KellEngineering
/
cmmc-platform
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cmmc-platform/dev-compose.yaml

134 lines
4.1 KiB
YAML
Raw Permalink Blame History

# version: "3.9"
x-common-env: &common-env
TZ: "UTC"
############################################################
# SERVICES
############################################################
services:
# ──────────────────────────────
# kong:
# image: kong/kong:3.6
# container_name: kong
# restart: unless-stopped
# environment:
# KONG_DATABASE: "off"
# KONG_DECLARATIVE_CONFIG: /config/kong.yml
# KONG_LOG_LEVEL: info
# KONG_PLUGINS: bundled
# KONG_PROXY_ACCESS_LOG: /dev/stdout
# KONG_ADMIN_ACCESS_LOG: /dev/stdout
# KONG_PROXY_ERROR_LOG: /dev/stderr
# KONG_ADMIN_ERROR_LOG: /dev/stderr
# volumes:
# - ./kong:/config
# networks:
# - internal
# - nginx-proxy
# depends_on:
# - fastapi
oauth2-proxy:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
container_name: oauth2-proxy
restart: always
networks:
- internal
- nginx-proxy
environment:
OAUTH2_PROXY_PROVIDER: oidc
OAUTH2_PROXY_OIDC_ISSUER_URL: https://kc.kellsupport.com/realms/cmmc
OAUTH2_PROXY_CLIENT_ID: ${OAUTH2_PROXY_CLIENT_ID}
OAUTH2_PROXY_CLIENT_SECRET: ${OAUTH2_PROXY_CLIENT_SECRET}
OAUTH2_PROXY_REDIRECT_URL: https://api.kellsupport.com/oauth2/callback
OAUTH2_PROXY_COOKIE_SECRET: ${OAUTH2_PROXY_COOKIE_SECRET}
# Forward all traffic to FastAPI (which handles /api/* etc)
OAUTH2_PROXY_UPSTREAMS: http://fastapi:8000
# Secure cookies and session behavior
OAUTH2_PROXY_COOKIE_DOMAIN: api.kellsupport.com
OAUTH2_PROXY_COOKIE_NAME: _oauth2_proxy
OAUTH2_PROXY_COOKIE_SECURE: "true"
OAUTH2_PROXY_COOKIE_HTTPONLY: "false"
OAUTH2_PROXY_COOKIE_SAMESITE: Lax
OAUTH2_PROXY_COOKIE_EXPIRE: 168h
OAUTH2_PROXY_COOKIE_REFRESH: 60m
# Auth config
OAUTH2_PROXY_EMAIL_DOMAINS: "*"
OAUTH2_PROXY_SET_XAUTHREQUEST: "true"
OAUTH2_PROXY_SET_AUTHORIZATION_HEADER: "true"
OAUTH2_PROXY_PASS_ACCESS_TOKEN: "true"
OAUTH2_PROXY_PASS_USER_HEADERS: "true"
OAUTH2_PROXY_PREFER_EMAIL_TO_USER: "true"
OAUTH2_PROXY_COOKIE_CSRF_PER_REQUEST: "true"
OAUTH2_PROXY_CSRF_COOKIE_NAME: _oauth2_proxy_csrf
OAUTH2_PROXY_SHOW_DEBUG_ON_ERROR: "true"
# Optional: PKCE
OAUTH2_PROXY_CODE_CHALLENGE_METHOD: S256
# Health routes allowed anonymously
OAUTH2_PROXY_SKIP_AUTH_ROUTES: GET=^/gateway-health$,GET=^/healthz$,GET=^/favicon\.ico$
OAUTH2_PROXY_SKIP_PROVIDER_BUTTON: "true"
# Networking
OAUTH2_PROXY_HTTP_ADDRESS: 0.0.0.0:4180
OAUTH2_PROXY_REVERSE_PROXY: "true"
expose:
- "4180"
# ──────────────────────────────
fastapi:
image: cmmc-fastapi:latest
container_name: fastapi
restart: unless-stopped
environment:
<<: *common-env
# Default to local container; overridden by external URL in Makefile/CI
KEYCLOAK_URL: "${KEYCLOAK_URL:-http://keycloak:8080}"
KEYCLOAK_REALM: "cmmc"
KEYCLOAK_CLIENT_ID: "frontend"
# ports:
# # keep reachable only from localhost, not LAN
# - "127.0.0.1:8008:8000"
networks: [internal]
# ──────────────────────────────
# Starts ONLY when profile `idp` is requested
keycloak:
image: quay.io/keycloak/keycloak:25.0.0
container_name: keycloak
command: start-dev
profiles: ["idp"] # ← optional profile flag
restart: unless-stopped
environment:
<<: *common-env
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
KC_PROXY_HEADERS: xforwarded
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/realms/master"]
interval: 10s
retries: 5
networks: [internal, nginx-proxy]
############################################################
# NETWORKS
############################################################
networks:
internal:
driver: bridge
nginx-proxy: # external bridge Nginx-Proxy-Manager already uses
external: true
name: nginx-proxy
Reference in New Issue View Git Blame Copy Permalink