Table of Contents
docker-compose.yml
version: "3.7"
# networks
networks:
proxy:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.20.0.0/24
api-db: null
redis: null
mesh-db: null # docker managed persistent volumes
volumes:
tactical_data: null
postgres_data: null
mongo_data: null
mesh_data: null
redis_data: null
services:
# postgres database for api service
tactical-postgres:
container_name: trmm-postgres
image: postgres:13-alpine
restart: always
environment:
POSTGRES_DB: tacticalrmm
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASS}
volumes:
- ./postgres_data:/var/lib/postgresql/data
networks:
- api-db
# redis container for celery tasks
tactical-redis:
container_name: trmm-redis
image: redis:6.0-alpine
command: redis-server --appendonly yes
restart: always
volumes:
- ./redis_data:/data
networks:
- redis
# used to initialize the docker environment
tactical-init:
container_name: trmm-init
image: ${IMAGE_REPO}tactical:${VERSION}
restart: on-failure
command: [ "tactical-init" ]
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASS: ${POSTGRES_PASS}
APP_HOST: ${APP_HOST}
API_HOST: ${API_HOST}
MESH_USER: ${MESH_USER}
MESH_HOST: ${MESH_HOST}
TRMM_USER: ${TRMM_USER}
TRMM_PASS: ${TRMM_PASS}
depends_on:
- tactical-postgres
- tactical-meshcentral
networks:
- api-db
- proxy
volumes:
- ./tactical_data:/opt/tactical
# nats
tactical-nats:
container_name: trmm-nats
image: ${IMAGE_REPO}tactical-nats:${VERSION}
restart: always
environment:
API_HOST: ${API_HOST}
ports:
- "4222:4222"
volumes:
- ./tactical_data:/opt/tactical
networks:
api-db: null
proxy:
aliases:
- ${API_HOST}
default:
# meshcentral container
tactical-meshcentral:
container_name: trmm-meshcentral
image: ${IMAGE_REPO}tactical-meshcentral:${VERSION}
restart: always
environment:
MESH_HOST: ${MESH_HOST}
MESH_USER: ${MESH_USER}
MESH_PASS: ${MESH_PASS}
MONGODB_USER: ${MONGODB_USER}
MONGODB_PASSWORD: ${MONGODB_PASSWORD}
MESH_PERSISTENT_CONFIG: ${MESH_PERSISTENT_CONFIG}
networks:
proxy:
aliases:
- ${MESH_HOST}
mesh-db: null
volumes:
- ./tactical_data:/opt/tactical
- ./mesh_data:/home/node/app/meshcentral-data
depends_on:
- tactical-mongodb
# mongodb container for meshcentral
tactical-mongodb:
container_name: trmm-mongodb
image: mongo:4.4
restart: always
environment:
MONGO_INITDB_ROOT_USERNAME: ${MONGODB_USER}
MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD}
MONGO_INITDB_DATABASE: meshcentral
networks:
- mesh-db
volumes:
- ./mongo_data:/data/db
# container that hosts vue frontend
tactical-frontend:
container_name: trmm-frontend
image: ${IMAGE_REPO}tactical-frontend:${VERSION}
restart: always
networks:
- proxy
environment:
API_HOST: ${API_HOST}
# container for django backend
tactical-backend:
container_name: trmm-backend
image: ${IMAGE_REPO}tactical:${VERSION}
command: [ "tactical-backend" ]
restart: always
networks:
- proxy
- api-db
- redis
volumes:
- ./tactical_data:/opt/tactical
depends_on:
- tactical-postgres
# container for django websockets connections
tactical-websockets:
container_name: trmm-websockets
image: ${IMAGE_REPO}tactical:${VERSION}
command: [ "tactical-websockets" ]
restart: always
networks:
- proxy
- api-db
- redis
volumes:
- ./tactical_data:/opt/tactical
depends_on:
- tactical-postgres
- tactical-backend
# container for tactical reverse proxy
tactical-nginx:
container_name: trmm-nginx
image: ${IMAGE_REPO}tactical-nginx:${VERSION}
restart: always
environment:
APP_HOST: ${APP_HOST}
API_HOST: ${API_HOST}
MESH_HOST: ${MESH_HOST}
CERT_PUB_KEY: ${CERT_PUB_KEY}
CERT_PRIV_KEY: ${CERT_PRIV_KEY}
networks:
proxy:
ipv4_address: 172.20.0.20
ports:
- "8010:80"
- "8011:443"
volumes:
- ./tactical_data:/opt/tactical
# container for celery worker service
tactical-celery:
container_name: trmm-celery
image: ${IMAGE_REPO}tactical:${VERSION}
command: [ "tactical-celery" ]
restart: always
networks:
- redis
- proxy
- api-db
volumes:
- ./tactical_data:/opt/tactical
depends_on:
- tactical-postgres
- tactical-redis
# container for celery beat service
tactical-celerybeat:
container_name: trmm-celerybeat
image: ${IMAGE_REPO}tactical:${VERSION}
command: [ "tactical-celerybeat" ]
restart: always
networks:
- proxy
- redis
- api-db
volumes:
- ./tactical_data:/opt/tactical
depends_on:
- tactical-postgres
- tactical-redis
.env
IMAGE_REPO=tacticalrmm/
VERSION=latest
# tactical credentials (Used to login to dashboard)
TRMM_USER=tacticalrmm
TRMM_PASS=password
# dns settings
APP_HOST=rmm.example.com
API_HOST=api.example.com
MESH_HOST=mesh.example.com
# mesh settings
MESH_USER=tacticalrmm
MESH_PASS=password
MONGODB_USER=mongouser
MONGODB_PASSWORD=password
MESH_PERSISTENT_CONFIG=0
# database settings
POSTGRES_USER=postgres
POSTGRES_PASS=password
certificates
echo -e "\n# certs" >> .env
echo "CERT_PUB_KEY=$(base64 -w 0 /path/to/fullchain.pem)" >> .env
echo "CERT_PRIV_KEY=$(base64 -w 0 /path/to/privkey.pem)" >> .env