version: '3.9' services: mongo: image: 'mongo:latest' networks: - oc ports: - 27017:27017 container_name: mongo volumes: - oc-data:/data/db - oc-data:/data/configdb mongo-express: image: "mongo-express:latest" restart: always depends_on: - mongo networks: - oc ports: - 8081:8081 container_name: mongo-express environment: - ME_CONFIG_BASICAUTH_USERNAME=test - ME_CONFIG_BASICAUTH_PASSWORD=test nats: image: 'nats:latest' container_name: nats ports: - 4222:4222 command: - "--debug" networks: - oc loki: image: 'grafana/loki' container_name: loki labels: - "traefik.stack=peer1" - "traefik.enable=true" - "traefik.http.routers.loki.entrypoints=web" - "traefik.http.routers.loki.rule=PathPrefix(`/tools/loki`)" - "traefik.http.services.loki.loadbalancer.server.port=3100" - "traefik.http.middlewares.loki-stripprefix.stripprefix.prefixes=/tools/loki" - "traefik.http.routers.loki.middlewares=loki-stripprefix" - "traefik.http.middlewares.loki.forwardauth.address=http://oc-auth:8080/oc/forward" ports : - "3100:3100" networks: - oc hydra: container_name: hydra image: oryd/hydra:v2.2.0 environment: SECRETS_SYSTEM: oc-auth-got-secret LOG_LEAK_SENSITIVE_VALUES: true # OAUTH2_TOKEN_HOOK_URL: http://oc-auth:8080/oc/claims HYDRA_ADMIN_URL: http://hydra:4445 URLS_SELF_ISSUER: http://localhost:8000/hydra URLS_SELF_PUBLIC: http://localhost:8000/hydra URLS_LOGIN: http://localhost:8000/auth/login URLS_CONSENT: http://localhost:8000/auth/consent URLS_LOGOUT: http://localhost:8000/auth/logout URLS_ERROR: http://localhost:8000 STRATEGIES_ACCESS_TOKEN: jwt WEBFINGER_OIDC_DISCOVERY_SUPPORTED_SCOPES: profile,email,phone,roles WEBFINGER_OIDC_DISCOVERY_SUPPORTED_CLAIMS: name,family_name,given_name,nickname,email,phone_number DSN: memory user: root entrypoint: > sh -c " hydra serve all --dev & echo '⏳ Waiting for Hydra admin API...' && until wget -q --spider http://localhost:4445/health/ready; do sleep 2; done && echo '✅ Hydra is ready. Importing clients...' && hydra import oauth2-client /clients.json -e http://hydra:4445 && echo '🚀 Clients imported.' && wait " volumes: - ./clients.json:/clients.json networks: - oc ports: - "4444:4444" - "4445:4445" deploy: restart_policy: condition: on-failure labels: - "traefik.stack=peer1" - "traefik.enable=true" - "traefik.http.routers.hydra.entrypoints=web" - "traefik.http.routers.hydra.rule=PathPrefix(`/hydra`)" - "traefik.http.services.hydra.loadbalancer.server.port=4444" - "traefik.http.middlewares.hydra-stripprefix.stripprefix.prefixes=/hydra" - "traefik.http.routers.hydra.middlewares=hydra-stripprefix" ldap: image: pgarrett/ldap-alpine container_name: ldap volumes: - "./ldap.ldif:/ldif/ldap.ldif" networks: - oc ports: - "390:389" deploy: restart_policy: condition: on-failure keto: image: oryd/keto:v0.7.0-alpha.1-sqlite ports: - "4466:4466" - "4467:4467" command: serve -c /home/ory/keto.yml restart: on-failure volumes: - type: bind source: . target: /home/ory container_name: keto networks: - oc traefik: image: traefik:v3.6 container_name: traefik restart: unless-stopped networks: - oc command: - "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--providers.docker.network=oc" - "--providers.docker.constraints=Label(`traefik.stack`,`peer1`)" - "--entrypoints.web.address=:8000" user: root ports: - "8000:8000" # Expose Traefik on port 8000 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro oc-datacenter: env_file: - path: ./env.env required: false environment: - MONGO_DATABASE=DC_myDC - KUBE_CA=${KUBE_CA:-} - KUBE_CERT=${KUBE_CERT:-} - KUBE_DATA=${KUBE_DATA:-} image: '${REGISTRY:-opencloudregistry/}oc-datacenter:latest' ports: - 8092:8080 labels: - "traefik.stack=peer1" - "traefik.enable=true" - "traefik.http.routers.datacenter.entrypoints=web" - "traefik.http.routers.datacenter.rule=PathPrefix(`/datacenter`)" - "traefik.http.services.datacenter.loadbalancer.server.port=8080" - "traefik.http.middlewares.datacenter-rewrite.replacepathregex.regex=^/datacenter(.*)" - "traefik.http.middlewares.datacenter-rewrite.replacepathregex.replacement=/oc$$1" - "traefik.http.routers.datacenter.middlewares=datacenter-rewrite,auth-datacenter" - "traefik.http.middlewares.auth-datacenter.forwardauth.address=http://oc-auth:8080/oc/forward" - "traefik.http.middlewares.auth-datacenter.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.auth-datacenter.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email" container_name: oc-datacenter networks: - oc oc-scheduler: environment: - MONGO_DATABASE=DC_myDC - KUBE_CA=${KUBE_CA:-} - KUBE_CERT=${KUBE_CERT:-} - KUBE_DATA=${KUBE_DATA:-} image: '${REGISTRY:-opencloudregistry/}oc-scheduler:latest' labels: - "traefik.stack=peer1" - "traefik.enable=true" - "traefik.http.routers.scheduler.entrypoints=web" - "traefik.http.routers.scheduler.rule=PathPrefix(`/scheduler`)" - "traefik.http.middlewares.scheduler-rewrite.replacepathregex.regex=^/scheduler(.*)" - "traefik.http.middlewares.scheduler-rewrite.replacepathregex.replacement=/oc$$1" - "traefik.http.routers.scheduler.middlewares=scheduler-rewrite,auth-scheduler" - "traefik.http.services.scheduler.loadbalancer.server.port=8080" - "traefik.http.middlewares.auth-scheduler.forwardauth.address=http://oc-auth:8080/oc/forward" - "traefik.http.middlewares.auth-scheduler.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.auth-scheduler.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email" ports: - 8090:8080 container_name: oc-scheduler networks: - oc oc-catalog: environment: - MONGO_DATABASE=DC_myDC image: '${REGISTRY:-opencloudregistry/}oc-catalog:latest' ports: - 8087:8080 container_name: oc-catalog networks: - oc labels: - "traefik.stack=peer1" - "traefik.enable=true" - "traefik.http.routers.catalog.entrypoints=web" - "traefik.http.routers.catalog.rule=PathPrefix(`/catalog`)" - "traefik.http.middlewares.catalog-rewrite.replacepathregex.regex=^/catalog(.*)" - "traefik.http.middlewares.catalog-rewrite.replacepathregex.replacement=/oc$$1" - "traefik.http.routers.catalog.middlewares=catalog-rewrite,auth-catalog" - "traefik.http.services.catalog.loadbalancer.server.port=8080" - "traefik.http.middlewares.auth-catalog.forwardauth.address=http://oc-auth:8080/oc/forward" - "traefik.http.middlewares.auth-catalog.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.auth-catalog.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email" oc-workspace: environment: - MONGO_DATABASE=DC_myDC image: '${REGISTRY:-opencloudregistry/}oc-workspace:latest' ports: - 8089:8080 labels: - "traefik.stack=peer1" - "traefik.enable=true" - "traefik.http.routers.workspace.entrypoints=web" - "traefik.http.routers.workspace.rule=PathPrefix(`/workspace`)" - "traefik.http.middlewares.workspace-rewrite.replacepathregex.regex=^/workspace(.*)" - "traefik.http.middlewares.workspace-rewrite.replacepathregex.replacement=/oc$$1" - "traefik.http.routers.workspace.middlewares=workspace-rewrite,auth-workspace" - "traefik.http.services.workspace.loadbalancer.server.port=8080" - "traefik.http.middlewares.auth-workspace.forwardauth.address=http://oc-auth:8080/oc/forward" - "traefik.http.middlewares.auth-workspace.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.auth-workspace.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email" container_name: oc-workspace networks: - oc oc-peer: environment: - MONGO_DATABASE=DC_myDC image: '${REGISTRY:-opencloudregistry/}oc-peer:latest' labels: - "traefik.stack=peer1" - "traefik.enable=true" - "traefik.http.routers.peer.entrypoints=web" - "traefik.http.routers.peer.rule=PathPrefix(`/peer`)" - "traefik.http.middlewares.peer-rewrite.replacepathregex.regex=^/peer(.*)" - "traefik.http.middlewares.peer-rewrite.replacepathregex.replacement=/oc$$1" - "traefik.http.routers.peer.middlewares=peer-rewrite,auth-peer" - "traefik.http.services.peer.loadbalancer.server.port=8080" - "traefik.http.middlewares.auth-peer.forwardauth.address=http://oc-auth:8080/oc/forward" - "traefik.http.middlewares.auth-peer.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.auth-peer.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email" ports: - 8093:8080 container_name: oc-peer networks: - oc oc-auth: image: '${REGISTRY:-opencloudregistry/}oc-auth:latest' ports: - 8094:8080 container_name: oc-auth labels: - "traefik.stack=peer1" - "traefik.enable=true" - "traefik.http.routers.auth-sec.entrypoints=web" - "traefik.http.routers.auth-sec.rule=PathPrefix(`/auth/`)" - "traefik.http.middlewares.auth-sec-rewrite.replacepathregex.regex=^/auth(.*)" - "traefik.http.middlewares.auth-sec-rewrite.replacepathregex.replacement=/oc$$1" - "traefik.http.services.auth-sec.loadbalancer.server.port=8080" - "traefik.http.routers.auth-sec.middlewares=auth-sec-rewrite,auth-auth-sec" - "traefik.http.middlewares.auth-auth-sec.forwardauth.address=http://oc-auth:8080/oc/forward" - "traefik.http.middlewares.auth-auth-sec.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.auth-auth-sec.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email" environment: LDAP_ENDPOINTS: ldap:389 LDAP_BINDDN: cn=admin,dc=example,dc=com LDAP_BINDPW: password LDAP_BASEDN: "dc=example,dc=com" LDAP_USER_BASEDN: "ou=users,dc=example,dc=com" LDAP_ROLE_BASEDN: "ou=AppRoles,dc=example,dc=com" networks: - oc volumes: - ./pem/private3.pem:/keys/private/private.pem - ./pem/public3.pem:/keys/public/public.pem oc-shared: environment: - MONGO_DATABASE=DC_myDC image: '${REGISTRY:-opencloudregistry/}oc-shared:latest' ports: - 8091:8080 container_name: oc-shared labels: - "traefik.stack=peer1" - "traefik.enable=true" - "traefik.http.routers.shared.entrypoints=web" - "traefik.http.routers.shared.rule=PathPrefix(`/shared`)" - "traefik.http.middlewares.shared-rewrite.replacepathregex.regex=^/shared(.*)" - "traefik.http.middlewares.shared-rewrite.replacepathregex.replacement=/oc$$1" - "traefik.http.routers.shared.middlewares=shared-rewrite" - "traefik.http.services.shared.loadbalancer.server.port=8080" - "traefik.http.middlewares.shared.forwardauth.address=http://oc-auth:8080/oc/forward" networks: - oc oc-workflow: environment: - _OCWORKFLOW_MONGO_DATABASE=DC_myDC - _OCWORKFLOW_MONGO_URL=mongodb://mongo:27017 - _OCWORKFLOW_NATS_URL=nats://nats:4222 image: '${REGISTRY:-opencloudregistry/}oc-workflow:latest' ports: - 8088:8080 container_name: oc-workflow labels: - "traefik.stack=peer1" - "traefik.enable=true" - "traefik.http.routers.workflow.entrypoints=web" - "traefik.http.routers.workflow.rule=PathPrefix(`/workflow`)" - "traefik.http.services.workflow.loadbalancer.server.port=8080" - "traefik.http.middlewares.workflow-rewrite.replacepathregex.regex=^/workflow(.*)" - "traefik.http.middlewares.workflow-rewrite.replacepathregex.replacement=/oc$1" - "traefik.http.routers.workflow.middlewares=workflow-rewrite,auth-workflow" - "traefik.http.middlewares.auth-workflow.forwardauth.address=http://oc-auth:8080/oc/forward" - "traefik.http.middlewares.auth-workflow.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.auth-workflow.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email" networks: - oc oc-discovery_1: image: '${REGISTRY:-opencloudregistry/}oc-discovery_1:latest' ports: - 4001:4001 container_name: oc-discovery_1 networks: - oc oc-discovery_2: image: '${REGISTRY:-opencloudregistry/}oc-discovery_2:latest' ports: - 4002:4002 container_name: oc-discovery_2 networks: - oc oc-discovery_3: image: '${REGISTRY:-opencloudregistry/}oc-discovery_3:latest' ports: - 4003:4003 container_name: oc-discovery_3 networks: - oc oc-schedulerd: image: '${REGISTRY:-opencloudregistry/}oc-schedulerd:latest' ports: - 9006:8080 environment: - MONGO_DATABASE=DC_myDC - KUBE_CA=${KUBE_CA:-} - KUBE_CERT=${KUBE_CERT:-} - KUBE_DATA=${KUBE_DATA:-} container_name: oc-schedulerd networks: - oc oc-front: image: '${REGISTRY:-opencloudregistry/}oc-front:latest' container_name: oc-front ports: - 8001:80 networks: - oc labels: - "traefik.stack=peer1" - "traefik.enable=true" - "traefik.http.routers.front.entrypoints=web" - "traefik.http.routers.front.rule=PathPrefix(`/`)" - "traefik.http.services.front.loadbalancer.server.port=80" - "traefik.http.middlewares.front-stripprefix.stripprefix.prefixes=/" - "traefik.http.routers.front.middlewares=front-stripprefix" oc-static: image: '${REGISTRY:-opencloudregistry/}oc-static:latest' ports: - 8098:80 labels: - "traefik.stack=peer1" - "traefik.enable=true" - "traefik.http.routers.static.entrypoints=web" - "traefik.http.routers.static.rule=PathPrefix(`/static`)" - "traefik.http.services.static.loadbalancer.server.port=80" container_name: oc-static networks: - oc volumes: oc-data: networks: oc: external: true