# https://github.com/aaPanel/appstore/tree/main/apps/orion_visor

services:
  orion-ui:
    image: registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-ui:latest
    ports:
      - ${HOST_IP}:${WEB_HTTP_PORT}:80
    environment:
      NGINX_SERVICE_HOST: ${NGINX_SERVICE_HOST:-orion-service}
      NGINX_SERVICE_PORT: ${NGINX_SERVICE_PORT:-9200}
    restart: unless-stopped
    depends_on:
      orion-service:
        condition: service_healthy
    networks:
      - baota_net

  orion-service:
    image: registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-service:${VERSION}
    privileged: true
    ports:
      - "9200:9200"
    environment:
      SPRING_PROFILES_ACTIVE: ${SPRING_PROFILES_ACTIVE:-prod}
      MYSQL_HOST: orion-mysql
      MYSQL_PORT: ${MYSQL_PORT:-3306}
      MYSQL_DATABASE: ${MYSQL_DATABASE:-orion_visor}
      MYSQL_USER: ${MYSQL_USER:-orion}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD:-Data@123456}
      REDIS_HOST: orion-redis
      REDIS_PASSWORD: ${REDIS_PASSWORD:-Data@123456}
      REDIS_DATABASE: ${REDIS_DATABASE:-0}
      REDIS_DATA_VERSION: ${REDIS_DATA_VERSION:-1}
      INFLUXDB_ENABLED: true
      INFLUXDB_HOST: orion-influxdb
      INFLUXDB_PORT: ${INFLUXDB_PORT:-8086}
      INFLUXDB_ORG: ${INFLUXDB_ORG:-orion-visor}
      INFLUXDB_BUCKET: ${INFLUXDB_BUCKET:-metrics}
      INFLUXDB_TOKEN: ${INFLUXDB_TOKEN:-Data@123456}
      GUACD_HOST: orion-guacd
      GUACD_PORT: ${GUACD_PORT:-4822}
      GUACD_DRIVE_PATH: ${GUACD_DRIVE_PATH:-/drive}
      SECRET_KEY: ${SECRET_KEY:-uQeacXV8b3isvKLK}
      API_EXPOSE_TOKEN: ${API_EXPOSE_TOKEN:-pmqeHOyZaumHm0Wt}
      API_IP_HEADERS: ${API_IP_HEADERS:-X-Forwarded-For,X-Real-IP}
      # 这里需要改为具体的服务地址 (宿主机ip)
      API_HOST: ${HOST_IP}
      # 若 API_HOST 不满足, 可以修改这里 http://<ip>:<port>/orion-visor/api
      API_URL: ${API_URL:-}
      API_CORS: ${API_CORS:-true}
      DEMO_MODE: ${DEMO_MODE:-false}
    volumes:
      - ${APP_PATH}/service/root-orion:/root/orion
    ulimits:
      nofile:
        soft: 65536
        hard: 65536
    restart: unless-stopped
    healthcheck:
      test: [ "CMD", "curl", "http://127.0.0.1:9200/orion-visor/api/server/bootstrap/health" ]
      interval: 15s
      timeout: 300s
      retries: 15
      start_period: 3s
    depends_on:
      orion-mysql:
        condition: service_healthy
      orion-redis:
        condition: service_healthy
      orion-influxdb:
        condition: service_healthy
    labels:
      createdBy: "bt_apps"
    networks:
      - baota_net

  orion-mysql:
    image: registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-mysql:${VERSION}
    privileged: true
    environment:
      - MYSQL_DATABASE=${MYSQL_DATABASE:-orion_visor}
      - MYSQL_USER=${MYSQL_USER:-orion}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD:-Data@123456}
      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD:-Data@123456}
    volumes:
      - ${APP_PATH}/mysql/var-lib-mysql:/var/lib/mysql
      - ${APP_PATH}/mysql/var-lib-mysql-files:/var/lib/mysql-files
    restart: unless-stopped
    healthcheck:
      test: [ "CMD", "bash", "-c", "cat < /dev/null > /dev/tcp/127.0.0.1/3306" ]
      interval: 15s
      timeout: 60s
      retries: 15
      start_period: 3s
    labels:
      createdBy: "bt_apps"
    networks:
      - baota_net

  orion-redis:
    image: registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-redis:${VERSION}
    privileged: true
    environment:
      - REDIS_PASSWORD=${REDIS_PASSWORD:-Data@123456}
    volumes:
      - ${APP_PATH}/redis/data:/data
    command: sh -c "redis-server /usr/local/redis.conf --requirepass $${REDIS_PASSWORD}"
    restart: unless-stopped
    healthcheck:
      test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
      interval: 15s
      timeout: 60s
      retries: 15
      start_period: 3s
    labels:
      createdBy: "bt_apps"
    networks:
      - baota_net

  orion-influxdb:
    image: registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-influxdb:latest
    privileged: true
    ports:
      - "8086:8086"
    environment:
      DOCKER_INFLUXDB_INIT_MODE: setup
      DOCKER_INFLUXDB_INIT_USERNAME: ${INFLUXDB_ADMIN_USERNAME:-admin}
      DOCKER_INFLUXDB_INIT_PASSWORD: ${INFLUXDB_ADMIN_PASSWORD:-Data@123456}
      DOCKER_INFLUXDB_INIT_ADMIN_TOKEN: ${INFLUXDB_TOKEN:-Data@123456}
      DOCKER_INFLUXDB_INIT_ORG: ${INFLUXDB_ORG:-orion-visor}
      DOCKER_INFLUXDB_INIT_BUCKET: ${INFLUXDB_BUCKET:-metrics}
    volumes:
      - ${APP_PATH}/influxdb/data:/var/lib/influxdb2
      - ${APP_PATH}/influxdb/config:/etc/influxdb2
    restart: unless-stopped
    healthcheck:
      test: [ "CMD", "bash", "-c", "cat < /dev/null > /dev/tcp/127.0.0.1/8086" ]
      interval: 15s
      timeout: 5s
      retries: 10
      start_period: 10s
    networks:
      - baota_net

  orion-guacd:
    image: registry.cn-hangzhou.aliyuncs.com/orionsec/orion-visor-guacd:latest
    ports:
      - "4822:4822"
    environment:
      GUACD_LOG_LEVEL: info
      GUACD_LOG_FILE: /var/log/guacd.log
    volumes:
      - ${APP_PATH}/guacd/drive:${GUACD_DRIVE_PATH:-/drive}
      - ${APP_PATH}/guacd/var-logs:/var/log
      - ${APP_PATH}/guacd/local-guacamole-lib:/usr/local/guacamole/lib
      - ${APP_PATH}/guacd/local-guacamole-extensions:/usr/local/guacamole/extensions
    restart: unless-stopped
    healthcheck:
      test: [ "CMD", "nc", "-vz", "localhost", "4822" ]
      interval: 15s
      timeout: 5s
      retries: 10
      start_period: 10s
    networks:
      - baota_net

networks:
  baota_net:
    external: true