forked from gregberns/forward-auth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yml
109 lines (101 loc) · 2.76 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
version: '3.7'
services:
reverse-proxy:
image: traefik:v2.1
command: --api.insecure=true --providers.docker --log.level=DEBUG
ports:
- "80:80"
- "81:8080"
networks:
- api
- auth
volumes:
- /var/run/docker.sock:/var/run/docker.sock
svc1:
build:
context: ./svc1
dockerfile: ./Dockerfile
ports:
- "3000:3000"
networks:
- api
labels:
- "traefik.http.routers.svc1.rule=PathPrefix(`/svc1/`)"
- "traefik.http.routers.svc1.middlewares=svc1-stripprefix, svc1-forwardauth-address, svc1-forwardauth-trust"
- "traefik.http.middlewares.svc1-stripprefix.stripprefix.prefixes=/svc1"
- "traefik.http.middlewares.svc1-forwardauth-address.forwardauth.address=http://auth-svc:3000/verify"
- "traefik.http.middlewares.svc1-forwardauth-trust.forwardauth.trustForwardHeader=false"
# - "traefik.http.middlewares.svc1-forwardauth-headers.forwardauth.authResponseHeaders=X-Injected-UserInfo"
- "traefik.http.services.svc1.loadbalancer.server.port=3000"
auth-svc:
build:
context: ./auth-svc
dockerfile: ./Dockerfile
ports:
- "8889:3000"
environment:
- JWT_SECRET_PATH=/run/secrets/jwt_secret_token
networks:
- auth
secrets:
- jwt_secret_token
secrets:
- source: jwt_secret_token
target: jwt_secret_token
keycloak:
image: jboss/keycloak:6.0.1
ports:
- "8888:8080"
environment:
DB_VENDOR: postgres
DB_ADDR: keycloak-db
DB_PORT: 5432
DB_DATABASE: keycloak
DB_USER: keycloak
DB_PASSWORD: password
KEYCLOAK_USER_FILE: /run/secrets/keycloak_user
KEYCLOAK_PASSWORD_FILE: /run/secrets/keycloak_password
# https://stackoverflow.com/a/47200330/684966
PROXY_ADDRESS_FORWARDING: "true"
secrets:
- keycloak_user
- keycloak_password
networks:
# - api
- auth
labels:
- "traefik.http.routers.auth.rule=PathPrefix(`/auth`)"
- "traefik.http.services.auth.loadbalancer.server.port=8080"
deploy:
mode: replicated
replicas: 1
labels:
- "traefik.http.routers.auth.rule=PathPrefix(`/auth`)"
- "traefik.http.services.auth.loadbalancer.server.port=8080"
keycloak-db:
image: postgres:11.1-alpine
ports:
- target: 5432
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: password
networks:
- auth
ldap:
image: rroemhild/test-openldap
ports:
- "389:389"
- "636:636"
networks:
- auth
secrets:
keycloak_user:
file: ./keycloak_user_file.txt
keycloak_password:
file: ./keycloak_password_file.txt
jwt_secret_token:
file: ./auth-svc-data/jwt-secret.txt
networks:
auth:
api: