Skip to content

Instantly share code, notes, and snippets.

@andreypopp

andreypopp/docker-compose.yml

Created September 16, 2022 11:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save andreypopp/adc00cb527b3ff95235b9fc7d2b047d2 to your computer and use it in GitHub Desktop.
Save andreypopp/adc00cb527b3ff95235b9fc7d2b047d2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
docker-compose.yml
version: "3.3"
services:
postgres:
image: postgres:12
volumes:
- type: volume
source: pgdata
target: /var/lib/postgresql/data
environment:
- POSTGRES_HOST_AUTH_METHOD=trust
develop:
image: rexdb/build:2022.07.26
command: [sleep, infinity]
working_dir: /app
ports:
- ${SYNC_PORT}:22000
volumes:
- type: volume
source: appenv
target: /app
- type: volume
source: appdata
target: /app/data
- type: volume
source: apprun
target: /app/run
- type: volume
source: appdocs
target: /app/doc/build
- type: volume
source: cache
target: /cache
links:
- postgres
environment:
- PATH=/app/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
- PGHOST=postgres
- PGUSER=postgres
- npm_config_cache=/cache/npm
- YARN_CACHE_FOLDER=/cache/yarn
- PIP_CACHE_DIR=/cache/pip
- REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
- NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
cap_add:
- NET_ADMIN
sysctls:
net.ipv4.conf.all.route_localnet: 1
auth:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.1
command: --config /oauth2-proxy.cfg
volumes:
- type: bind
source: "./oauth2-proxy.cfg"
target: "/oauth2-proxy.cfg"
environment:
OAUTH2_PROXY_COOKIE_SECRET: "$OAUTH2_PROXY_COOKIE_SECRET"
OAUTH2_PROXY_PROVIDER: "$OAUTH2_PROXY_PROVIDER"
OAUTH2_PROXY_CLIENT_ID: "$OAUTH2_PROXY_CLIENT_ID"
OAUTH2_PROXY_CLIENT_SECRET: "$OAUTH2_PROXY_CLIENT_SECRET"
OAUTH2_PROXY_COOKIE_DOMAINS: "10.0.88.2" # an external app domain
OAUTH2_PROXY_COOKIE_SECURE: "false" # THIS IS ONLY FOR DEVELOPMENT! (support non-https)
OAUTH2_PROXY_WHITELIST_DOMAINS: "10.0.88.2"
OAUTH2_PROXY_REDIRECT_URL: "http://10.0.88.2:8080/oauth2/callback"
restart: unless-stopped
nginx:
image: nginx:1.15
command:
- /bin/sh
- -exc
- |
cat > /etc/nginx/conf.d/default.conf <<'EOF'
server {
listen 80;
server_name .localhost;
location /admin {
auth_request /oauth2/auth;
auth_request_set $$app_user $$upstream_http_x_auth_request_email;
error_page 401 = /oauth2/sign_in?rd=$$request_uri;
uwsgi_pass develop:8080;
uwsgi_modifier1 30;
include uwsgi_params;
uwsgi_param SCRIPT_NAME "/admin" if_not_empty;
uwsgi_param REMOTE_USER $$app_user if_not_empty;
}
location = /logout {
return 302 $$scheme://$$http_host/oauth2/sign_out;
}
location /doc {
alias /var/www/doc/html;
absolute_redirect off;
}
location = /oauth2/auth {
internal;
proxy_set_header Host $$host;
proxy_set_header X-Real-IP $$remote_addr;
proxy_set_header X-Scheme $$scheme;
proxy_set_header Content-Length "";
proxy_pass_request_body off;
proxy_pass http://auth:4180/oauth2/auth;
}
location /oauth2 {
proxy_set_header Host $$host;
proxy_set_header X-Real-IP $$remote_addr;
proxy_set_header X-Scheme $$scheme;
proxy_pass http://auth:4180/oauth2;
}
}
EOF
exec nginx -g 'daemon off;'
ports:
- ${HTTP_PORT}:80
volumes:
- type: volume
source: apprun
target: /run/app
- type: volume
source: appdocs
target: /var/www/doc
read_only: true
links:
- develop
volumes:
appenv:
appdata:
apprun:
appdocs:
pgdata:
cache:
external:
name: rexdb-cache
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment