-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yaml
More file actions
144 lines (133 loc) · 3.62 KB
/
docker-compose.yaml
File metadata and controls
144 lines (133 loc) · 3.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
networks:
celine_security_net:
services:
keycloak-sync:
build:
context: .
dockerfile: Dockerfile
restart: "no"
volumes:
- ./clients.yaml:/app/clients.yaml:ro
depends_on:
keycloak:
condition: service_healthy
environment:
- CELINE_KEYCLOAK_SECRETS_FILE=/tmp/.secrets.yaml
entrypoint: ["/bin/sh", "-euc"]
command:
- >
celine-policies keycloak bootstrap --admin-user admin --admin-password admin &&
celine-policies keycloak sync
extra_hosts:
- "keycloak.celine.localhost:172.17.0.1"
- "api.celine.localhost:172.17.0.1"
mqtt_auth:
build:
context: .
dockerfile: Dockerfile
ports:
- "8009:8009"
- "48009:48009"
volumes:
# Mount policies for hot-reload during development
- ./policies:/app/policies:ro
environment:
- CELINE_POLICIES_DATA_DIR=/app/policies
healthcheck:
test:
[
"CMD",
".venv/bin/python",
"-c",
"import httpx; httpx.get('http://localhost:8009/health').raise_for_status()",
]
interval: 10s
timeout: 5s
retries: 5
depends_on:
keycloak-sync:
condition: service_completed_successfully
networks:
- celine_security_net
extra_hosts:
- "keycloak.celine.localhost:172.17.0.1"
- "api.celine.localhost:172.17.0.1"
mosquitto:
image: ghcr.io/lhns/mosquitto-go-auth:3.3.0-mosquitto_2.0.22
ports:
- "1883:1883"
- "1884:1884"
volumes:
- ./config/mosquitto:/etc/mosquitto:ro
- ./data/mosquitto/data:/data:rw
- ./data/mosquitto/logs:/logs:rw
depends_on:
redis:
condition: service_started
mqtt_auth:
condition: service_healthy
networks:
- celine_security_net
extra_hosts:
- "keycloak.celine.localhost:172.17.0.1"
- "api.celine.localhost:172.17.0.1"
redis:
image: redis:7.2-alpine
restart: unless-stopped
command: >
redis-server
--appendonly yes
--save 60 1000
--maxmemory 512mb
--maxmemory-policy allkeys-lru
networks:
- celine_security_net
keycloak:
# Keycloak is an open-source identity and access management solution.
image: quay.io/keycloak/keycloak:26.4.0
command: start-dev --import-realm
environment:
KC_DB: dev-file
# pgsql
# KC_DB: postgres
# KC_DB_URL: jdbc:postgresql://db:5432/keycloak
# KC_DB_USERNAME: keycloak
# KC_DB_PASSWORD: keycloak
KC_BOOTSTRAP_ADMIN_USERNAME: admin
KC_BOOTSTRAP_ADMIN_PASSWORD: admin
KC_HTTP_ENABLED: "true"
KC_HTTP_PORT: 8080
KC_HEALTH_ENABLED: "true"
KC_HOSTNAME: keycloak.celine.localhost
KC_HOSTNAME_BACKCHANNEL_DYNAMIC: "false"
KC_HOSTNAME_STRICT: "false"
KC_PROXY: edge
KC_PROXY_HEADERS: forwarded
volumes:
- ./config/keycloak/import:/opt/keycloak/data/import:ro
- ./keycloak/themes/rec:/opt/keycloak/themes/rec:ro
networks:
- celine_security_net
healthcheck:
test: ["CMD-SHELL", "exec 3<>/dev/tcp/localhost/9000"]
interval: 5s
timeout: 5s
retries: 15
ports:
- 8080:8080
oauth2-proxy:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.11.0
restart: unless-stopped
command:
- "--config=/etc/oauth2-proxy/oauth2-proxy.cfg"
volumes:
- ./config/oauth2-proxy/oauth2-proxy.cfg:/etc/oauth2-proxy/oauth2-proxy.cfg:ro
networks:
- celine_security_net
depends_on:
keycloak:
condition: service_healthy
extra_hosts:
- "keycloak.celine.localhost:172.17.0.1"
ports:
- 4180:4180