version: '3.8' services: meshcentral: image: ghcr.io/ylianst/meshcentral:latest container_name: ${APP_NAME:-meshcentral} restart: unless-stopped volumes: - /srv/meshcentral/data:/opt/meshcentral/meshcentral-data - /srv/meshcentral/files:/opt/meshcentral/meshcentral-files - /srv/meshcentral/backup:/opt/meshcentral/meshcentral-backup - /srv/meshcentral/config:/opt/meshcentral/meshcentral-config environment: - HOSTNAME=${APP_DOMAIN} - NODE_ENV=production - REVERSE_PROXY_TLS_PORT= ulimits: nofile: soft: 65536 hard: 65536 sysctls: - net.ipv6.conf.all.disable_ipv6=1 - net.ipv6.conf.default.disable_ipv6=1 dns_opt: - use-vc - ndots:1 extra_hosts: - "authentik.nucleoriofrio.com:172.19.0.6" networks: - principal - traefik-network labels: - "traefik.enable=true" - "traefik.docker.network=traefik-network" # ========================= # WEB UI (HTTPS vía Traefik) # ========================= - "traefik.http.services.${APP_NAME}.loadbalancer.server.port=79" - "traefik.http.routers.${APP_NAME}.rule=Host(`${APP_DOMAIN}`)" - "traefik.http.routers.${APP_NAME}.entrypoints=websecure" - "traefik.http.routers.${APP_NAME}.tls=true" - "traefik.http.routers.${APP_NAME}.tls.certresolver=letsencrypt" - "traefik.http.routers.${APP_NAME}.service=${APP_NAME}" - "traefik.http.routers.${APP_NAME}.priority=100" # =========================================================== # AGENTES: TCP passthrough directo al 443 interno de Mesh # =========================================================== - "traefik.tcp.routers.${APP_NAME}-agents-tcp.rule=HostSNI(`${MESH_AGENTS_DOMAIN}`)" - "traefik.tcp.routers.${APP_NAME}-agents-tcp.entrypoints=websecure" - "traefik.tcp.routers.${APP_NAME}-agents-tcp.tls.passthrough=true" - "traefik.tcp.routers.${APP_NAME}-agents-tcp.service=${APP_NAME}-tcp" - "traefik.tcp.services.${APP_NAME}-tcp.loadbalancer.server.port=443" networks: principal: external: true traefik-network: external: true