git.stella-ops.org/devops/compose/docker-compose.crypto-provider.smremote.yml

# =============================================================================
# STELLA OPS - CRYPTO PROVIDER OVERLAY: SMREMOTE
# =============================================================================
# ShangMi (SM2/SM3/SM4) crypto microservice overlay.
# Extracted from docker-compose.stella-ops.yml (Slot 31) so that the SM Remote
# service is opt-in rather than always-on.
#
# Usage (with main stack):
#   docker compose -f docker-compose.stella-ops.yml \
#     -f docker-compose.crypto-provider.smremote.yml up -d
#
# Usage (with China compliance):
#   docker compose -f docker-compose.stella-ops.yml \
#     -f docker-compose.compliance-china.yml \
#     -f docker-compose.crypto-provider.smremote.yml up -d
#
# SM Algorithms:
# - SM2: Public key cryptography (GM/T 0003-2012)
# - SM3: Hash function, 256-bit (GM/T 0004-2012)
# - SM4: Block cipher, 128-bit (GM/T 0002-2012)
#
# =============================================================================

networks:
  stellaops:
    external: true
    name: stellaops
  frontdoor:
    external: true
    name: compose_frontdoor

services:
  # --- Slot 31: SmRemote ----------------------------------------------------
  smremote:
    image: stellaops/smremote:dev
    container_name: stellaops-smremote
    restart: unless-stopped
    depends_on:
      postgres:
        condition: service_healthy
      valkey:
        condition: service_healthy
    environment:
      ASPNETCORE_URLS: "http://+:8080"
      Kestrel__Certificates__Default__Path: "/app/etc/certs/kestrel-dev.pfx"
      Kestrel__Certificates__Default__Password: "devpass"
      Router__Region: "local"
      Router__Gateways__0__Host: "router.stella-ops.local"
      Router__Gateways__0__Port: "9100"
      Router__Gateways__0__TransportType: "Messaging"
      Router__OnMissingAuthorization: "${ROUTER_ON_MISSING_AUTHORIZATION:-WarnAndAllow}"
      Router__TransportPlugins__Directory: "/app/plugins/router/transports"
      Router__TransportPlugins__SearchPattern: "StellaOps.Router.Transport.*.dll"
      Router__Messaging__Transport: "valkey"
      Router__Messaging__PluginDirectory: "/app/plugins/messaging"
      Router__Messaging__SearchPattern: "StellaOps.Messaging.Transport.*.dll"
      Router__Messaging__RequestQueueTemplate: "router:requests:{service}"
      Router__Messaging__ResponseQueueName: "router:responses"
      Router__Messaging__RequestTimeout: "30s"
      Router__Messaging__LeaseDuration: "5m"
      Router__Messaging__BatchSize: "10"
      Router__Messaging__HeartbeatInterval: "${ROUTER_MESSAGING_HEARTBEAT_INTERVAL:-30s}"
      Router__RegistrationRefreshIntervalSeconds: "${ROUTER_REGISTRATION_REFRESH_INTERVAL_SECONDS:-30}"
      Router__Messaging__valkey__ConnectionString: "cache.stella-ops.local:6379"
      Router__Messaging__valkey__Database: "0"
      Router__Messaging__valkey__QueueWaitTimeoutSeconds: "${VALKEY_QUEUE_WAIT_TIMEOUT:-0}"
      Router__IdentityEnvelopeSigningKey: "${STELLAOPS_IDENTITY_ENVELOPE_SIGNING_KEY}"
      ConnectionStrings__Default: "Host=db.stella-ops.local;Port=5432;Database=${POSTGRES_DB:-stellaops_platform};Username=${POSTGRES_USER:-stellaops};Password=${POSTGRES_PASSWORD:-stellaops};Maximum Pool Size=50"
      ConnectionStrings__Redis: "cache.stella-ops.local:6379"
      Router__Enabled: "${SMREMOTE_ROUTER_ENABLED:-true}"
      Router__Messaging__ConsumerGroup: "smremote"
    volumes:
      - "../../etc/authority/keys:/app/etc/certs:ro"
    ports:
      - "127.1.0.31:80:80"
    networks:
      stellaops:
        aliases:
          - smremote.stella-ops.local
      frontdoor: {}
    healthcheck:
      test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/8080'"]
      interval: ${HEALTHCHECK_INTERVAL:-60s}
      timeout: 5s
      retries: 3
      start_period: 15s
    labels:
      com.stellaops.release.version: "2025.10.0"
      com.stellaops.release.channel: "stable"
      com.stellaops.profile: "default"