# kez-chat home server stack. # # Three services: # - nats dumb broker, JetStream enabled, WebSocket on 8443 # - chat-server handle registry + NATS auth callout + serves the SPA # - sig-server sigchain HTTP store (existing rust-sig-server) # # Run from this dir: docker compose up -d --build # Build context for the Rust services is `..` (the repo root) so they # can pull in `rust/crates/kez-core` as a path dep. # # In production you'll terminate TLS at a reverse proxy (Caddy, nginx, # or a Cloudflare tunnel) in front of port 6969 (HTTP) and the NATS # listeners. The compose file itself binds to plain HTTP for simplicity. services: nats: image: nats:latest command: - "-c" - "/etc/nats/nats.conf" - "--jetstream" volumes: - ./nats.conf:/etc/nats/nats.conf:ro - nats-data:/data ports: - "4222:4222" # native NATS (CLI clients) - "8443:8443" # WebSocket (browser SPA) - "8222:8222" # monitoring restart: unless-stopped chat-server: build: context: ../.. # repo root: deploy/ → kez-chat/ → ; Dockerfile needs rust/ + kez-chat/ as siblings dockerfile: kez-chat/deploy/Dockerfile environment: KEZ_CHAT_BIND: 0.0.0.0:6969 KEZ_CHAT_DB: /data/kez-chat.db KEZ_CHAT_SERVER: kez.lat KEZ_CHAT_SIG_SERVER_URL: http://sig-server:7878 RUST_LOG: info volumes: - chat-data:/data ports: - "6969:6969" # HTTP API + SPA (Cloudflare tunnel terminates here) depends_on: [sig-server] restart: unless-stopped sig-server: build: context: ../.. # same as chat-server — needs rust/ + rust-sig-server/ as siblings dockerfile: kez-chat/deploy/Dockerfile.sig-server environment: KEZ_BIND: 0.0.0.0:7878 KEZ_DB: /data/sigchains.db RUST_LOG: info volumes: - sig-data:/data ports: - "7878:7878" # exposed for direct client fetches of sigchains restart: unless-stopped volumes: nats-data: chat-data: sig-data: