radiusNucleo/docker-compose.yml

version: "3.9"

services:
  radiusnucleo-node:
    build:
      context: .
      dockerfile: node-api/Dockerfile
    image: gitea.nucleoriofrio.com/nucleo000/radiusnucleo:latest
    container_name: radiusnucleo-node-1
    environment:
      - VLAN_ID=2
      - MAX_UP=10000000
      - MAX_DOWN=10000000
      - RADIUS_HOST=freeradius
      - RADIUS_AUTH_PORT=1812
      - RADIUS_SECRET=${RADIUS_SHARED_SECRET:-tamosbien}
      - PGHOST=postgres
      - PGPORT=5432
      - PGDATABASE=radius
      - PGUSER=radius
      - PGPASSWORD=radius
    networks:
      - principal
      - radiusnucleo_radius_net
    labels:
      # Habilitar Traefik
      - "traefik.enable=true"
      - "traefik.docker.network=principal"

      # Router principal
      - "traefik.http.routers.wifi-nucleoriofrio.rule=Host(`wifi.nucleoriofrio.com`)"
      - "traefik.http.routers.wifi-nucleoriofrio.entrypoints=websecure"
      - "traefik.http.routers.wifi-nucleoriofrio.tls.certresolver=letsencrypt"
      - "traefik.http.routers.wifi-nucleoriofrio.service=wifi-nucleoriofrio-service"
      - "traefik.http.routers.wifi-nucleoriofrio.middlewares=authentik-forward-auth@file,wifi-headers@docker"

      # Service - Puerto y configuraciones SSE
      - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.server.port=3000"
      - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.passhostheader=true"
      - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.responseforwarding.flushinterval=1ms"
      - "traefik.http.services.wifi-nucleoriofrio-service.loadbalancer.serverstransport=wifi-transport@docker"

      # Middleware: wifi-headers
      - "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.middlewares.wifi-headers.headers.customrequestheaders.X-Forwarded-Scheme=https"

      # ServersTransport para SSE/WebSocket
      - "traefik.http.serverstransports.wifi-transport.servername=radiusnucleo-node-1"
      - "traefik.http.serverstransports.wifi-transport.insecureskipverify=false"
      - "traefik.http.serverstransports.wifi-transport.forwardingtimeouts.dialtimeout=30s"
      - "traefik.http.serverstransports.wifi-transport.forwardingtimeouts.responseheadertimeout=0s"
      - "traefik.http.serverstransports.wifi-transport.forwardingtimeouts.idleconntimeout=90s"

  freeradius:
    build: ./freeradius
    image: gitea.nucleoriofrio.com/nucleo000/radiusnucleo-freeradius:latest
    depends_on:
      - radiusnucleo-node
      - postgres
    restart: unless-stopped
    ports:
      - "1812:1812/udp"
      - "1813:1813/udp"
      - "3799:3799/udp"
    environment:
      - RADIUS_CLIENTS_CIDR=${RADIUS_CLIENTS_CIDR:-192.168.87.0/24}
      - RADIUS_SHARED_SECRET=${RADIUS_SHARED_SECRET:-tamosbien}
    networks:
      - radiusnucleo_radius_net
      - principal

  postgres:
    image: postgres:16-alpine
    environment:
      - POSTGRES_DB=radius
      - POSTGRES_USER=radius
      - POSTGRES_PASSWORD=radius
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - ./postgres/init:/docker-entrypoint-initdb.d:ro
    networks:
      - radiusnucleo_radius_net
      - principal

networks:
  principal:
    external: true
  radiusnucleo_radius_net:
    external: true

volumes:
  postgres_data: