2026-02-19 14:57:14 +01:00
|
|
|
|
version: '3.9'
|
2025-03-27 13:21:52 +01:00
|
|
|
|
|
|
|
|
|
|
services:
|
|
|
|
|
|
mongo:
|
|
|
|
|
|
image: 'mongo:latest'
|
|
|
|
|
|
networks:
|
|
|
|
|
|
- oc
|
|
|
|
|
|
ports:
|
|
|
|
|
|
- 27017:27017
|
|
|
|
|
|
container_name: mongo
|
|
|
|
|
|
volumes:
|
|
|
|
|
|
- oc-data:/data/db
|
|
|
|
|
|
- oc-data:/data/configdb
|
|
|
|
|
|
|
|
|
|
|
|
mongo-express:
|
|
|
|
|
|
image: "mongo-express:latest"
|
|
|
|
|
|
restart: always
|
|
|
|
|
|
depends_on:
|
|
|
|
|
|
- mongo
|
|
|
|
|
|
networks:
|
|
|
|
|
|
- oc
|
|
|
|
|
|
ports:
|
|
|
|
|
|
- 8081:8081
|
|
|
|
|
|
environment:
|
|
|
|
|
|
- ME_CONFIG_BASICAUTH_USERNAME=test
|
|
|
|
|
|
- ME_CONFIG_BASICAUTH_PASSWORD=test
|
|
|
|
|
|
nats:
|
|
|
|
|
|
image: 'nats:latest'
|
|
|
|
|
|
container_name: nats
|
|
|
|
|
|
ports:
|
|
|
|
|
|
- 4222:4222
|
|
|
|
|
|
command:
|
|
|
|
|
|
- "--debug"
|
|
|
|
|
|
networks:
|
|
|
|
|
|
- oc
|
|
|
|
|
|
loki:
|
|
|
|
|
|
image: 'grafana/loki'
|
|
|
|
|
|
container_name: loki
|
|
|
|
|
|
labels:
|
|
|
|
|
|
- "traefik.enable=true"
|
|
|
|
|
|
- "traefik.http.routers.loki.entrypoints=web"
|
|
|
|
|
|
- "traefik.http.routers.loki.rule=PathPrefix(`/tools/loki`)"
|
|
|
|
|
|
- "traefik.http.services.loki.loadbalancer.server.port=3100"
|
|
|
|
|
|
- "traefik.http.middlewares.loki-stripprefix.stripprefix.prefixes=/tools/loki"
|
|
|
|
|
|
- "traefik.http.routers.loki.middlewares=loki-stripprefix"
|
|
|
|
|
|
- "traefik.http.middlewares.loki.forwardauth.address=http://oc-auth:8080/oc/forward"
|
|
|
|
|
|
ports :
|
|
|
|
|
|
- "3100:3100"
|
|
|
|
|
|
networks:
|
|
|
|
|
|
- oc
|
|
|
|
|
|
grafana:
|
|
|
|
|
|
image: 'grafana/grafana'
|
|
|
|
|
|
container_name: grafana
|
|
|
|
|
|
ports:
|
|
|
|
|
|
- '3000:3000'
|
|
|
|
|
|
labels:
|
|
|
|
|
|
- "traefik.enable=true"
|
|
|
|
|
|
- "traefik.http.routers.grafana.entrypoints=web"
|
|
|
|
|
|
- "traefik.http.routers.grafana.rule=PathPrefix(`/tools/grafana`)"
|
|
|
|
|
|
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
|
|
|
|
|
|
- "traefik.http.middlewares.grafana-stripprefix.stripprefix.prefixes=/tools/grafana"
|
|
|
|
|
|
- "traefik.http.routers.grafana.middlewares=grafana-stripprefix"
|
|
|
|
|
|
- "traefik.http.middlewares.grafana.forwardauth.address=http://oc-auth:8080/oc/forward"
|
|
|
|
|
|
networks:
|
|
|
|
|
|
- oc
|
|
|
|
|
|
volumes:
|
|
|
|
|
|
- ./conf/grafana_data_source.yml:/etc/grafana/provisioning/datasources/datasource.yml
|
|
|
|
|
|
environment:
|
|
|
|
|
|
- GF_SECURITY_ADMIN_PASSWORD=pfnirt # Change this to anything but admin to not have a password change page at startup
|
|
|
|
|
|
- GF_SECURITY_ADMIN_USER=admin
|
|
|
|
|
|
- GF_SECURITY_DISABLE_INITIAL_ADMIN_PASSWORD_CHANGE=true
|
2025-06-16 09:14:36 +02:00
|
|
|
|
hydra:
|
|
|
|
|
|
container_name: hydra
|
|
|
|
|
|
image: oryd/hydra:v2.2.0
|
|
|
|
|
|
environment:
|
|
|
|
|
|
SECRETS_SYSTEM: oc-auth-got-secret
|
|
|
|
|
|
LOG_LEAK_SENSITIVE_VALUES: true
|
|
|
|
|
|
# OAUTH2_TOKEN_HOOK_URL: http://oc-auth:8080/oc/claims
|
2026-02-19 14:57:14 +01:00
|
|
|
|
HYDRA_ADMIN_URL: http://hydra:4445
|
|
|
|
|
|
URLS_SELF_ISSUER: http://localhost:8000/hydra
|
|
|
|
|
|
URLS_SELF_PUBLIC: http://localhost:8000/hydra
|
|
|
|
|
|
URLS_LOGIN: http://localhost:8000/auth/login
|
|
|
|
|
|
URLS_CONSENT: http://localhost:8000/auth/consent
|
|
|
|
|
|
URLS_LOGOUT: http://localhost:8000/auth/logout
|
2025-06-16 09:14:36 +02:00
|
|
|
|
WEBFINGER_OIDC_DISCOVERY_SUPPORTED_SCOPES: profile,email,phone,roles
|
|
|
|
|
|
WEBFINGER_OIDC_DISCOVERY_SUPPORTED_CLAIMS: name,family_name,given_name,nickname,email,phone_number
|
|
|
|
|
|
DSN: memory
|
2026-02-19 14:57:14 +01:00
|
|
|
|
user: root
|
|
|
|
|
|
entrypoint: >
|
|
|
|
|
|
sh -c "
|
|
|
|
|
|
hydra serve all --dev &
|
|
|
|
|
|
echo '⏳ Waiting for Hydra admin API...' &&
|
|
|
|
|
|
until wget -q --spider http://localhost:4445/health/ready; do
|
|
|
|
|
|
sleep 2;
|
|
|
|
|
|
done &&
|
|
|
|
|
|
echo '✅ Hydra is ready. Importing clients...' &&
|
|
|
|
|
|
hydra import oauth2-client /clients.json -e http://hydra:4445 &&
|
|
|
|
|
|
echo '🚀 Clients imported.' &&
|
|
|
|
|
|
wait
|
|
|
|
|
|
"
|
|
|
|
|
|
volumes:
|
|
|
|
|
|
- ./clients.json:/clients.json
|
2025-06-16 09:14:36 +02:00
|
|
|
|
networks:
|
|
|
|
|
|
- oc
|
|
|
|
|
|
ports:
|
|
|
|
|
|
- "4444:4444"
|
|
|
|
|
|
- "4445:4445"
|
|
|
|
|
|
deploy:
|
|
|
|
|
|
restart_policy:
|
|
|
|
|
|
condition: on-failure
|
2026-02-19 14:57:14 +01:00
|
|
|
|
labels:
|
|
|
|
|
|
- "traefik.enable=true"
|
|
|
|
|
|
- "traefik.http.routers.hydra.entrypoints=web"
|
|
|
|
|
|
- "traefik.http.routers.hydra.rule=PathPrefix(`/hydra`)"
|
|
|
|
|
|
- "traefik.http.services.hydra.loadbalancer.server.port=4444"
|
|
|
|
|
|
- "traefik.http.middlewares.hydra-stripprefix.stripprefix.prefixes=/hydra"
|
|
|
|
|
|
- "traefik.http.routers.hydra.middlewares=hydra-stripprefix"
|
2025-11-06 16:43:52 +01:00
|
|
|
|
ldap:
|
|
|
|
|
|
image: pgarrett/ldap-alpine
|
|
|
|
|
|
container_name: ldap
|
|
|
|
|
|
volumes:
|
|
|
|
|
|
- "./ldap.ldif:/ldif/ldap.ldif"
|
|
|
|
|
|
networks:
|
|
|
|
|
|
- oc
|
|
|
|
|
|
ports:
|
|
|
|
|
|
- "390:389"
|
|
|
|
|
|
deploy:
|
|
|
|
|
|
restart_policy:
|
|
|
|
|
|
condition: on-failure
|
|
|
|
|
|
keto:
|
|
|
|
|
|
image: oryd/keto:v0.7.0-alpha.1-sqlite
|
|
|
|
|
|
ports:
|
|
|
|
|
|
- "4466:4466"
|
|
|
|
|
|
- "4467:4467"
|
|
|
|
|
|
command: serve -c /home/ory/keto.yml
|
|
|
|
|
|
restart: on-failure
|
|
|
|
|
|
volumes:
|
|
|
|
|
|
- type: bind
|
|
|
|
|
|
source: .
|
|
|
|
|
|
target: /home/ory
|
|
|
|
|
|
container_name: keto
|
|
|
|
|
|
networks:
|
|
|
|
|
|
- oc
|
2025-03-27 13:21:52 +01:00
|
|
|
|
|
|
|
|
|
|
volumes:
|
|
|
|
|
|
oc-data:
|
|
|
|
|
|
|
|
|
|
|
|
networks:
|
|
|
|
|
|
oc:
|
|
|
|
|
|
external: true
|
2026-02-19 14:57:14 +01:00
|
|
|
|
|
