Initial import

.envrc.sample

@@ -0,0 +1,6 @@
+export SERVICE=rocketchat
+export DOMAIN=rocketchat.example.com
+export STACK_NAME=rocketchat
+export LETS_ENCRYPT_ENV=production
+
+# https://docs.rocket.chat/guides/administrator-guides/settings-via-env-vars

README.md

@@ -0,0 +1,4 @@
+
+# SSO
+
+https://docs.rocket.chat/guides/administrator-guides/authentication/open-id-connect/keycloak

compose.yml

@@ -0,0 +1,102 @@
+---
+version: '3.8'
+
+services:
+  rocketchat:
+    image: rocketchat/rocket.chat:latest
+    command: >
+      bash -c
+        "for i in `seq 1 30`; do
+          node main.js &&
+          s=$$? && break || s=$$?;
+          echo \"Tried $$i times. Waiting 5 secs...\";
+          sleep 5;
+        done; (exit $$s)"
+    volumes:
+      - "rocketchat_uploads:/app/uploads"
+    environment:
+      - PORT=3000
+      - ROOT_URL=https://${DOMAIN}
+      - MONGO_URL=mongodb://mongo:27017/rocketchat
+      - MONGO_OPLOG_URL=mongodb://mongo:27017/local
+      - MAIL_URL=smtp://smtp.email
+#       - HTTP_PROXY=http://proxy.domain.com
+#       - HTTPS_PROXY=http://proxy.domain.com
+    networks:
+      - internal
+      - proxy
+    depends_on:
+      - mongo
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.routers.${STACK_NAME}.tls=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+
+  mongo:
+    image: mongo:3.6
+    volumes:
+     - mongo:/data/db
+     #- ./data/dump:/dump
+    command: mongod --smallfiles --oplogSize 128 --replSet rs0
+    networks:
+      - internal
+    labels:
+      - "traefik.enable=false"
+
+  # this container's job is just run the command to initialize the replica set.
+  # it will run the command and remove himself (it will not stay running)
+  mongo-init-replica:
+    image: mongo:4.0
+    command: >
+      bash -c
+        "for i in `seq 1 30`; do
+          mongo mongo/rocketchat --eval \"
+            rs.initiate({
+              _id: 'rs0',
+              members: [ { _id: 0, host: 'localhost:27017' } ]})\" &&
+          s=$$? && break || s=$$?;
+          echo \"Tried $$i times. Waiting 5 secs...\";
+          sleep 5;
+        done; (exit $$s)"
+    depends_on:
+      - mongo
+    networks:
+      - internal
+
+  # hubot, the popular chatbot (add the bot user first and change the password before starting this image)
+  #hubot:
+  #  image: rocketchat/hubot-rocketchat:latest
+  #  restart: unless-stopped
+  #  environment:
+  #    - ROCKETCHAT_URL=rocketchat:3000
+  #    - ROCKETCHAT_ROOM=GENERAL
+  #    - ROCKETCHAT_USER=bot
+  #    - ROCKETCHAT_PASSWORD=botpassword
+  #    - BOT_NAME=bot
+  #    # you can add more scripts as you'd like here, they need to be installable by npm
+  #    - EXTERNAL_SCRIPTS=hubot-help,hubot-seen,hubot-links,hubot-diagnostics
+  #  depends_on:
+  #    - rocketchat
+  #  labels:
+  #    - "traefik.enable=false"
+  #  volumes:
+  #    - hubot_scripts:/home/hubot/scripts
+  #  # this is used to expose the hubot port for notifications on the host on port 3001, e.g. for hubot-jenkins-notifier
+  #  #ports:
+  #  #  - 3001:8080
+
+networks:
+  proxy:
+    external: true
+  internal:
+
+volumes:
+  rocketchat_uploads:
+  mongo: