# ============================================================================= # STELLA OPS - CRYPTO PROVIDER OVERLAY: SMREMOTE # ============================================================================= # ShangMi (SM2/SM3/SM4) crypto microservice overlay. # Extracted from docker-compose.stella-ops.yml (Slot 31) so that the SM Remote # service is opt-in rather than always-on. # # Usage (with main stack): # docker compose -f docker-compose.stella-ops.yml \ # -f docker-compose.crypto-provider.smremote.yml up -d # # Usage (with China compliance): # docker compose -f docker-compose.stella-ops.yml \ # -f docker-compose.compliance-china.yml \ # -f docker-compose.crypto-provider.smremote.yml up -d # # SM Algorithms: # - SM2: Public key cryptography (GM/T 0003-2012) # - SM3: Hash function, 256-bit (GM/T 0004-2012) # - SM4: Block cipher, 128-bit (GM/T 0002-2012) # # ============================================================================= networks: stellaops: external: true name: stellaops frontdoor: external: true name: compose_frontdoor services: # --- Slot 31: SmRemote ---------------------------------------------------- smremote: image: stellaops/smremote:dev container_name: stellaops-smremote restart: unless-stopped depends_on: postgres: condition: service_healthy valkey: condition: service_healthy environment: ASPNETCORE_URLS: "http://+:8080" Kestrel__Certificates__Default__Path: "/app/etc/certs/kestrel-dev.pfx" Kestrel__Certificates__Default__Password: "devpass" Router__Region: "local" Router__Gateways__0__Host: "router.stella-ops.local" Router__Gateways__0__Port: "9100" Router__Gateways__0__TransportType: "Messaging" Router__OnMissingAuthorization: "${ROUTER_ON_MISSING_AUTHORIZATION:-WarnAndAllow}" Router__TransportPlugins__Directory: "/app/plugins/router/transports" Router__TransportPlugins__SearchPattern: "StellaOps.Router.Transport.*.dll" Router__Messaging__Transport: "valkey" Router__Messaging__PluginDirectory: "/app/plugins/messaging" Router__Messaging__SearchPattern: "StellaOps.Messaging.Transport.*.dll" Router__Messaging__RequestQueueTemplate: "router:requests:{service}" Router__Messaging__ResponseQueueName: "router:responses" Router__Messaging__RequestTimeout: "30s" Router__Messaging__LeaseDuration: "5m" Router__Messaging__BatchSize: "10" Router__Messaging__HeartbeatInterval: "${ROUTER_MESSAGING_HEARTBEAT_INTERVAL:-30s}" Router__RegistrationRefreshIntervalSeconds: "${ROUTER_REGISTRATION_REFRESH_INTERVAL_SECONDS:-30}" Router__Messaging__valkey__ConnectionString: "cache.stella-ops.local:6379" Router__Messaging__valkey__Database: "0" Router__Messaging__valkey__QueueWaitTimeoutSeconds: "${VALKEY_QUEUE_WAIT_TIMEOUT:-0}" Router__IdentityEnvelopeSigningKey: "${STELLAOPS_IDENTITY_ENVELOPE_SIGNING_KEY}" ConnectionStrings__Default: "Host=db.stella-ops.local;Port=5432;Database=${POSTGRES_DB:-stellaops_platform};Username=${POSTGRES_USER:-stellaops};Password=${POSTGRES_PASSWORD:-stellaops};Maximum Pool Size=50" ConnectionStrings__Redis: "cache.stella-ops.local:6379" Router__Enabled: "${SMREMOTE_ROUTER_ENABLED:-true}" Router__Messaging__ConsumerGroup: "smremote" volumes: - "../../etc/authority/keys:/app/etc/certs:ro" ports: - "127.1.0.31:80:80" networks: stellaops: aliases: - smremote.stella-ops.local frontdoor: {} healthcheck: test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/8080'"] interval: ${HEALTHCHECK_INTERVAL:-60s} timeout: 5s retries: 3 start_period: 15s labels: com.stellaops.release.version: "2025.10.0" com.stellaops.release.channel: "stable" com.stellaops.profile: "default"