nucleo000/radiusNucleo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix
All checks were successful
build-and-deploy / build-and-deploy (push) Successful in 22s
Details

Browse Source
This commit is contained in:
josedario87
2025-10-17 05:04:30 -06:00
parent 918ca465d6
commit 35c9947204
1 changed files with 85 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

177
docker-compose.yml
View File

@@ -1,101 +1,94 @@
version: "3.9" version: "3.9"
services: services:
radiusnucleo-node: radiusnucleo-node:
build: build:
context: . context: .
dockerfile: node-api/Dockerfile dockerfile: node-api/Dockerfile
image: gitea.nucleoriofrio.com/nucleo000/radiusnucleo:latest image: gitea.nucleoriofrio.com/nucleo000/radiusnucleo:latest
container_name: radiusnucleo-node-1 container_name: radiusnucleo-node-1
environment: environment:
- VLAN_ID=2 - VLAN_ID=2
- MAX_UP=10000000 - MAX_UP=10000000
- MAX_DOWN=10000000 - MAX_DOWN=10000000
- RADIUS_HOST=freeradius - RADIUS_HOST=freeradius
- RADIUS_AUTH_PORT=1812 - RADIUS_AUTH_PORT=1812
- RADIUS_SECRET=${RADIUS_SHARED_SECRET:-tamosbien} - RADIUS_SECRET=${RADIUS_SHARED_SECRET:-tamosbien}
- PGHOST=postgres - PGHOST=postgres
- PGPORT=5432 - PGPORT=5432
- PGDATABASE=radius - PGDATABASE=radius
- PGUSER=radius - PGUSER=radius
- PGPASSWORD=radius - PGPASSWORD=radius
networks: networks:
- principal - principal
- radiusnucleo_radius_net - radiusnucleo_radius_net
labels: labels:
# Habilitar Traefik # Habilitar Traefik
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.docker.network=principal" - "traefik.docker.network=principal"
# Service - Puerto y configuraciones SSE (compartido por ambos routers) # Service - Puerto y configuraciones SSE (compartido por ambos routers)
- "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.server.port=3000" - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.server.port=3000"
- "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.passhostheader=true" - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.passhostheader=true"
- "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.responseforwarding.flushinterval=1ms" - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.responseforwarding.flushinterval=1ms"
- "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.serverstransport=wifi-transport@docker" - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.serverstransport=wifi-transport@file"
# Router 1: Público (assets estáticos, manifest, icons) - SIN autenticación - ALTA PRIORIDAD # Router 1: Público (assets estáticos, manifest, icons) - SIN autenticación - ALTA PRIORIDAD
- "traefik.http.routers.wifi-nucleoriofrio-public.rule=Host(`wifi.nucleoriofrio.com`) && (PathPrefix(`/assets`) || PathPrefix(`/.well-known`) || PathPrefix(`/icons`) || Path(`/manifest.webmanifest`) || Path(`/favicon.ico`) || Path(`/vite.svg`))" - "traefik.http.routers.wifi-nucleoriofrio-public.rule=Host(`wifi.nucleoriofrio.com`) && (PathPrefix(`/assets`) || PathPrefix(`/.well-known`) || PathPrefix(`/icons`) || Path(`/manifest.webmanifest`) ||Path(`/favicon.ico`) || Path(`/vite.svg`))"
- "traefik.http.routers.wifi-nucleoriofrio-public.entrypoints=websecure" - "traefik.http.routers.wifi-nucleoriofrio-public.entrypoints=websecure"
- "traefik.http.routers.wifi-nucleoriofrio-public.tls.certresolver=letsencrypt" - "traefik.http.routers.wifi-nucleoriofrio-public.tls.certresolver=letsencrypt"
- "traefik.http.routers.wifi-nucleoriofrio-public.service=wifi-nucleoriofrio-service" - "traefik.http.routers.wifi-nucleoriofrio-public.service=wifi-nucleoriofrio-service"
- "traefik.http.routers.wifi-nucleoriofrio-public.priority=100" - "traefik.http.routers.wifi-nucleoriofrio-public.priority=100"
- "traefik.http.routers.wifi-nucleoriofrio-public.middlewares=wifi-headers@docker" - "traefik.http.routers.wifi-nucleoriofrio-public.middlewares=wifi-headers@docker"
# Router 2: Principal (todo lo demás) - CON autenticación - BAJA PRIORIDAD # Router 2: Principal (todo lo demás) - CON autenticación - BAJA PRIORIDAD
- "traefik.http.routers.wifi-nucleoriofrio.rule=Host(`wifi.nucleoriofrio.com`)" - "traefik.http.routers.wifi-nucleoriofrio.rule=Host(`wifi.nucleoriofrio.com`)"
- "traefik.http.routers.wifi-nucleoriofrio.entrypoints=websecure" - "traefik.http.routers.wifi-nucleoriofrio.entrypoints=websecure"
- "traefik.http.routers.wifi-nucleoriofrio.tls.certresolver=letsencrypt" - "traefik.http.routers.wifi-nucleoriofrio.tls.certresolver=letsencrypt"
- "traefik.http.routers.wifi-nucleoriofrio.service=wifi-nucleoriofrio-service" - "traefik.http.routers.wifi-nucleoriofrio.service=wifi-nucleoriofrio-service"
- "traefik.http.routers.wifi-nucleoriofrio.priority=10" - "traefik.http.routers.wifi-nucleoriofrio.priority=10"
- "traefik.http.routers.wifi-nucleoriofrio.middlewares=authentik-forward-auth@file,wifi-headers@docker" - "traefik.http.routers.wifi-nucleoriofrio.middlewares=authentik-forward-auth@file,wifi-headers@docker"
# Middleware: wifi-headers # Middleware: wifi-headers
- "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https" - "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Scheme=https" - "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Scheme=https"
# ServersTransport para SSE/WebSocket freeradius:
- "traefik.http.serverstransports.wifi-transport.servername=radiusnucleo-node-1" build: ./freeradius
- "traefik.http.serverstransports.wifi-transport.insecureskipverify=false" image: gitea.nucleoriofrio.com/nucleo000/radiusnucleo-freeradius:latest
- "traefik.http.serverstransports.wifi-transport.forwardingtimeouts.dialtimeout=30s" depends_on:
- "traefik.http.serverstransports.wifi-transport.forwardingtimeouts.responseheadertimeout=0s" - radiusnucleo-node
- "traefik.http.serverstransports.wifi-transport.forwardingtimeouts.idleconntimeout=90s" - postgres
restart: unless-stopped
ports:
- "1812:1812/udp"
- "1813:1813/udp"
- "3799:3799/udp"
environment:
- RADIUS_CLIENTS_CIDR=${RADIUS_CLIENTS_CIDR:-192.168.87.0/24}
- RADIUS_SHARED_SECRET=${RADIUS_SHARED_SECRET:-tamosbien}
networks:
- radiusnucleo_radius_net
- principal
freeradius: postgres:
build: ./freeradius image: postgres:16-alpine
image: gitea.nucleoriofrio.com/nucleo000/radiusnucleo-freeradius:latest environment:
depends_on: - POSTGRES_DB=radius
- radiusnucleo-node - POSTGRES_USER=radius
- postgres - POSTGRES_PASSWORD=radius
restart: unless-stopped volumes:
ports: - postgres_data:/var/lib/postgresql/data
- "1812:1812/udp" - ./postgres/init:/docker-entrypoint-initdb.d:ro
- "1813:1813/udp" networks:
- "3799:3799/udp" - radiusnucleo_radius_net
environment: - principal
- RADIUS_CLIENTS_CIDR=${RADIUS_CLIENTS_CIDR:-192.168.87.0/24}
- RADIUS_SHARED_SECRET=${RADIUS_SHARED_SECRET:-tamosbien}
networks:
- radiusnucleo_radius_net
- principal
postgres: networks:
image: postgres:16-alpine principal:
environment: external: true
- POSTGRES_DB=radius radiusnucleo_radius_net:
- POSTGRES_USER=radius external: true
- POSTGRES_PASSWORD=radius
volumes:
- postgres_data:/var/lib/postgresql/data
- ./postgres/init:/docker-entrypoint-initdb.d:ro
networks:
- radiusnucleo_radius_net
- principal
networks: volumes:
principal: postgres_data:
external: true
radiusnucleo_radius_net:
external: true
volumes:
postgres_data: