-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yaml
133 lines (125 loc) · 4.28 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
---
version: '3.4'
volumes:
postgres:
services:
traefik:
image: traefik:v3.0
platform: linux/amd64
container_name: traefik
volumes:
- ./traefik/traefik.yaml:/etc/traefik/traefik.yaml
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik/credentials.txt:/credentials.txt:ro
ports:
- 443:443
expose:
- 8080
labels:
# traefik dashboard access
traefik.enable: true
traefik.http.routers.traefik_https.rule: Host(`traefik.localhost`)
traefik.http.routers.traefik_https.entrypoints: websecure
traefik.http.routers.traefik_https.tls: true
traefik.http.routers.traefik_https.service: api@internal
traefik.http.routers.traefik_https.middlewares: basic-auth-global
traefik.http.middlewares.basic-auth-global.basicauth.usersfile: /credentials.txt
traefik.http.services.traefik_https.loadbalancer.server.port: 80
networks:
- internalnetwork
keycloak:
image: keycloak/keycloak:20.0.3
container_name: keycloak
platform: linux/arm64
depends_on:
- postgres
command:
- -v start-dev
- --features admin-fine-grained-authz
environment:
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
KC_DB_USERNAME: sa
KC_DB_PASSWORD: S0meP@ssword
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: S0meP@ssword
PROXY_ADDRESS_FORWARDING: true
KEYCLOAK_VERSION: 20.0.3
KC_PROXY: passthrough
KC_HOSTNAME_URL: https://login.localhost
KC_HOSTNAME_ADMIN_URL: https://keycloak.localhost
ports:
- 8085:8080 # only using for running app in dev/preview
expose:
- 8080
restart: unless-stopped
labels:
traefik.enable: true
traefik.http.routers.keycloak.service: keycloak
traefik.http.routers.keycloak.entrypoints: websecure
traefik.http.routers.keycloak.rule: Host(`keycloak.localhost`)
traefik.http.services.keycloak.loadbalancer.server.port: 8080
traefik.http.routers.keycloak.middlewares: redirect-to-https
traefik.http.middlewares.redirect-to-https.redirectscheme.scheme: https
traefik.http.middlewares.keycloak.headers.browserxssfilter: true
traefik.http.middlewares.keycloak.headers.framedeny: true
traefik.http.routers.keycloak.tls: true
traefik.http.routers.keycloaklogin.service: keycloaklogin
traefik.http.routers.keycloaklogin.entrypoints: websecure
traefik.http.routers.keycloaklogin.rule: Host(`login.localhost`) # && Path(`/resources/`,`/realms/`) # can we add a more specific rule only for auth routes? (non-admin routes)
traefik.http.services.keycloaklogin.loadbalancer.server.port: 8080
traefik.http.routers.keycloaklogin.middlewares: redirect-to-https
traefik.http.routers.keycloaklogin.tls: true
networks:
- internalnetwork
postgres:
image: postgres:15.2
container_name: postgres
restart: unless-stopped
platform: linux/arm64
hostname: postgres
environment:
POSTGRES_DB: postgres
POSTGRES_USER: sa
POSTGRES_PASSWORD: S0meP@ssword
volumes:
- postgres:/var/lib/postgresql/data
- ./postgres:/docker-entrypoint-initdb.d:ro
expose:
- 5432
ports:
- 5433:5432
networks:
- internalnetwork
labels:
traefik.enable: true
traefik.tcp.routers.postgres.entrypoints: postgres
traefik.tcp.routers.postgres.rule: HostSNI(`*`)
traefik.tcp.services.postgres.loadbalancer.server.port: 5432
demoapp:
image: demoapp:latest
container_name: demoapp
expose:
- 3000
networks:
- internalnetwork
environment:
ORIGIN: https://portal.localhost
AUTH_SECRET: 7cccae96a7855f622ceb111b84952ead
AUTH_TRUST_HOST: true
KEYCLOAK_URL: https://login.localhost
KEYCLOAK_INTERNAL_URL: http://keycloak:8080
LOGIN_PATH: /auth/login
LOGOUT_PATH: /auth/logout
POST_LOGIN_PATH: /
volumes:
- ./demoapp/tenants.yaml:/app/tenants.yaml
labels:
traefik.enable: true
traefik.http.routers.portal.entrypoints: websecure
traefik.http.routers.portal.rule: Host(`portal.localhost`)
traefik.http.services.portal.loadbalancer.server.port: 3000
traefik.http.routers.portal.tls: true
networks:
internalnetwork:
name: internalnetwork