-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
executable file
·107 lines (102 loc) · 2.95 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# Global x-* fields for reuse
x-logging: &default-logging
driver: json-file
options:
max-size: 10m
max-file: 3
x-healthcheck: &default-healthcheck
interval: 30s
timeout: 10s
retries: 3
start_period: 20s
services:
# 3x-ui VPN Panel - using alireza7 fork and pinned version
xray-ui:
image: alireza7/x-ui:2.1.5 # Pinned version - verify latest stable tag if needed
container_name: xray-ui
user: root
restart: always
volumes:
- xui_db_data:/etc/x-ui/:rw
ports:
- 9080:80 # Changed from 80:80 to avoid conflict
- 9443:443 # Changed from 443:443
- 9001:54321 # Panel admin port - this is the important port for admin interface
networks:
- vpn-network
healthcheck:
<<: *default-healthcheck
test: [CMD, wget, -qO-, http://localhost:54321/]
logging: *default-logging
# Security and resource limits
deploy:
resources:
limits:
cpus: '1'
memory: 1G
restart_policy:
condition: on-failure
max_attempts: 3
window: 120s
# Admin Panel with Next.js and Supabase integration
vpn-admin:
image: vpn-admin
build:
context: ./admin-panel
dockerfile: Dockerfile
container_name: vpn-admin
restart: always
environment:
# Ensure Supabase URLs point to your actual Supabase instance if used, otherwise remove/comment out.
- NEXT_PUBLIC_SUPABASE_URL=${NEXT_PUBLIC_SUPABASE_URL}
- NEXT_PUBLIC_SUPABASE_ANON_KEY=${NEXT_PUBLIC_SUPABASE_ANON_KEY}
- SUPABASE_URL=${SUPABASE_URL}
- SUPABASE_KEY=${SUPABASE_KEY}
- SUPABASE_SERVICE_ROLE_KEY=${SUPABASE_SERVICE_ROLE_KEY}
- XUI_PANEL_URL=http://xray-ui:54321 # Internal communication
- XUI_USERNAME=${XUI_USERNAME}
- XUI_PASSWORD=${XUI_PASSWORD}
- JWT_SECRET=${JWT_SECRET}
- TZ=${TIMEZONE:-Europe/Moscow}
- XRAY_VMESS_AEAD_FORCED=${XRAY_VMESS_AEAD_FORCED:-false}
- SECURITY_PANEL_ENFORCE_HTTPS=false
- WEBUI_LANGUAGE=en-US
ports:
- 9002:3000 # Map container's 3000 port to host's 9002 - changed to avoid conflict
networks:
- vpn-network
logging: *default-logging
healthcheck:
<<: *default-healthcheck
test: [CMD-SHELL, wget -qO- http://localhost:3000/ || exit 1]
# Security and resource limits
deploy:
resources:
limits:
cpus: '0.5'
memory: 512M
restart_policy:
condition: on-failure
max_attempts: 3
window: 120s
read_only: false # Next.js needs write access
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
depends_on:
- xray-ui # Ensure xray-ui starts first
networks:
vpn-network:
driver: bridge
# Enhanced network security
ipam:
driver: default
config:
- subnet: 172.28.0.0/16
driver_opts:
com.docker.network.bridge.name: vpn0
# Named volumes for data persistence
volumes:
xui_db_data:
driver: local