-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
136 lines (128 loc) · 4.49 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
services:
hydra:
image: oryd/hydra:v2.2
command: serve public --dev -c /etc/config/hydra/hydra.yml
configs:
- source: hydra_config
target: /etc/config/hydra/hydra.yml
environment:
- LOG_LEVEL=${HYDRA_LOG_LEVEL:-warn}
- LOG_FORMAT=${HYDRA_LOG_FORMAT:-json}
- DSN=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@hydra-postgresd:5432/${POSTGRES_DB}?sslmode=disable&max_conns=20&max_idle_conns=4
- URLS_SELF_ISSUER=${URLS_SELF_ISSUER:-http://localhost:4444/}
- URLS_SELF_PUBLIC=${URLS_SELF_PUBLIC:-http://localhost:4444/}
- URLS_LOGIN=${URLS_LOGIN}
- URLS_REGISTRATION=${URLS_REGISTRATION}
- URLS_CONSENT=${URLS_CONSENT}
- URLS_LOGOUT=${URLS_LOGOUT}
- URLS_ERROR=${URLS_ERROR}
- OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT=${OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT}
- SECRETS_COOKIE=${SECRETS_COOKIE}
- SECRETS_SYSTEM=${SECRETS_SYSTEM}
restart: unless-stopped
depends_on:
- hydra-migrate
- hydra-postgresd
hydra-admin:
image: oryd/hydra:v2.2
command: serve admin -c /etc/config/hydra/hydra.yml
configs:
- source: hydra_config
target: /etc/config/hydra/hydra.yml
environment:
- LOG_LEVEL=${HYDRA_LOG_LEVEL:-warn}
- LOG_FORMAT=${HYDRA_LOG_FORMAT:-json}
- DSN=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@hydra-postgresd:5432/${POSTGRES_DB}?sslmode=disable&max_conns=20&max_idle_conns=4
- URLS_SELF_ISSUER=${URLS_SELF_ISSUER:-http://localhost:4444/}
- URLS_SELF_PUBLIC=${URLS_SELF_PUBLIC:-http://localhost:4444/}
- URLS_LOGIN=${URLS_LOGIN}
- URLS_REGISTRATION=${URLS_REGISTRATION}
- URLS_CONSENT=${URLS_CONSENT}
- URLS_LOGOUT=${URLS_LOGOUT}
- URLS_ERROR=${URLS_ERROR}
- OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT=${OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT}
- SECRETS_COOKIE=${SECRETS_COOKIE}
- SECRETS_SYSTEM=${SECRETS_SYSTEM}
restart: unless-stopped
depends_on:
- hydra-migrate
- hydra-postgresd
hydra-migrate:
image: oryd/hydra:v2.2
command: migrate -c /etc/config/hydra/hydra.yml sql -e --yes
configs:
- source: hydra_config
target: /etc/config/hydra/hydra.yml
depends_on:
- hydra-postgresd
environment:
- LOG_LEVEL=${HYDRA_LOG_LEVEL:-warn}
- LOG_FORMAT=${HYDRA_LOG_FORMAT:-json}
- DSN=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@hydra-postgresd:5432/${POSTGRES_DB}?sslmode=disable&max_conns=20&max_idle_conns=4
- URLS_SELF_ISSUER=${URLS_SELF_ISSUER:-http://localhost:4444/}
- URLS_SELF_PUBLIC=${URLS_SELF_PUBLIC:-http://localhost:4444/}
- URLS_LOGIN=${URLS_LOGIN}
- URLS_REGISTRATION=${URLS_REGISTRATION}
- URLS_CONSENT=${URLS_CONSENT}
- URLS_LOGOUT=${URLS_LOGOUT}
- URLS_ERROR=${URLS_ERROR}
- OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT=${OIDC_SUBJECT_IDENTIFIERS_PAIRWISE_SALT}
- SECRETS_COOKIE=${SECRETS_COOKIE}
- SECRETS_SYSTEM=${SECRETS_SYSTEM}
restart: on-failure
hydra-postgresd:
image: postgres:16
restart: always
volumes:
- hydra_db_data:/var/lib/postgresql/data
environment:
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_DB=${POSTGRES_DB}
healthcheck:
test: ["CMD-SHELL", "pg_isready"]
interval: 10s
timeout: 5s
retries: 5
oathkeeper:
image: oryd/oathkeeper:v0.40
depends_on:
- hydra
- hydra-login-consent
command: serve proxy -c "/etc/config/oathkeeper/oathkeeper.yml"
configs:
- source: oathkeeper_config
target: /etc/config/oathkeeper/oathkeeper.yml
- source: oathkeeper_rules
target: /etc/config/oathkeeper/access-rules.yml
environment:
- LOG_LEVEL=${OATHKEEPER_LOG_LEVEL:-warn}
- LOG_FORMAT=${OATHKEEPER_LOG_FORMAT:-json}
- SERVE_PROXY_PORT=${SERVE_PROXY_PORT:-4455}
restart: on-failure
hydra-login-consent:
build:
context: ./hydra-login-consent
environment:
- HYDRA_ADMIN_URL=http://hydra-admin:4445
- PORT=8080
restart: unless-stopped
depends_on:
- hydra-admin
hydra-cleanup:
build:
context: ./hydra-cleanup
environment:
- HYDRA_ADMIN_URL=http://hydra-admin:4445
restart: on-failure
depends_on:
- hydra-admin
configs:
hydra_config:
file: .docker/hydra/hydra.yml
oathkeeper_config:
file: .docker/oathkeeper/oathkeeper.yml
oathkeeper_rules:
file: .docker/oathkeeper/access-rules.yml
volumes:
hydra_db_data: