version: '3.9' services: mongo2: image: 'mongo:latest' container_name: mongo2 networks: - oc2 ports: - 27018:27017 volumes: - oc-data2:/data/db - oc-data2:/data/configdb mongo-express2: image: "mongo-express:latest" container_name: mongo-express2 restart: always depends_on: - mongo2 networks: - oc2 ports: - 8082:8081 environment: - ME_CONFIG_BASICAUTH_USERNAME=test - ME_CONFIG_BASICAUTH_PASSWORD=test nats2: image: 'nats:latest' container_name: nats2 ports: - 4223:4222 command: - "--debug" networks: - oc2 loki2: image: 'grafana/loki' container_name: loki2 labels: - "traefik.enable=true" - "traefik.http.routers.loki2.entrypoints=web" - "traefik.http.routers.loki2.rule=PathPrefix(`/tools/loki`)" - "traefik.http.services.loki2.loadbalancer.server.port=3100" - "traefik.http.middlewares.loki2-stripprefix.stripprefix.prefixes=/tools/loki" - "traefik.http.routers.loki2.middlewares=loki2-stripprefix" - "traefik.http.middlewares.loki2.forwardauth.address=http://oc-auth2:8080/oc/forward" ports : - "3101:3100" networks: - oc2 hydra2: container_name: hydra2 image: oryd/hydra:v2.2.0 environment: SECRETS_SYSTEM: oc-auth-got-secret LOG_LEAK_SENSITIVE_VALUES: true # OAUTH2_TOKEN_HOOK_URL: http://oc-auth2:8080/oc/claims HYDRA_ADMIN_URL: http://hydra2:4445 URLS_SELF_ISSUER: http://localhost:9000/hydra URLS_SELF_PUBLIC: http://localhost:9000/hydra URLS_LOGIN: http://localhost:9000/auth/login URLS_CONSENT: http://localhost:9000/auth/consent URLS_LOGOUT: http://localhost:9000/auth/logout URLS_ERROR: http://localhost:9000 STRATEGIES_ACCESS_TOKEN: jwt WEBFINGER_OIDC_DISCOVERY_SUPPORTED_SCOPES: profile,email,phone,roles WEBFINGER_OIDC_DISCOVERY_SUPPORTED_CLAIMS: name,family_name,given_name,nickname,email,phone_number DSN: memory user: root entrypoint: > sh -c " hydra serve all --dev & echo '⏳ Waiting for Hydra admin API...' && until wget -q --spider http://localhost:4445/health/ready; do sleep 2; done && echo '✅ Hydra is ready. Importing clients...' && hydra import oauth2-client /clients.json -e http://hydra2:4445 && echo '🚀 Clients imported.' && wait " volumes: - ./clients.json:/clients.json networks: - oc2 ports: - "4446:4444" - "4447:4445" deploy: restart_policy: condition: on-failure labels: - "traefik.enable=true" - "traefik.http.routers.hydra2.entrypoints=web" - "traefik.http.routers.hydra2.rule=PathPrefix(`/hydra`)" - "traefik.http.services.hydra2.loadbalancer.server.port=4444" - "traefik.http.middlewares.hydra2-stripprefix.stripprefix.prefixes=/hydra" - "traefik.http.routers.hydra2.middlewares=hydra2-stripprefix" ldap2: image: pgarrett/ldap-alpine container_name: ldap2 volumes: - "./ldap.ldif:/ldif/ldap.ldif" networks: - oc2 ports: - "391:389" deploy: restart_policy: condition: on-failure keto2: image: oryd/keto:v0.7.0-alpha.1-sqlite ports: - "4468:4466" - "4469:4467" command: serve -c /home/ory/keto.yml restart: on-failure volumes: - type: bind source: . target: /home/ory container_name: keto2 networks: - oc2 traefik2: image: traefik:v3.6 container_name: traefik2 restart: unless-stopped networks: - oc2 command: - "--api.insecure=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--providers.docker.network=oc2" - "--providers.docker.constraints=Label(`traefik.stack`,`peer2`)" - "--entrypoints.web.address=:9000" user: root ports: - "9000:9000" # Expose Traefik on port 9000 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro oc-datacenter2: env_file: - path: ./env.env required: false environment: - MONGO_DATABASE=DC_myDC - KUBE_CA=${KUBE_CA:-} - KUBE_CERT=${KUBE_CERT:-} - KUBE_DATA=${KUBE_DATA:-} image: '${REGISTRY:-opencloudregistry/}oc-datacenter:latest' ports: - 9092:8080 labels: - "traefik.stack=peer2" - "traefik.enable=true" - "traefik.http.routers.datacenter2.entrypoints=web" - "traefik.http.routers.datacenter2.rule=PathPrefix(`/datacenter`)" - "traefik.http.services.datacenter2.loadbalancer.server.port=8080" - "traefik.http.middlewares.datacenter2-rewrite.replacepathregex.regex=^/datacenter(.*)" - "traefik.http.middlewares.datacenter2-rewrite.replacepathregex.replacement=/oc$$1" - "traefik.http.routers.datacenter2.middlewares=datacenter2-rewrite,auth-datacenter2" - "traefik.http.middlewares.auth-datacenter2.forwardauth.address=http://oc-auth2:8080/oc/forward" - "traefik.http.middlewares.auth-datacenter2.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.auth-datacenter2.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email" container_name: oc-datacenter2 networks: - oc2 oc-scheduler2: environment: - MONGO_DATABASE=DC_myDC - KUBE_CA=${KUBE_CA:-} - KUBE_CERT=${KUBE_CERT:-} - KUBE_DATA=${KUBE_DATA:-} image: '${REGISTRY:-opencloudregistry/}oc-scheduler:latest' labels: - "traefik.stack=peer2" - "traefik.enable=true" - "traefik.http.routers.scheduler2.entrypoints=web" - "traefik.http.routers.scheduler2.rule=PathPrefix(`/scheduler`)" - "traefik.http.middlewares.scheduler2-rewrite.replacepathregex.regex=^/scheduler(.*)" - "traefik.http.middlewares.scheduler2-rewrite.replacepathregex.replacement=/oc$$1" - "traefik.http.routers.scheduler2.middlewares=scheduler2-rewrite,auth-scheduler2" - "traefik.http.services.scheduler2.loadbalancer.server.port=8080" - "traefik.http.middlewares.auth-scheduler2.forwardauth.address=http://oc-auth2:8080/oc/forward" - "traefik.http.middlewares.auth-scheduler2.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.auth-scheduler2.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email" ports: - 9090:8080 container_name: oc-scheduler2 networks: - oc2 oc-catalog2: environment: - MONGO_DATABASE=DC_myDC image: '${REGISTRY:-opencloudregistry/}oc-catalog:latest' ports: - 9087:8080 container_name: oc-catalog2 networks: - oc2 labels: - "traefik.stack=peer2" - "traefik.enable=true" - "traefik.http.routers.catalog2.entrypoints=web" - "traefik.http.routers.catalog2.rule=PathPrefix(`/catalog`)" - "traefik.http.middlewares.catalog2-rewrite.replacepathregex.regex=^/catalog(.*)" - "traefik.http.middlewares.catalog2-rewrite.replacepathregex.replacement=/oc$$1" - "traefik.http.routers.catalog2.middlewares=catalog2-rewrite,auth-catalog2" - "traefik.http.services.catalog2.loadbalancer.server.port=8080" - "traefik.http.middlewares.auth-catalog2.forwardauth.address=http://oc-auth2:8080/oc/forward" - "traefik.http.middlewares.auth-catalog2.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.auth-catalog2.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email" oc-workspace2: environment: - MONGO_DATABASE=DC_myDC image: '${REGISTRY:-opencloudregistry/}oc-workspace:latest' ports: - 9089:8080 labels: - "traefik.stack=peer2" - "traefik.enable=true" - "traefik.http.routers.workspace2.entrypoints=web" - "traefik.http.routers.workspace2.rule=PathPrefix(`/workspace`)" - "traefik.http.middlewares.workspace2-rewrite.replacepathregex.regex=^/workspace(.*)" - "traefik.http.middlewares.workspace2-rewrite.replacepathregex.replacement=/oc$$1" - "traefik.http.routers.workspace2.middlewares=workspace2-rewrite,auth-workspace2" - "traefik.http.services.workspace2.loadbalancer.server.port=8080" - "traefik.http.middlewares.auth-workspace2.forwardauth.address=http://oc-auth2:8080/oc/forward" - "traefik.http.middlewares.auth-workspace2.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.auth-workspace2.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email" container_name: oc-workspace2 networks: - oc2 oc-peer2: environment: - MONGO_DATABASE=DC_myDC image: '${REGISTRY:-opencloudregistry/}oc-peer:latest' labels: - "traefik.stack=peer2" - "traefik.enable=true" - "traefik.http.routers.peer2.entrypoints=web" - "traefik.http.routers.peer2.rule=PathPrefix(`/peer`)" - "traefik.http.middlewares.peer2-rewrite.replacepathregex.regex=^/peer(.*)" - "traefik.http.middlewares.peer2-rewrite.replacepathregex.replacement=/oc$$1" - "traefik.http.routers.peer2.middlewares=peer2-rewrite,auth-peer2" - "traefik.http.services.peer2.loadbalancer.server.port=8080" - "traefik.http.middlewares.auth-peer2.forwardauth.address=http://oc-auth2:8080/oc/forward" - "traefik.http.middlewares.auth-peer2.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.auth-peer2.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email" ports: - 9093:8080 container_name: oc-peer2 networks: - oc2 oc-auth2: image: '${REGISTRY:-opencloudregistry/}oc-auth:latest' ports: - 9094:8080 container_name: oc-auth2 labels: - "traefik.stack=peer2" - "traefik.enable=true" - "traefik.http.routers.auth-sec2.entrypoints=web" - "traefik.http.routers.auth-sec2.rule=PathPrefix(`/auth/`)" - "traefik.http.middlewares.auth-sec2-rewrite.replacepathregex.regex=^/auth(.*)" - "traefik.http.middlewares.auth-sec2-rewrite.replacepathregex.replacement=/oc$$1" - "traefik.http.services.auth-sec2.loadbalancer.server.port=8080" - "traefik.http.routers.auth-sec2.middlewares=auth-sec2-rewrite,auth-auth-sec2" - "traefik.http.middlewares.auth-auth-sec2.forwardauth.address=http://oc-auth2:8080/oc/forward" - "traefik.http.middlewares.auth-auth-sec2.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.auth-auth-sec2.forwardauth.authResponseHeaders=X-Auth-Request-User,X-Auth-Request-Email" environment: LDAP_ENDPOINTS: ldap2:389 LDAP_BINDDN: cn=admin,dc=example,dc=com LDAP_BINDPW: password LDAP_BASEDN: "dc=example,dc=com" LDAP_USER_BASEDN: "ou=users,dc=example,dc=com" LDAP_ROLE_BASEDN: "ou=AppRoles,dc=example,dc=com" ADMIN_ORIGIN: "http://localhost:9000" OAUTH_REDIRECT_URI: "http://localhost:9000" networks: - oc2 volumes: - ./pem/private4.pem:/keys/private/private.pem - ./pem/public4.pem:/keys/public/public.pem oc-shared2: environment: - MONGO_DATABASE=DC_myDC image: '${REGISTRY:-opencloudregistry/}oc-shared:latest' ports: - 9091:8080 container_name: oc-shared2 labels: - "traefik.stack=peer2" - "traefik.enable=true" - "traefik.http.routers.shared2.entrypoints=web" - "traefik.http.routers.shared2.rule=PathPrefix(`/shared`)" - "traefik.http.middlewares.shared2-rewrite.replacepathregex.regex=^/shared(.*)" - "traefik.http.middlewares.shared2-rewrite.replacepathregex.replacement=/oc$$1" - "traefik.http.routers.shared2.middlewares=shared2-rewrite" - "traefik.http.services.shared2.loadbalancer.server.port=8080" - "traefik.http.middlewares.shared2.forwardauth.address=http://oc-auth2:8080/oc/forward" networks: - oc2 oc-workflow2: environment: - _OCWORKFLOW_MONGO_DATABASE=DC_myDC - _OCWORKFLOW_MONGO_URL=mongodb://mongo2:27017 - _OCWORKFLOW_NATS_URL=nats://nats2:4222 image: '${REGISTRY:-opencloudregistry/}oc-workflow:latest' ports: - 9088:8080 container_name: oc-workflow2 labels: - "traefik.stack=peer2" - "traefik.enable=true" - "traefik.http.routers.workflow2.entrypoints=web" - "traefik.http.routers.workflow2.rule=PathPrefix(`/workflow`)" - "traefik.http.services.workflow2.loadbalancer.server.port=8080" - "traefik.http.middlewares.workflow2-rewrite.replacepathregex.regex=^/workflow(.*)" - "traefik.http.middlewares.workflow2-rewrite.replacepathregex.replacement=/oc$1" - "traefik.http.routers.workflow2.middlewares=workflow2-rewrite" networks: - oc2 oc-discovery_4: image: '${REGISTRY:-opencloudregistry/}oc-discovery_4:latest' ports: - 4004:4004 container_name: oc-discovery_4 networks: - oc2 oc-schedulerd2: image: '${REGISTRY:-opencloudregistry/}oc-schedulerd:latest' ports: - 10006:8080 environment: - MONGO_DATABASE=DC_myDC - KUBE_CA=${KUBE_CA:-} - KUBE_CERT=${KUBE_CERT:-} - KUBE_DATA=${KUBE_DATA:-} container_name: oc-schedulerd2 networks: - oc2 oc-static2: image: '${REGISTRY:-opencloudregistry/}oc-static:latest' ports: - 9098:8080 labels: - "traefik.stack=peer2" - "traefik.enable=true" - "traefik.http.routers.static2.entrypoints=web" - "traefik.http.routers.static2.rule=PathPrefix(`/static`)" - "traefik.http.services.static2.loadbalancer.server.port=8080" container_name: oc-static2 networks: - oc2 volumes: oc-data2: networks: oc2: external: true