-
Notifications
You must be signed in to change notification settings - Fork 4
/
docker-compose.yml
124 lines (119 loc) · 5.16 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
services:
neo4j:
image: neo4j:${NEO4J_VERSION}
ports:
- "7474:7474"
- "7687:7687"
environment:
- NEO4J_ACCEPT_LICENSE_AGREEMENT=yes
- NEO4J_AUTH=neo4j/${NEO4J_PASSWORD:-password}
- NEO4J_dbms_security_authentication__providers=oidc-keycloak,native
- NEO4J_dbms_security_authorization__providers=oidc-keycloak,native
- NEO4J_dbms_security_oidc_keycloak_display__name=Keycloak
- NEO4J_dbms_security_oidc_keycloak_auth__flow=pkce
- NEO4J_dbms_security_oidc_keycloak_well__known__discovery__uri=https://${LOCAL_DEV_HOST}:8443/realms/my-realm/.well-known/openid-configuration
- NEO4J_dbms_security_oidc_keycloak_params=client_id=neo4j-sso;response_type=code;scope=openid email roles
- NEO4J_dbms_security_oidc_keycloak_config=token_type_principal=id_token;token_type_authentication=id_token # <- https://github.com/keycloak/keycloak/discussions/12971
- NEO4J_dbms_security_oidc_keycloak_issuer=https://${LOCAL_DEV_HOST}:8443/realms/my-realm
- NEO4J_dbms_security_oidc_keycloak_client__id=neo4j-sso # <- https://github.com/keycloak/keycloak/discussions/12971
- NEO4J_dbms_security_oidc_keycloak_claims_client__id=neo4j-sso # <- https://github.com/keycloak/keycloak/discussions/12971
- NEO4J_dbms_security_oidc_keycloak_claims_audience=neo4j-sso
- NEO4J_dbms_security_oidc_keycloak_audience=neo4j-sso
- NEO4J_dbms_security_oidc_keycloak_claims_username=preferred_username
- NEO4J_dbms_security_oidc_keycloak_claims_groups=roles
- NEO4J_dbms_security_logs_oidc_jwt__claims__at__debug__level__enabled=true
volumes:
- "./neo4j_data:/data"
- "./certificates/cacerts:/opt/java/openjdk/lib/security/cacerts"
- "./server-logs.xml:/var/lib/neo4j/conf/server-logs.xml"
extra_hosts:
- "${LOCAL_DEV_HOST}:host-gateway"
healthcheck:
test: wget http://localhost:7474 || exit 1
interval: 5s
timeout: 5s
retries: 3
depends_on:
keycloak:
condition: service_healthy
neo4j-config-cli:
image: graphaware/neo4j-config-cli:2.6.0
environment:
- NEO4J_USER=neo4j
- NEO4J_PASSWORD=password
- NEO4J_URI=bolt://neo4j:7687
- IMPORT_PATH=/config
volumes:
- "./resources/neo4j-config:/config"
depends_on:
neo4j:
condition: service_healthy
keycloak:
image: quay.io/keycloak/keycloak:${KEYCLOAK_VERSION}
environment:
- KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN_USER}
- KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
- KC_DB=postgres
- KC_DB_URL_HOST=postgres
- KC_DB_URL_DATABASE=postgres
- KC_DB_URL_PORT=5432
- KC_HOSTNAME=keycloak
- KC_HOSTNAME_URL=https://${LOCAL_DEV_HOST}:8443
- KC_HOSTNAME_ADMIN_URL=https://${LOCAL_DEV_HOST}:8443
- KC_DB_USERNAME=keycloak
- KC_DB_PASSWORD=password
- KC_HEALTH_ENABLED=true
- KC_METRICS_ENABLED=true
- KC_HTTP_ENABLED=true
- KC_LEGACY_OBSERVABILITY_INTERFACE=true
command: start --https-certificate-file=/certs/${LOCAL_DEV_HOST}.pem --https-certificate-key-file=/certs/${LOCAL_DEV_HOST}-key.pem
ports:
- "8080:8080"
- "8443:8443"
healthcheck:
test: ["CMD-SHELL", "exec 3<>/dev/tcp/127.0.0.1/8080;echo -e \"GET /health/ready HTTP/1.1\r\nhost: http://localhost\r\nConnection: close\r\n\r\n\" >&3;grep \"HTTP/1.1 200 OK\" <&3"]
interval: 5s
timeout: 5s
retries: 10
depends_on:
postgres:
condition: service_healthy
volumes:
- "./certificates:/certs"
postgres:
image: postgres:14-alpine
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
command: -p 5432
expose:
- "5432:5432" # Publishes 5433 to other containers but NOT to host machine
volumes:
- "./keycloak_data:/var/lib/postgresql/data"
healthcheck:
test: ["CMD-SHELL", "sh -c 'psql -U keycloak -d keycloak'"]
interval: 5s
timeout: 5s
retries: 5
start_period: 5s
keycloak-config:
image: adorsys/keycloak-config-cli:6.1.3-25
environment:
- KEYCLOAK_URL=https://${LOCAL_DEV_HOST}:8443
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=admin123
- KEYCLOAK_AVAILABILITYCHECK_ENABLED=true
- KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=60s
- IMPORT_PATH=/config
- KEYCLOAK_SSL_VERIFY=false
volumes:
- ./resources/keycloak-config:/config
extra_hosts:
- "${LOCAL_DEV_HOST}:host-gateway"
depends_on:
keycloak:
condition: service_healthy
volumes:
neo4j_data:
keycloak_data: