core/oc-deploy
6
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases 1 Wiki Activity
Files
67fc433ab56bccd2cdb0c8adf1685f456e82114e
oc-deploy/docker/tools/docker-compose.dev.yml
mr 67fc433ab5 New OAUTH2 Docker deployment
2026-02-19 14:57:14 +01:00

152 lines
4.5 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

version: '3.9'
services:
mongo:
image: 'mongo:latest'
networks:
- oc
ports:
- 27017:27017
container_name: mongo
volumes:
- oc-data:/data/db
- oc-data:/data/configdb
mongo-express:
image: "mongo-express:latest"
restart: always
depends_on:
- mongo
networks:
- oc
ports:
- 8081:8081
environment:
- ME_CONFIG_BASICAUTH_USERNAME=test
- ME_CONFIG_BASICAUTH_PASSWORD=test
nats:
image: 'nats:latest'
container_name: nats
ports:
- 4222:4222
command:
- "--debug"
networks:
- oc
loki:
image: 'grafana/loki'
container_name: loki
labels:
- "traefik.enable=true"
- "traefik.http.routers.loki.entrypoints=web"
- "traefik.http.routers.loki.rule=PathPrefix(`/tools/loki`)"
- "traefik.http.services.loki.loadbalancer.server.port=3100"
- "traefik.http.middlewares.loki-stripprefix.stripprefix.prefixes=/tools/loki"
- "traefik.http.routers.loki.middlewares=loki-stripprefix"
- "traefik.http.middlewares.loki.forwardauth.address=http://oc-auth:8080/oc/forward"
ports :
- "3100:3100"
networks:
- oc
grafana:
image: 'grafana/grafana'
container_name: grafana
ports:
- '3000:3000'
labels:
- "traefik.enable=true"
- "traefik.http.routers.grafana.entrypoints=web"
- "traefik.http.routers.grafana.rule=PathPrefix(`/tools/grafana`)"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
- "traefik.http.middlewares.grafana-stripprefix.stripprefix.prefixes=/tools/grafana"
- "traefik.http.routers.grafana.middlewares=grafana-stripprefix"
- "traefik.http.middlewares.grafana.forwardauth.address=http://oc-auth:8080/oc/forward"
networks:
- oc
volumes:
- ./conf/grafana_data_source.yml:/etc/grafana/provisioning/datasources/datasource.yml
environment:
- GF_SECURITY_ADMIN_PASSWORD=pfnirt # Change this to anything but admin to not have a password change page at startup
- GF_SECURITY_ADMIN_USER=admin
- GF_SECURITY_DISABLE_INITIAL_ADMIN_PASSWORD_CHANGE=true
hydra:
container_name: hydra
image: oryd/hydra:v2.2.0
environment:
SECRETS_SYSTEM: oc-auth-got-secret
LOG_LEAK_SENSITIVE_VALUES: true
# OAUTH2_TOKEN_HOOK_URL: http://oc-auth:8080/oc/claims
HYDRA_ADMIN_URL: http://hydra:4445
URLS_SELF_ISSUER: http://localhost:8000/hydra
URLS_SELF_PUBLIC: http://localhost:8000/hydra
URLS_LOGIN: http://localhost:8000/auth/login
URLS_CONSENT: http://localhost:8000/auth/consent
URLS_LOGOUT: http://localhost:8000/auth/logout
WEBFINGER_OIDC_DISCOVERY_SUPPORTED_SCOPES: profile,email,phone,roles
WEBFINGER_OIDC_DISCOVERY_SUPPORTED_CLAIMS: name,family_name,given_name,nickname,email,phone_number
DSN: memory
user: root
entrypoint: >
sh -c "
hydra serve all --dev &
echo '⏳ Waiting for Hydra admin API...' &&
until wget -q --spider http://localhost:4445/health/ready; do
sleep 2;
done &&
echo '✅ Hydra is ready. Importing clients...' &&
hydra import oauth2-client /clients.json -e http://hydra:4445 &&
echo '🚀 Clients imported.' &&
wait
"
volumes:
- ./clients.json:/clients.json
networks:
- oc
ports:
- "4444:4444"
- "4445:4445"
deploy:
restart_policy:
condition: on-failure
labels:
- "traefik.enable=true"
- "traefik.http.routers.hydra.entrypoints=web"
- "traefik.http.routers.hydra.rule=PathPrefix(`/hydra`)"
- "traefik.http.services.hydra.loadbalancer.server.port=4444"
- "traefik.http.middlewares.hydra-stripprefix.stripprefix.prefixes=/hydra"
- "traefik.http.routers.hydra.middlewares=hydra-stripprefix"
ldap:
image: pgarrett/ldap-alpine
container_name: ldap
volumes:
- "./ldap.ldif:/ldif/ldap.ldif"
networks:
- oc
ports:
- "390:389"
deploy:
restart_policy:
condition: on-failure
keto:
image: oryd/keto:v0.7.0-alpha.1-sqlite
ports:
- "4466:4466"
- "4467:4467"
command: serve -c /home/ory/keto.yml
restart: on-failure
volumes:
- type: bind
source: .
target: /home/ory
container_name: keto
networks:
- oc
volumes:
oc-data:
networks:
oc:
external: true
Reference in New Issue View Git Blame Copy Permalink