-
Notifications
You must be signed in to change notification settings - Fork 1
/
docker-compose-production.yml
114 lines (114 loc) · 4.16 KB
/
docker-compose-production.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
networks:
internal:
services:
reverse-proxy:
# The official v2 Traefik docker image
image: traefik:v2.8
# Enables the web UI and tells Traefik to listen to docker
command: --providers.docker
ports:
# The HTTP port
- "80:80"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock:ro
labels:
- traefik.http.middlewares.oathkeeper.forwardauth.address=http://oathkeeper:4456/decisions
- traefik.http.middlewares.oathkeeper.forwardauth.authResponseHeaders=X-Id-Token,Authorization,X-User,Cookie
networks:
- internal
oathkeeper:
build:
dockerfile: ./containers/oathkeeper/Dockerfile
context: .
networks:
- internal # source-of-bug previously
server:
build:
dockerfile: ./containers/flask/Dockerfile
context: .
image: twig_server:latest
networks:
- internal
labels:
- traefik.enable=true
- traefik.http.routers.api-router.middlewares=my-chain
- traefik.http.middlewares.my-chain.chain.middlewares=cors,api-stripprefix,oathkeeper
- traefik.http.middlewares.cors.headers.accesscontrolallowcredentials=true
- traefik.http.middlewares.cors.headers.accesscontrolallowmethods=GET,POST,DELETE,PATCH,OPTIONS,PUT
- traefik.http.middlewares.cors.headers.accesscontrolalloworiginlist=http://twig.tchlabs.net:5173
- traefik.http.middlewares.cors.headers.accesscontrolallowheaders=Cookie,X-User
- traefik.http.middlewares.cors.headers.accesscontrolexposeheaders=Cookie,X-User
- traefik.http.middlewares.cors.headers.accesscontrolmaxage=100
- traefik.http.middlewares.api-stripprefix.stripprefix.prefixes=/api
- traefik.http.routers.api-router.rule=Host(`twig.tchlabs.net`)&&PathPrefix(`/api`)
- traefik.http.routers.api-router.service=api
- traefik.http.services.api.loadbalancer.server.port=5000
neo4j:
image: neo4j:latest
ports:
- "7474:7474"
- "7473:7473"
- "7687:7687"
networks:
- internal
kratos-migrate:
image: oryd/kratos:v0.9.0-alpha.2
environment:
- DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc
volumes:
- type: volume
source: kratos-sqlite
target: /var/lib/sqlite
read_only: false
- type: bind
source: ./containers/kratos
target: /etc/config/kratos
command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
restart: on-failure
networks:
- internal
kratos:
depends_on:
- kratos-migrate
image: oryd/kratos:v0.9.0-alpha.2
restart: unless-stopped
environment:
- DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true
command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier
volumes:
- type: bind
source: ./containers/kratos
target: /etc/config/kratos
- type: volume
source: kratos-sqlite
target: /var/lib/sqlite
read_only: false
networks:
- internal
labels:
- traefik.enable=true
- traefik.http.routers.kratos-router.rule=Host(`twig.tchlabs.net`)&&PathPrefix(`/kratos`)
- traefik.http.routers.kratos-router.middlewares=kratos-stripprefix,cors
- traefik.http.middlewares.kratos-stripprefix.stripprefix.prefixes=/kratos
- traefik.http.routers.kratos-router.service=kratos
- traefik.http.services.kratos.loadbalancer.server.port=4433
kratos-selfservice-ui-node:
image: oryd/kratos-selfservice-ui-node:v0.9.0-alpha.2
environment:
- PORT=4455
- KRATOS_PUBLIC_URL=http://kratos:4433/
- KRATOS_BROWSER_URL=http://twig.tchlabs.net/kratos
- BASE_PATH=http://twig.tchlabs.net/auth
networks:
- internal
restart: on-failure
labels:
- traefik.enable=true
- traefik.http.routers.selfservice-router.rule=Host(`twig.tchlabs.net`)&&PathPrefix(`/auth`)
- traefik.http.routers.selfservice-router.middlewares=auth-stripprefix
- traefik.http.middlewares.auth-stripprefix.stripprefix.prefixes=/auth
- traefik.http.routers.selfservice-router.service=selfservice
- traefik.http.services.selfservice.loadbalancer.server.port=4455
volumes:
kratos-sqlite: