first commit

.env.sample

@@ -0,0 +1,2 @@
+# HOST IP
+HOST_IP=

.gitignore

@@ -0,0 +1,17 @@
+caddy/*
+!caddy/.gitkeep
+
+logto/*
+!logto/.gitkeep
+!logto/init
+
+minio/*
+!minio/.gitkeep
+
+mongo/*
+!mongo/.gitkeep
+
+certs/*
+!certs/.gitkeep
+
+.env

Caddyfile

@@ -0,0 +1,23 @@
+(common_tls) {
+  tls /certs/localhost.pem /certs/localhost-key.pem
+}
+
+https://app.hublot.local {
+  import common_tls
+  reverse_proxy hublot:3000
+}
+
+https://livekit.hublot.local {
+  import common_tls
+  reverse_proxy livekit:7880
+}
+
+https://auth.hublot.local {
+  import common_tls
+  reverse_proxy logto:3001
+}
+
+https://auth-admin.hublot.local {
+  import common_tls
+  reverse_proxy logto:3002
+}

README.md

@@ -0,0 +1,65 @@
+This repository is a local-only demo to observe how the components work together. It is not meant as a production reference or a security baseline.
+
+## Prerequisites
+
+- Docker and Docker Compose
+- mkcert (for local TLS certificates)
+- A local hosts file entry for the demo domains (see below)
+
+## Quick start
+
+1. Copy the sample environment file and set your host IP:
+
+   ```bash
+   cp .env.sample .env
+   ```
+
+   Edit `.env` and set `HOST_IP` (do not use `127.0.0.1`, required by LiveKit and the reverse proxy).
+
+2. Add local domain mappings in your hosts file (do not use `127.0.0.1`):
+
+   ```
+   <HOST_IP> app.hublot.local
+   <HOST_IP> auth.hublot.local
+   <HOST_IP> auth-admin.hublot.local
+   <HOST_IP> livekit.hublot.local
+   ```
+
+3. Install mkcert and generate local certificates:
+
+   ```bash
+   mkcert -cert-file certs/localhost.pem -key-file certs/localhost-key.pem \
+     app.hublot.local auth.hublot.local auth-admin.hublot.local livekit.hublot.local
+   ```
+
+4. Start the stack:
+
+   ```bash
+   docker compose up -d
+   ```
+
+## Services and URLs
+
+- Hublot app: https://app.hublot.local
+- Logto (OIDC): https://auth.hublot.local
+- Logto admin: https://auth-admin.hublot.local
+- LiveKit: https://livekit.hublot.local
+
+## Default accounts (Logto)
+
+- Admin: `admin / hublotlogto`
+- Demo users:
+  - `demo1 / hublotdemo`
+  - `demo2 / hublotdemo`
+
+## Data reset
+
+To clear local data volumes and reset the stack state:
+
+```bash
+./reset.sh
+```
+
+## Notes
+
+- Use the host machine IP in `HOST_IP` and your hosts file; `127.0.0.1` will be misinterpreted inside containers.

caddy/.gitkeep

@@ -0,0 +1 @@
+

docker-compose.yml

@@ -0,0 +1,104 @@
+services:
+  proxy:
+    image: caddy:2
+    env_file:
+      - .env
+    extra_hosts:
+      - "auth.hublot.local:${HOST_IP}"
+      - "admin-auth.hublot.local:${HOST_IP}"
+      - "app.hublot.local:${HOST_IP}"
+      - "livekit.hublot.local:${HOST_IP}"
+    ports:
+      - "443:443"
+      - "80:80"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - ./certs:/certs:ro
+      - ./caddy/data:/data
+      - ./caddy/config:/config
+    depends_on:
+      - hublot
+
+  hublot:
+    image: forge.hublot.cloud/hublot/hublot-community:latest
+    env_file:
+      - .env
+    extra_hosts:
+      - "auth.hublot.local:${HOST_IP}"
+      - "app.hublot.local:${HOST_IP}"
+      - "livekit.hublot.local:${HOST_IP}"
+    environment:
+      NODE_TLS_REJECT_UNAUTHORIZED: "0"
+      LOG_LEVEL: "trace"
+      PORT: "3000"
+      ROOT_URL: "https://app.hublot.local"
+      MONGO_URL: "mongodb://mongo:27017"
+      MONGO_DB_NAME: "hublot"
+      LIVEKIT_API_HOST: "https://livekit.hublot.local"
+      LIVEKIT_API_KEY: "devkey"
+      LIVEKIT_API_SECRET: "devsecret"
+      MINIO_ACCESS_KEY: "minio"
+      MINIO_SECRET_KEY: "minio123456"
+      MINIO_ENDPOINT: "minio"
+      MINIO_PORT: "9000"
+      MINIO_USE_SSL: "false"
+      OIDC_DISCOVERY_URL: "http://auth.hublot.local/oidc/.well-known/openid-configuration"
+      OIDC_APP_ID: "qs2705sv966er3q0fase8"
+      OIDC_APP_SECRET: "JC3BIxZLMZbAwVwpk2XkNngdSOy2dn87"
+      BFF_STATE_SECRET: "A_SECRET_TOKEN_KEY"
+      BFF_JWT_SECRET: "A_SECRET_TOKEN_KEY"
+    depends_on:
+      - mongo
+      - minio
+
+  livekit:
+    image: livekit/livekit-server:latest
+    volumes:
+      - ./livekit.yaml.tmpl:/etc/livekit.yaml.tmpl:ro
+    entrypoint: ["/bin/sh", "-lc"]
+    command:
+      [
+        'set -eu; sed "s/__HOST_IP__/${HOST_IP}/g" /etc/livekit.yaml.tmpl > /etc/livekit.yaml; /livekit-server --config /etc/livekit.yaml',
+      ]
+    env_file:
+      - .env
+    ports:
+      - "7880:7880/tcp"
+      - "7881:7881/udp"
+      - "50000-50100:50000-50100/udp"
+
+  mongo:
+    image: mongo:7
+    volumes:
+      - ./mongo:/data/db
+
+  minio:
+    image: minio/minio:latest
+    command: server /data --console-address ":9001"
+    environment:
+      MINIO_ROOT_USER: "minio"
+      MINIO_ROOT_PASSWORD: "minio123456"
+    volumes:
+      - ./minio:/data
+
+  logto:
+    image: svhd/logto:latest
+    # entrypoint: ["sh", "-c", "npm run cli db seed -- --swe && npm start"]
+    restart: unless-stopped
+    depends_on:
+      - logto-db
+    environment:
+      NODE_TLS_REJECT_UNAUTHORIZED: "0"
+      TRUST_PROXY_HEADER: "1"
+      DB_URL: "postgres://logto:logto@logto-db:5432/logto"
+      ENDPOINT: "https://auth.hublot.local"
+      ADMIN_ENDPOINT: "https://auth-admin.hublot.local "
+      LOGTO_COOKIE_SECRET: '5tqYp7gNnS8mJ3uKkZx2vXqHcEw6D9rB"'
+
+  logto-db:
+    image: postgres:15
+    environment:
+      POSTGRES_HOST_AUTH_METHOD: "trust"
+    volumes:
+      - ./logto/db:/var/lib/postgresql/data
+      - ./logto/init:/docker-entrypoint-initdb.d:ro

livekit.yaml.tmpl

@@ -0,0 +1,19 @@
+port: 7880
+
+keys:
+  devkey: devsecret
+
+rtc:
+  udp_port: 7881
+  port_range_start: 50000
+  port_range_end: 50100
+  use_external_ip: false
+  node_ip: __HOST_IP__
+
+webhook:
+  urls:
+    - "http://hublot:3000/livekit-webhooks"
+  api_key: devkey
+
+room:
+  empty_timeout: 10

minio/.gitkeep

@@ -0,0 +1 @@
+

mongo/.gitkeep

@@ -0,0 +1 @@
+

reset.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+set -eu
+
+rm -rf caddy/config
+rm -rf caddy/data
+
+rm -rf logto/db
+
+
+rm -rf mongo/*
+
+rm -rf minio/*
+rm -rf minio/.minio.sys