docker-compose-builder.yaml

version: "3.9"

volumes:
  caddy-data:
    name: caddy-data
#   driver: local
#   driver_opts:
#     o: bind
#     device: ${dDir}/caddy
#     type: none
  caddy-config:
    name: caddy-config
  database:
    name: database
  opensearch:
    name: opensearch
  bgs:
    name: bgs
  bsky:
    name: bsky
  feed-generator:
    name: feed-generator
  pds:
    name: pds
  redis:
    name: redis
  jetstream:
    name: jetstream
# ozone:
# ozone-daemon:
# plc:
# palomar:
# social-app:

networks:
 default:
    name: ${docker_network}
    external: true
 
services:
  caddy:
#   reverse proxy
#   cf. https://blog.kurokobo.com/archives/3669#Caddy_acme_server
    image: caddy:2
    ports:
      - 80:80
      - 443:443
      - 443:443/udp
      - 9000:9000
    environment:
      - GOINSECURE=${GOINSECURE}
      - NODE_TLS_REJECT_UNAUTHORIZED=${NODE_TLS_REJECT_UNAUTHORIZED}
      - DOMAIN=${DOMAIN}
      - EMAIL4CERTS=${EMAIL4CERTS}
      - BSKY_ADMIN_PASSWORDS=${BSKY_ADMIN_PASSWORDS}
    volumes:
      - ./config/caddy/Caddyfile:/etc/caddy/Caddyfile
      # CA certificates for self-signed. >>>
      - ./certs/root.crt:/data/caddy/pki/authorities/local/root.crt:ro
      - ./certs/root.key:/data/caddy/pki/authorities/local/root.key:ro
      # CA certificates for self-signed. <<<
      - caddy-data:/data
      - caddy-config:/config
    healthcheck:
      # https://caddy.community/t/what-is-the-best-practise-for-doing-a-health-check-for-caddy-containers/12995
      test: "wget --no-verbose --tries=1 --spider http://localhost:2019/metrics || exit 1"
      interval: 5s
      retries: 20

# to generate HTTPS certifications on-demand >>>>>
  caddy-sidecar:
    image: httpd:2
    environment:
      - GOINSECURE=${GOINSECURE}
      - NODE_TLS_REJECT_UNAUTHORIZED=${NODE_TLS_REJECT_UNAUTHORIZED}
    volumes:
       - ./certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
# to generate HTTPS certifications on-demand <<<<<

# debug for caddy>>> 
  test-wss:
    image: itaru2622/fastapi:bookworm
    environment:
      - app=main:app
      - opts=--host 0.0.0.0 --port 8080
    working_dir: /opt/fastapi-samples/3catchall

  test-ws:
    image: itaru2622/fastapi:bookworm
    environment:
      - app=main:app
      - opts=--host 0.0.0.0 --port 8080
    working_dir: /opt/fastapi-samples/3catchall

# debug for caddy <<<
# debug for bluesky with indigo subcmds >>>
  test-indigo:
    image: itaru2622/bluesky-indigo-tools:${asof}
    build:
       context: ./repos/indigo/
       dockerfile: Dockerfile
       args:
       - http_proxy=${http_proxy}
       - https_proxy=${https_proxy}
       - no_proxy=${no_proxy}
       - JAVA_TOOL_OPTIONS=${JAVA_TOOL_OPTIONS}
    command: tail -f /dev/null
    environment:
      - ATP_PLC_HOST=https://${plcFQDN}
      - BGS_ADMIN_KEY=${BGS_ADMIN_KEY}
      - CARSTORE_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database/carstore
      - DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database/bgs
      - DATA_DIR=/data/bigsky
      - DEBUG_MODE=1
      - GOINSECURE=${GOINSECURE}
      - GOLOG_LOG_LEVEL=${LOG_LEVEL_DEFAULT}
      - LOG_DESTINATION=1
      - LOG_ENABLED=true
      - LOG_LEVEL=${LOG_LEVEL_DEFAULT}
      - NODE_ENV=development
      - NODE_TLS_REJECT_UNAUTHORIZED=${NODE_TLS_REJECT_UNAUTHORIZED}
    volumes:
      - ./certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro

# debug for bluesky with indigo subcmds <<<

  database:
    image: postgres:16-bookworm
    ports:
      - 5432:5432
    environment:
      - GOINSECURE=${GOINSECURE}
      - NODE_TLS_REJECT_UNAUTHORIZED=${NODE_TLS_REJECT_UNAUTHORIZED}
      - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_DB=healthcheck
    volumes:
      - ./config/init-postgres:/docker-entrypoint-initdb.d/
      - database:/var/lib/postgresql/data/
    restart: always

  pgadmin:
    image: dpage/pgadmin4
    ports:
      - 54321:80
    environment:
      - PGADMIN_DEFAULT_EMAIL=example@example.com
      - PGADMIN_DEFAULT_PASSWORD=password
#   volumes:
#      - ./certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
    depends_on:
      - database

  redis:
    image: redis:7-bookworm
    volumes:
      - redis:/data/
    restart: always

  opensearch:
    image: itaru2622/bluesky-indigo-opensearch:${asof}
    build:
      context: ./repos/indigo/
      dockerfile: cmd/palomar/Dockerfile.opensearch
      args:
       - http_proxy=${http_proxy}
       - https_proxy=${https_proxy}
       - no_proxy=${no_proxy}
       - JAVA_TOOL_OPTIONS=${JAVA_TOOL_OPTIONS}
# cf. https://github.com/opensearch-project/OpenSearch/issues/8215
       - OPENSEARCH_JAVA_OPTS=${OPENSEARCH_JAVA_OPTS}
    ports:
      - 9200:9200
    environment:
      - GOINSECURE=${GOINSECURE}
      - NODE_TLS_REJECT_UNAUTHORIZED=${NODE_TLS_REJECT_UNAUTHORIZED}
      - OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m
      - OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD}
      - bootstrap.memory_lock=true
      - cluster.name=docker-cluster
      - discovery.type=single-node
      - http.host=0.0.0.0
      - node.name=os-node
      - plugins.security.disabled=true
      - transport.host=127.0.0.1
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - opensearch:/usr/share/opensearch/data/
    restart: always

  plc:
    image: itaru2622/bluesky-did-method-plc:latest
#   image: itaru2622/bluesky-did-method-plc:${asof}
#   build:
#     context: ./repos/did-method-plc/
#     dockerfile: packages/server/Dockerfile
#     args:
#      - http_proxy=${http_proxy}
#      - https_proxy=${https_proxy}
#      - no_proxy=${no_proxy}
#      - JAVA_TOOL_OPTIONS=${JAVA_TOOL_OPTIONS}
    ports:
      - 2582:2582
    volumes:
      # supporting self-signed certificates, easiest way >>>>
      - ./certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
      # supporting self-signed certificates, easiest way <<<<
    environment:
      - DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database/plc
      - DB_CREDS_JSON={"username":"${POSTGRES_USER}","password":"${POSTGRES_PASSWORD}","host":"database","port":"5432","database":"plc"}
      - DB_MIGRATE_CREDS_JSON={"username":"${POSTGRES_USER}","password":"${POSTGRES_PASSWORD}","host":"database","port":"5432","database":"plc"}
      - DEBUG_MODE=1
      - ENABLE_MIGRATIONS=true
      - GOINSECURE=${GOINSECURE}
      - LOG_DESTINATION=1
      - LOG_ENABLED=true
      - LOG_LEVEL=${LOG_LEVEL_DEFAULT}
      - NODE_ENV=development
      - NODE_TLS_REJECT_UNAUTHORIZED=${NODE_TLS_REJECT_UNAUTHORIZED}
      - PORT=2582
    restart: always
    depends_on:
      - database
      - caddy
      
  pds:
    image: itaru2622/bluesky-atproto-pds:${asof}
    build:
      context: ./repos/atproto/
      dockerfile: services/pds/Dockerfile
      args:
       - http_proxy=${http_proxy}
       - https_proxy=${https_proxy}
       - no_proxy=${no_proxy}
       - JAVA_TOOL_OPTIONS=${JAVA_TOOL_OPTIONS}
    ports:
      - 2583:2583
    expose:
      - 2583
    # to fix permision mismatch between volume owner(root) and process user(uid:1000, i.e: node), run as root. >>>>
    user: root
    # to fix permision mismatch between volume owner(root) and process user(uid:1000, i.e: node), run as root. <<<<
    environment:
      - DEBUG_MODE=1
      - GOINSECURE=${GOINSECURE}
      - LOG_DESTINATION=1
      - LOG_ENABLED=true
      - LOG_LEVEL=${LOG_LEVEL_DEFAULT}
      - NODE_ENV=development
      - NODE_TLS_REJECT_UNAUTHORIZED=${NODE_TLS_REJECT_UNAUTHORIZED}
      - PDS_ADMIN_PASSWORD=${PDS_ADMIN_PASSWORD}
      - PDS_BLOBSTORE_DISK_LOCATION=/pds/blobs
      - PDS_BSKY_APP_VIEW_DID=did:web:${bskyFQDN}
      - PDS_BSKY_APP_VIEW_URL=https://${bskyFQDN}
      - PDS_CRAWLERS=https://${bgsFQDN}
      - PDS_DATA_DIRECTORY=/pds
      - PDS_DEV_MODE=true
#     - PDS_BLOBSTORE_DISK_TMP_LOCATION=/pds/image/tmp
      - PDS_DID_PLC_URL=https://${plcFQDN}
      - PDS_EMAIL_FROM_ADDRESS=no-reply@gmail.com
      - PDS_EMAIL_SMTP_URL=${PDS_EMAIL_SMTP_URL}
      - PDS_ENABLE_DID_DOC_WITH_SESSION=true
      - PDS_HOSTNAME=${pdsFQDN}
      - PDS_INVITE_INTERVAL=604800000
      - PDS_INVITE_REQUIRED=false
      - PDS_JWT_SECRET=${PDS_JWT_SECRET}
      - PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX=${PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX}
      - PDS_PORT=2583
# starts: unset optional env for tesing ozone >>>>>>>
#     - PDS_MOD_SERVICE_DID=did:web:${ozoneFQDN}
#     - PDS_MOD_SERVICE_URL=https://${ozoneFQDN}
#     - PDS_REPORT_SERVICE_DID=did:web:${ozoneFQDN}
#     - PDS_REPORT_SERVICE_URL=https://${ozoneFQDN}
# ends: unset optional env for tesing ozone <<<<<<<
      - PDS_SERVICE_DID=did:web:${pdsFQDN}
    volumes:
      # supporting self-signed certificates, easiest way >>>>
      - ./certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
      # supporting self-signed certificates, easiest way <<<<
      - pds:/pds
    restart: always
    depends_on:
      - database
      - caddy

  bgs:
    image: itaru2622/bluesky-indigo-bgs:${asof}
    build:
      context: ./repos/indigo/
      dockerfile: cmd/bigsky/Dockerfile
      args:
       - http_proxy=${http_proxy}
       - https_proxy=${https_proxy}
       - no_proxy=${no_proxy}
       - JAVA_TOOL_OPTIONS=${JAVA_TOOL_OPTIONS}
    ports:
      - 2470:2470
    command: /bigsky
    environment:
      - ATP_PLC_HOST=https://${plcFQDN}
      - BGS_ADMIN_KEY=${BGS_ADMIN_KEY}
      - CARSTORE_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database/carstore
      - DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database/bgs
      - DATA_DIR=/data/bigsky
      - DEBUG_MODE=1
      - GOINSECURE=${GOINSECURE}
#     - GODEBUG=netdns=go+4
      - GOLOG_LOG_LEVEL=${LOG_LEVEL_DEFAULT}
      - LOG_DESTINATION=1
      - LOG_ENABLED=true
      - LOG_LEVEL=${LOG_LEVEL_DEFAULT}
      - NODE_ENV=development
      - NODE_TLS_REJECT_UNAUTHORIZED=${NODE_TLS_REJECT_UNAUTHORIZED}
      - RELAY_NEWPDS_PERDAY_LIMIT=10000
    volumes:
      # supporting self-signed certificates, easiest way >>>>
      - ./certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
      # supporting self-signed certificates, easiest way <<<<
      - bgs:/data/bigsky
    restart: always
    depends_on:
      - database
      - caddy

  bsky:
    # appview(api)
    image: itaru2622/bluesky-atproto-bsky:${asof}
    build:
      context: ./repos/atproto/
      dockerfile: services/bsky/Dockerfile
      args:
       - http_proxy=${http_proxy}
       - https_proxy=${https_proxy}
       - no_proxy=${no_proxy}
       - JAVA_TOOL_OPTIONS=${JAVA_TOOL_OPTIONS}
    ports:
      - 2584:2584
    expose:
      - 2584
    command: node --enable-source-maps api.js
    # to fix permision mismatch between volume owner(root) and process user(uid:1000, i.e: node), run as root. >>>>
    user: root
    # to fix permision mismatch between volume owner(root) and process user(uid:1000, i.e: node), run as root. <<<<
    environment:
      - BSKY_ADMIN_PASSWORDS=${BSKY_ADMIN_PASSWORDS}
      - BSKY_BLOB_CACHE_LOC=/cache/
      - BSKY_BSYNC_HTTP_VERSION=1.1
      - BSKY_BSYNC_PORT=3002
      - BSKY_BSYNC_URL=http://bsky:3002
      - BSKY_COURIER_URL=http://fake-courier.example.invalid/
      - BSKY_DATAPLANE_HTTP_VERSION=1.1
      - BSKY_DATAPLANE_PORT=3001
      - BSKY_DATAPLANE_URLS=http://bsky:3001
      - BSKY_DB_POSTGRES_SCHEMA=bsky
      - BSKY_DB_POSTGRES_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database/bsky
      - BSKY_DID_PLC_URL=https://${plcFQDN}
      - BSKY_LABELS_FROM_ISSUER_DIDS=${BSKY_LABELS_FROM_ISSUER_DIDS}
      - BSKY_PUBLIC_URL=https://${bskyFQDN}
      - BSKY_REPO_PROVIDER=wss://${bgsFQDN}
      - BSKY_SEARCH_URL=https://${palomarFQDN}
      - BSKY_SERVER_DID=did:web:${bskyFQDN}
      - BSKY_SERVICE_SIGNING_KEY=${BSKY_SERVICE_SIGNING_KEY}
      - DEBUG_MODE=1
      - DID_PLC_URL=https://${plcFQDN}
      - ENABLE_MIGRATIONS=false
      - GOINSECURE=${GOINSECURE}
      - LOG_DESTINATION=1
      - LOG_ENABLED=true
      - LOG_LEVEL=${LOG_LEVEL_DEFAULT}
      - MOD_SERVICE_DID=did:web:${ozoneFQDN}
      - NODE_ENV=development
      - NODE_TLS_REJECT_UNAUTHORIZED=${NODE_TLS_REJECT_UNAUTHORIZED}
      - PORT=2584
      - REDIS_HOST=redis
    volumes:
      # supporting self-signed certificates, easiest way >>>>
      - ./certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
      # supporting self-signed certificates, easiest way <<<<
      - bsky:/cache/
#     - ./repos/atproto/services/bsky/api.js:/app/services/bsky/api.js:ro
    restart: always
    depends_on:
      - database
      - redis
      - caddy

  social-app:
    image: itaru2622/bluesky-social-app:${asof}
    #image: itaru2622/bluesky-social-app:${asof}${DOMAIN}
    build:
      context: ./repos/social-app/
      dockerfile: Dockerfile
      args:
       - http_proxy=${http_proxy}
       - https_proxy=${https_proxy}
       - no_proxy=${no_proxy}
       - JAVA_TOOL_OPTIONS=${JAVA_TOOL_OPTIONS}
    ports:
      - 8100:8100
    command: /usr/bin/bskyweb serve
    volumes:
      # supporting self-signed certificates, easiest way >>>>
      - ./certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
      # supporting self-signed certificates, easiest way <<<<
    environment:
#      cf. https://github.com/bluesky-social/social-app/blob/main/bskyweb/example.env and https://github.com/bluesky-social/bsky-docs/issues/63 >>>>
      - ATP_APPVIEW_HOST=https://${publicApiFQDN}
#      cf. https://github.com/bluesky-social/social-app/blob/main/bskyweb/example.env and https://github.com/bluesky-social/bsky-docs/issues/63 <<<<
      - GOINSECURE=${GOINSECURE}
      - GOLOG_LOG_LEVEL=${LOG_LEVEL_DEFAULT}
      - HTTP_ADDRESS=:8100
      - LOG_LEVEL=${LOG_LEVEL_DEFAULT}
      - NODE_ENV=development
      - NODE_TLS_REJECT_UNAUTHORIZED=${NODE_TLS_REJECT_UNAUTHORIZED}
    restart: always


  palomar:
    image: itaru2622/bluesky-indigo-palomar:${asof}
    build:
      context: ./repos/indigo/
      dockerfile: cmd/palomar/Dockerfile
      args:
       - http_proxy=${http_proxy}
       - https_proxy=${https_proxy}
       - no_proxy=${no_proxy}
       - JAVA_TOOL_OPTIONS=${JAVA_TOOL_OPTIONS}
    ports:
      - 3999:3999
    volumes:
      # supporting self-signed certificates, easiest way >>>>
      - ./certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
      # supporting self-signed certificates, easiest way <<<<
    environment:
#       refer https://github.com/bluesky-social/indigo/tree/main/cmd/palomar
      - ATP_BGS_HOST=wss://${bgsFQDN}
      - ATP_PLC_HOST=https://${plcFQDN}
      - DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database/palomar
#     - ES_CERT_FILE=
      - OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD}
      - ES_HOSTS=http://admin:${OPENSEARCH_INITIAL_ADMIN_PASSWORD}@opensearch:9200
      - ES_INSECURE_SSL=true
      - ES_PASSWORD=
      - ES_USERNAME=
      - GOINSECURE=${GOINSECURE}
      - NODE_TLS_REJECT_UNAUTHORIZED=${NODE_TLS_REJECT_UNAUTHORIZED}
      - PALOMAR_BIND=0.0.0.0:3999
    restart: always
    depends_on:
      - opensearch
      - database
      - caddy

  jetstream:
    image: itaru2622/bluesky-jetstream:${asof}
    build:
      context: ./repos/jetstream/
      dockerfile: Dockerfile
      args:
       - http_proxy=${http_proxy}
       - https_proxy=${https_proxy}
       - no_proxy=${no_proxy}
       - JAVA_TOOL_OPTIONS=${JAVA_TOOL_OPTIONS}
    ports:
      - 6008:6008
    volumes:
      - jetstream:/data
      # supporting self-signed certificates, easiest way >>>>
      - ./certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
      # supporting self-signed certificates, easiest way <<<<
    environment:
      - JETSTREAM_WS_URL=wss://${bgsFQDN}/xrpc/com.atproto.sync.subscribeRepos
      - JETSTREAM_DATA_DIR=/data
      - JETSTREAM_LISTEN_ADDR=:6008
      - JETSTREAM_METRICS_LISTEN_ADDR=:6009
      - JETSTREAM_LIVENESS_TTL=96h
    restart: always
    depends_on:
      - caddy

  ozone-standalone:
    # moderation-api:
    image: itaru2622/bluesky-ozone:${asof}
    build:
      context: ./repos/ozone/
      dockerfile: Dockerfile
      args:
       - http_proxy=${http_proxy}
       - https_proxy=${https_proxy}
       - no_proxy=${no_proxy}
       - JAVA_TOOL_OPTIONS=${JAVA_TOOL_OPTIONS}
    ports:
      - 3000:3000
    volumes:
      # supporting self-signed certificates, easiest way >>>>
      - ./certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
      # supporting self-signed certificates, easiest way <<<<
#     - ./repos/atproto/services/ozone/api.js:/app/services/ozone/api.js:ro
    environment:
#     https://github.com/bluesky-social/ozone/blob/main/HOSTING.md
      - LOG_ENABLED=1
      - DEBUG_MODE=1
      - LOG_DESTINATION=1
      - LOG_LEVEL=${LOG_LEVEL_DEFAULT}
#     - NODE_ENV=development
      - NODE_ENV=production
      - NODE_TLS_REJECT_UNAUTHORIZED=${NODE_TLS_REJECT_UNAUTHORIZED}
      - GOINSECURE=${GOINSECURE}
      - OZONE_DEV_MODE=true
      - OZONE_PORT=3000
      - OZONE_SERVER_DID=${OZONE_SERVER_DID}
      - OZONE_PUBLIC_URL=https://${ozoneFQDN}
      - OZONE_ADMIN_HANDLE=${OZONE_ADMIN_HANDLE}
      - OZONE_ADMIN_DIDS=${OZONE_ADMIN_DIDS}
      - OZONE_ADMIN_PASSWORD=${OZONE_ADMIN_PASSWORD}
      - OZONE_SIGNING_KEY_HEX=${OZONE_SIGNING_KEY_HEX}
      - OZONE_DB_POSTGRES_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database/ozone
      - OZONE_DB_POSTGRES_SCHEMA=ozone
      - OZONE_DB_MIGRATE=1
      - OZONE_DID_PLC_URL=https://${plcFQDN}
      - NEXT_PUBLIC_PLC_DIRECTORY_URL=https://${plcFQDN}
      - NEXT_PUBLIC_OZONE_SERVICE_DID=${OZONE_SERVER_DID}
      - NEXT_PUBLIC_OZONE_PUBLIC_URL=https://${ozoneFQDN}
      - NEXT_PUBLIC_SOCIAL_APP_DOMAIN=${socialappFQDN}
      - NEXT_PUBLIC_SOCIAL_APP_URL=https://${socialappFQDN}
      - NEXT_PUBLIC_HANDLE_RESOLVER_URL=https://${publicApiFQDN}
      - OZONE_APPVIEW_DID=did:web:${bskyFQDN}
      - OZONE_APPVIEW_URL=https://${bskyFQDN}
      - OZONE_APPVIEW_PUSH_EVENTS=true
      - OZONE_PDS_DID=did:web:${pdsFQDN}
      - OZONE_PDS_URL=https://${pdsFQDN}
    restart: always
    depends_on:
      - database
      - caddy

  ozone:
    # moderation-api:
    image: itaru2622/bluesky-atproto-ozone:${asof}
    build:
      context: ./repos/atproto/
      dockerfile: services/ozone/Dockerfile
      args:
       - http_proxy=${http_proxy}
       - https_proxy=${https_proxy}
       - no_proxy=${no_proxy}
       - JAVA_TOOL_OPTIONS=${JAVA_TOOL_OPTIONS}
    command: node --enable-source-maps api.js
    ports:
      - 3000:3000
    volumes:
      # supporting self-signed certificates, easiest way >>>>
      - ./certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
      # supporting self-signed certificates, easiest way <<<<
#     - ./repos/atproto/services/ozone/api.js:/app/services/ozone/api.js:ro
    environment:
      - DEBUG_MODE=1
      - ENABLE_MIGRATIONS=true
      - GOINSECURE=${GOINSECURE}
      - LOG_DESTINATION=1
      - LOG_ENABLED=true
      - LOG_LEVEL=${LOG_LEVEL_DEFAULT}
      - NODE_ENV=development
      - NODE_TLS_REJECT_UNAUTHORIZED=${NODE_TLS_REJECT_UNAUTHORIZED}
      - OZONE_ADMIN_DIDS=
      - OZONE_ADMIN_PASSWORD=${OZONE_ADMIN_PASSWORD}
      - OZONE_APPVIEW_DID=did:web:${bskyFQDN}
      - OZONE_APPVIEW_PUSH_EVENTS=true
      - OZONE_APPVIEW_URL=https://${bskyFQDN}
      - OZONE_DB_POSTGRES_SCHEMA=ozone
      - OZONE_DB_POSTGRES_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database/ozone
      - OZONE_DEV_MODE=true
      - OZONE_DID_PLC_URL=https://${plcFQDN}
      - OZONE_MODERATOR_DIDS=did:web:${bskyFQDN}
      - OZONE_PDS_DID=did:web:${pdsFQDN}
      - OZONE_PDS_URL=https://${pdsFQDN}
      - OZONE_PORT=3000
      - OZONE_PUBLIC_URL=https://${ozoneFQDN}
      - OZONE_SERVER_DID=did:web:${ozoneFQDN}
      - OZONE_SIGNING_KEY_HEX=${OZONE_SIGNING_KEY_HEX}
      - OZONE_TRIAGE_DIDS=
    restart: always
    depends_on:
      - database
      - caddy

  ozone-daemon:
    image: itaru2622/bluesky-atproto-ozone:${asof}
    build:
      context: ./repos/atproto/
      dockerfile: services/ozone/Dockerfile
      args:
       - http_proxy=${http_proxy}
       - https_proxy=${https_proxy}
       - no_proxy=${no_proxy}
       - JAVA_TOOL_OPTIONS=${JAVA_TOOL_OPTIONS}
    command: node --enable-source-maps daemon.js
    volumes:
      # supporting self-signed certificates, easiest way >>>>
      - ./certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
      # supporting self-signed certificates, easiest way <<<<
    environment:
      - DEBUG_MODE=1
      - ENABLE_MIGRATIONS=true
      - GOINSECURE=${GOINSECURE}
      - LOG_DESTINATION=1
      - LOG_ENABLED=true
      - LOG_LEVEL=${LOG_LEVEL_DEFAULT}
      - NODE_ENV=development
      - NODE_TLS_REJECT_UNAUTHORIZED=${NODE_TLS_REJECT_UNAUTHORIZED}
      - OZONE_ADMIN_DIDS=
      - OZONE_ADMIN_PASSWORD=${OZONE_ADMIN_PASSWORD}
      - OZONE_APPVIEW_DID=did:web:${bskyFQDN}
      - OZONE_APPVIEW_PUSH_EVENTS=true
      - OZONE_APPVIEW_URL=https://${bskyFQDN}
      - OZONE_DB_POSTGRES_SCHEMA=ozone
      - OZONE_DB_POSTGRES_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database/ozone
      - OZONE_DEV_MODE=true
      - OZONE_DID_PLC_URL=https://${plcFQDN}
      - OZONE_MODERATOR_DIDS=did:web:${bskyFQDN}
      - OZONE_PDS_DID=did:web:${pdsFQDN}
      - OZONE_PDS_URL=https://${pdsFQDN}
      - OZONE_PORT=3000
      - OZONE_PUBLIC_URL=https://${ozoneFQDN}
      - OZONE_SERVER_DID=did:web:${ozoneFQDN}
      - OZONE_SIGNING_KEY_HEX=${OZONE_SIGNING_KEY_HEX}
      - OZONE_TRIAGE_DIDS=
    restart: always
    depends_on:
      - ozone
      - database
      - caddy

  feed-generator:
    image: itaru2622/bluesky-feed-generator:latest
   #image: itaru2622/bluesky-feed-generator:${asof}
   #build:
   #  context: ./repos/feed-generator/
   #  dockerfile: Dockerfile
   #  args:
   #   - http_proxy=${http_proxy}
   #   - https_proxy=${https_proxy}
   #   - no_proxy=${no_proxy}
   #   - JAVA_TOOL_OPTIONS=${JAVA_TOOL_OPTIONS}
    ports:
      - 2586:3000
    environment:
      - FEEDGEN_BSKY_SERVICE=https://${pdsFQDN}
      - FEEDGEN_FEED_DESCRIPTION=whats-alf
      - FEEDGEN_FEED_DISPLAY_NAME=whats-alf
      - FEEDGEN_FEED_RECORD_NAME=whats-alf
      - FEEDGEN_HOSTNAME=${feedgenFQDN}
      - FEEDGEN_LISTENHOST=0.0.0.0
      - FEEDGEN_PLC_URL=https://${plcFQDN}
      - FEEDGEN_PORT=3000
      - FEEDGEN_PUBLISHER_DID=${FEEDGEN_PUBLISHER_DID}
      - FEEDGEN_PUBLISHER_HANDLE=${FEEDGEN_PUBLISHER_HANDLE}
      - FEEDGEN_PUBLISHER_PASSWORD=${FEEDGEN_PUBLISHER_PASSWORD}
      - FEEDGEN_SERVICE_DID=did:web:${feedgenFQDN}
      - FEEDGEN_SQLITE_LOCATION=/data/db.sqlite
      - FEEDGEN_SUBSCRIPTION_ENDPOINT=wss://${bgsFQDN}
      - FEEDGEN_SUBSCRIPTION_RECONNECT_DELAY=3000
      - GOINSECURE=${GOINSECURE}
      - NODE_ENV=development
      - NODE_TLS_REJECT_UNAUTHORIZED=${NODE_TLS_REJECT_UNAUTHORIZED}
    restart: always
    volumes:
      # supporting self-signed certificates, easiest way >>>>
      - ./certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
      # supporting self-signed certificates, easiest way <<<<
      - feed-generator:/data/
#     - ${rDir}/feed-generator:/app