-data:/data
|
|
ports:
|
|
- "4000:4000"
|
|
depends_on:
|
|
- guacd
|
|
|
|
# guacd is the Guacamole proxy daemon that actually speaks RDP/VNC/Telnet to
|
|
# target hosts; the backend's /api/guacamole websocket route connects to it.
|
|
guacd:
|
|
image: guacamole/guacd:1.5.5
|
|
container_name: archnest-guacd
|
|
restart: unless-stopped
|
|
# No published port: only the backend (same compose network) needs to reach
|
|
# it on 4822. Exposed internally via the service name "guacd".
|
|
|
|
volumes:
|
|
archnest-data:
|