-
-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathdocker-compose.override.yml
130 lines (121 loc) · 4.01 KB
/
docker-compose.override.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
version: '3.4'
services:
reverse-proxy:
# The official v2 Traefik docker image
image: traefik:v2.5.4
container_name: pixel_identity_traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
# command: --api.insecure=true --providers.docker --log.level=DEBUG
labels:
- "traefik.enable=true"
# Use "traefik" router configuration defined into the dynamic config file: ./traefik/config.yml
- "traefik.http.routers.traefik=true"
ports:
# The HTTP port
- "80:80"
# The Https port
- "443:443"
# The Web UI (enabled by --api.insecure=true)
- "8080:8080"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock:ro
# Map the static conf into the container
- ./.traefik/traefik.yml:/etc/traefik/traefik.yml:ro
# Map the dynamic conf into the container
- ./.traefik/config.yml:/etc/traefik/config.yml:ro
# Map the certificats into the container
- ./.certificates:/etc/certs:ro
networks:
- pixel-network
profiles:
- proxy
mongo:
image: mongo:latest
container_name: pixel_identity_mongo
command: --auth
restart: always
volumes:
- mongo-pixel-identiy-store:/data/db
networks:
- pixel-network
environment:
MONGO_INITDB_ROOT_USERNAME: mongoadmin
MONGO_INITDB_ROOT_PASSWORD: mongopass
profiles:
- mongo
mongo-express:
image: mongo-express:latest
container_name: pixel_identity_mongo_dashboard
restart: always
environment:
ME_CONFIG_MONGODB_ADMINUSERNAME: mongoadmin
ME_CONFIG_MONGODB_ADMINPASSWORD: mongopass
ME_CONFIG_MONGODB_URL: mongodb://mongoadmin:mongopass@mongo:27017/
depends_on:
- mongo
labels:
- "traefik.enable=true"
- "traefik.http.routers.mongo-express.rule=Host(`pixel.docker.localhost`) && PathPrefix(`/mongo`)"
- "traefik.http.routers.mongo-express.tls=true"
profiles:
- mongo
networks:
- pixel-network
postgres:
image: postgres:14.1-alpine
container_name: pixel_identity_postgres
restart: always
volumes:
- postgre-pixel-identiy-store:/var/lib/postgresql/data
environment:
POSTGRES_USER: postgresadmin
POSTGRES_PASSWORD: postgrespass
POSTGRES_DB: pixel_identity_db
profiles:
- postgres
networks:
- pixel-network
adminer:
image: adminer:latest
container_name: postgres_dashboard
restart: always
depends_on:
- postgres
labels:
- "traefik.enable=true"
- "traefik.http.routers.adminer.rule=Host(`pixel.docker.localhost`) && PathPrefix(`/adminer`)"
- "traefik.http.routers.adminer.tls=true"
profiles:
- postgres
networks:
- pixel-network
pixel-identity:
container_name: pixel_identity_provider
env_file:
- ./.config/identity.env
environment:
- ASPNETCORE_URLS=http://+
# Certificates required by OpenIdDict for encyrption and signing
- Identity:Certificates:EncryptionCertificatePath=/etc/certs/identity-encryption.pfx
- Identity:Certificates:SigningCertificatePath=/etc/certs/identity-signing.pfx
# Certificate settings when using https.Commented by default as expected setup is behind a reverse proxy with tls termination.
#-Kestrel:Certificates:Default:Path=/etc/certs/pixel-identity-cert.pem
#-Kestrel:Certificates:Default:KeyPath=/etc/certs/pixel-identity-key.pem
volumes:
# volume mount for providing required certificates for OpenIdDict or Kestrel (when using https)
- ./.certificates:/etc/certs:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.pixel-identity.rule=Host(`pixel.docker.localhost`) && PathPrefix(`/pauth`)"
- "traefik.http.routers.pixel-identity.tls=true"
networks:
- pixel-network
volumes:
mongo-pixel-identiy-store:
postgre-pixel-identiy-store:
networks:
pixel-network:
external: true