version: '3.4'

services:
  oc-auth:
    image: 'oc-auth:latest'
    ports:
      - 8094:8080
    container_name: oc-auth
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.auth-sec.entrypoints=web"
      - "traefik.http.routers.auth-sec.rule=PathPrefix(`/auth/`)"
      - "traefik.http.middlewares.auth-sec-rewrite.replacepathregex.regex=^/auth(.*)"
      - "traefik.http.middlewares.auth-sec-rewrite.replacepathregex.replacement=/oc$$1"
      - "traefik.http.services.auth-sec.loadbalancer.server.port=8080"
      - "traefik.http.routers.auth-sec.middlewares=auth-sec-rewrite,auth-auth-sec"
      - "traefik.http.middlewares.auth-auth-sec.forwardauth.address=http://hydra:4444/oauth2/auth"
      - "traefik.http.middlewares.auth-auth-sec.forwardauth.trustForwardHeader=true"
      - "traefik.http.middlewares.auth-auth-sec.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email"
    environment:
          LDAP_ENDPOINTS: ldap:389
          LDAP_BINDDN: cn=admin,dc=example,dc=com
          LDAP_BINDPW: password
          LDAP_BASEDN: "dc=example,dc=com"
          LDAP_USER_BASEDN: "ou=users,dc=example,dc=com"
          LDAP_ROLE_BASEDN: "ou=AppRoles,dc=example,dc=com"
    networks: 
      - oc
    volumes:
      - ./pem/private.pem:/keys/private/private.pem
      - ./pem/public.pem:/keys/public/public.pem
networks: 
  oc:
    external: true