simple-directory/docker-compose.yml at master · data-fair/simple-directory · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
services:
  #####
  # reverse proxy for the whole environment
  #####

  nginx:
    image: nginx:1.23.1-alpine
    profiles:
      - dev
      - test
    network_mode: host
    environment:
      - NGINX_PORT1=${NGINX_PORT1}
      - NGINX_PORT2=${NGINX_PORT2}
      - NGINX_PORT3=${NGINX_PORT3}
      - NGINX_PORT4=${NGINX_PORT4}
      - DEV_API_PORT=${DEV_API_PORT}
      - DEV_UI_PORT=${DEV_UI_PORT}
      - MAILDEV_UI_PORT=${MAILDEV_UI_PORT}
      - EVENTS_PORT=${EVENTS_PORT}
    volumes:
      - ./dev/resources/nginx.conf.template:/etc/nginx/templates/default.conf.template:ro

  #####
  # mail server mock
  #####

  maildev:
    profiles:
      - dev
      - test
    image: maildev/maildev:2.1.0
    ports:
      - ${MAILDEV_UI_PORT}:1080
      - ${MAILDEV_SMTP_PORT}:1025
    # https://github.com/maildev/maildev/issues/484
    healthcheck:
      test: 'wget -O - http://127.0.0.1:$${MAILDEV_WEB_PORT}$${MAILDEV_BASE_PATHNAME}/healthz || exit 1'

  #####
  # auth providers
  #####

  ldap:
    profiles:
      - dev
      - test
    image: osixia/openldap:1.4.0
    volumes:
      - ./dev/data/ldap:/var/lib/ldap
      - ./dev/data/slapd.d:/etc/ldap/slapd.d
      - ./dev/resources:/test-resources
    ports:
      - ${LDAP_PORT}:389
  ldap-admin:
    profiles:
      - dev
    image: osixia/phpldapadmin:0.9.0
    ports:
      # open over HTTPS https://localhost:6443/
      # log with cn=admin,dc=example,dc=org / admin
      - ${LDAP_ADMIN_PORT}:443
    environment:
      - PHPLDAPADMIN_LDAP_HOSTS=ldap

  # A saml provider for dev/testing
  # open at http://localhost:8080/simplesaml admin:secret
  # users are :
  # user1	user1pass	group1	user1@example.com
  # user2	user2pass	group2	user2@example.com
  saml-provider:
    profiles:
      - dev
    image: kristophjunge/test-saml-idp:1.15
    network_mode: host
    environment:
      - SIMPLESAMLPHP_SP_ENTITY_ID=http://localhost:${NGINX_PORT1}/simple-directory/api/auth/saml2-metadata.xml
      - SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE=http://localhost:${NGINX_PORT1}/simple-directory/api/auth/saml2-assert
      - SIMPLESAMLPHP_SP_SINGLE_LOGOUT_SERVICE=http://localhost:${NGINX_PORT1}/simple-directory/api/auth/saml2-logout

  # WARNING: does not work on a recent chrome, this provider tries to use a cookie with samesite=none option and this is not permitted without https
  # list of users : harley@qlik.example
  # harley@qlik.example Password1!
  oidc-provider:
    profiles:
      - dev
      - test
    image: qlik/simple-oidc-provider:0.2.5
    network_mode: host
    environment:
      - REDIRECTS=http://localhost:${NGINX_PORT1}/simple-directory/api/auth/oauth-callback
      - PORT=${OIDC_PROVIDER_PORT}
      - IDP_NAME=http://localhost:${OIDC_PROVIDER_PORT}

  keycloak:
    profiles:
      - dev
      - test
    image: quay.io/keycloak/keycloak:23.0.4
    user: root
    environment:
      - KEYCLOAK_ADMIN=admin
      - KEYCLOAK_ADMIN_PASSWORD=admin
    network_mode: host
    volumes:
      - ./dev/data/keycloak:/opt/keycloak/data/
    command: ["start-dev", "--http-port=${KEYCLOAK_PORT}"]
    healthcheck:
      test: ["CMD", "bash", "-c", "exec 3<>/dev/tcp/localhost/${KEYCLOAK_PORT} && printf 'GET /realms/master/.well-known/openid-configuration HTTP/1.1\\r\\nHost: localhost:${KEYCLOAK_PORT}\\r\\nConnection: close\\r\\n\\r\\n' >&3 && head -n 1 <&3 | grep -q '200'"]
      interval: 5s
      timeout: 5s
      retries: 40
      start_period: 10s

  #####
  # related services from the data-fair stack
  #####

  events:
    profiles:
      - dev
    image: ghcr.io/data-fair/events:main
    network_mode: host
    environment:
      - PORT=${EVENTS_PORT}
      - PUBLIC_URL=http://localhost:${NGINX_PORT1}/notify
      - WS_PUBLIC_URL=ws://localhost:${NGINX_PORT1}/notify
      - PRIVATE_DIRECTORY_URL=http://localhost:${NGINX_PORT1}/simple-directory
      - SECRET_EVENTS=secret-events
      - SECRET_IDENTITIES=secret-identities
      - SECRET_SENDMAILS=secret-sendmails
      - OBSERVER_ACTIVE=false

  #####
  # db
  #####

  mongo:
    profiles:
      - dev
      - test
    image: mongo:4.2
    ports:
      - ${MONGO_PORT}:27017
    volumes:
      - mongo-data:/data/db

volumes:
  mongo-data: