dictcp/Dockerfile

## docker-compose.yaml
services:
  oauth2_proxy2:
    image: quay.io/pusher/oauth2_proxy
    restart: unless-stopped
    labels:
      - traefik.enable=true
      - traefik.backend=oauth2_proxy2
      - traefik.frontend.rule=Host:xxxxxxxxxxxxx.com
      - traefik.port=8080
    expose:
      - "8080"
    command:
      - '-upstream=http://nginx_add_role:80'
      - '-http-address=0.0.0.0:8080'
      - '-redirect-url=https://xxxxxxxxxxxxx.com/oauth2/callback'
      - '-provider=github'
      - '-email-domain=*'
    env_file: .env
    # including
    # environment:
    #   - OAUTH2_PROXY_CLIENT_ID=
    #   - OAUTH2_PROXY_CLIENT_SECRET=
    #   - OAUTH2_PROXY_COOKIE_SECRET=
  nginx_add_role:
    image: openresty/openresty:alpine
    volumes:
      - ./vhost.conf:/etc/nginx/conf.d/default.conf
    expose:
      - "80"
  rundeck:
    image: rundeck/rundeck:3.1.2
    build: ./
    environment:
      - JVM_MAX_RAM_FRACTION=6
      - RUNDECK_GRAILS_URL=https://xxxxxxxxxxxxx.com
      - RUNDECK_SERVER_FORWARDED=true
      # db
      - RUNDECK_DATABASE_DRIVER=com.mysql.jdbc.Driver
      - RUNDECK_DATABASE_USERNAME=rundeck
      - RUNDECK_DATABASE_PASSWORD=rundeck
      - RUNDECK_DATABASE_URL=jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false
      # authn & authz
      - RUNDECK_PREAUTH_ENABLED=true
      - RUNDECK_PREAUTH_ATTRIBUTE_NAME=REMOTE_USER_GROUPS
      - RUNDECK_PREAUTH_DELIMITER=,
      - RUNDECK_PREAUTH_USERNAME_HEADER=X-Forwarded-User
      - RUNDECK_PREAUTH_ROLES_HEADER=X-Forwarded-Roles
      - RUNDECK_PREAUTH_REDIRECT_LOGOUT=false
      - RUNDECK_PREAUTH_REDIRECT_URL=/oauth2/sign_in
      # s3 storage support
      - RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_NAME=com.rundeck.rundeckpro.amazon-s3
      - RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_BUCKET=${RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_BUCKET}
      - RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_REGION=${RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_REGION}
    volumes:
      - rundeck-data:/home/rundeck/server/data
    expose:
      - 4440
  mysql:
    image: mysql:5.7
    expose:
      - 3306
    environment:
      - MYSQL_ROOT_PASSWORD=root
      - MYSQL_DATABASE=rundeck
      - MYSQL_USER=rundeck
      - MYSQL_PASSWORD=rundeck
    volumes:
      - db-data:/var/lib/mysql

volumes:
  db-data:
  rundeck-data:

## Dockerfile
FROM rundeck/rundeck:3.1.2

RUN cd ./libext && wget https://github.com/rundeck-plugins/rundeck-s3-log-plugin/releases/download/v1.0.8/rundeck-s3-log-plugin-1.0.8.jar
RUN cd ./libext && wget https://github.com/rundeck-plugins/rundeck-ec2-nodes-plugin/releases/download/v1.5.12/rundeck-ec2-nodes-plugin-1.5.12.jar
RUN cd ./libext && wget https://github.com/rundeck-plugins/slack-incoming-webhook-plugin/releases/download/v1.2.5/slack-incoming-webhook-plugin-1.2.5.jar
RUN cd ./libext && wget https://github.com/rundeck-plugins/kubernetes/releases/download/1.0.12/kubernetes-plugin-1.0.12.zip

RUN chown -R rundeck:root ./libext

## vhost.conf

  map $http_x_forwarded_email $rundeck_role {
    default       "";

    "root@example.com"    "admin";
    "user1@example.com"   "users";
    "user2@example.com"   "users";
  }


  server {
    resolver 8.8.8.8 valid=10s;

    location / {
      proxy_set_header X-Forwarded-Roles $rundeck_role;
      proxy_pass http://rundeck:4440;
    }
  }
	services:
	oauth2_proxy2:
	image: quay.io/pusher/oauth2_proxy
	restart: unless-stopped
	labels:
	- traefik.enable=true
	- traefik.backend=oauth2_proxy2
	- traefik.frontend.rule=Host:xxxxxxxxxxxxx.com
	- traefik.port=8080
	expose:
	- "8080"
	command:
	- '-upstream=http://nginx_add_role:80'
	- '-http-address=0.0.0.0:8080'
	- '-redirect-url=https://xxxxxxxxxxxxx.com/oauth2/callback'
	- '-provider=github'
	- '-email-domain=*'
	env_file: .env
	# including
	# environment:
	# - OAUTH2_PROXY_CLIENT_ID=
	# - OAUTH2_PROXY_CLIENT_SECRET=
	# - OAUTH2_PROXY_COOKIE_SECRET=
	nginx_add_role:
	image: openresty/openresty:alpine
	volumes:
	- ./vhost.conf:/etc/nginx/conf.d/default.conf
	expose:
	- "80"
	rundeck:
	image: rundeck/rundeck:3.1.2
	build: ./
	environment:
	- JVM_MAX_RAM_FRACTION=6
	- RUNDECK_GRAILS_URL=https://xxxxxxxxxxxxx.com
	- RUNDECK_SERVER_FORWARDED=true
	# db
	- RUNDECK_DATABASE_DRIVER=com.mysql.jdbc.Driver
	- RUNDECK_DATABASE_USERNAME=rundeck
	- RUNDECK_DATABASE_PASSWORD=rundeck
	- RUNDECK_DATABASE_URL=jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false
	# authn & authz
	- RUNDECK_PREAUTH_ENABLED=true
	- RUNDECK_PREAUTH_ATTRIBUTE_NAME=REMOTE_USER_GROUPS
	- RUNDECK_PREAUTH_DELIMITER=,
	- RUNDECK_PREAUTH_USERNAME_HEADER=X-Forwarded-User
	- RUNDECK_PREAUTH_ROLES_HEADER=X-Forwarded-Roles
	- RUNDECK_PREAUTH_REDIRECT_LOGOUT=false
	- RUNDECK_PREAUTH_REDIRECT_URL=/oauth2/sign_in
	# s3 storage support
	- RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_NAME=com.rundeck.rundeckpro.amazon-s3
	- RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_BUCKET=${RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_BUCKET}
	- RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_REGION=${RUNDECK_PLUGIN_EXECUTIONFILESTORAGE_S3_REGION}
	volumes:
	- rundeck-data:/home/rundeck/server/data
	expose:
	- 4440
	mysql:
	image: mysql:5.7
	expose:
	- 3306
	environment:
	- MYSQL_ROOT_PASSWORD=root
	- MYSQL_DATABASE=rundeck
	- MYSQL_USER=rundeck
	- MYSQL_PASSWORD=rundeck
	volumes:
	- db-data:/var/lib/mysql

	volumes:
	db-data:
	rundeck-data:
	FROM rundeck/rundeck:3.1.2

	RUN cd ./libext && wget https://github.com/rundeck-plugins/rundeck-s3-log-plugin/releases/download/v1.0.8/rundeck-s3-log-plugin-1.0.8.jar
	RUN cd ./libext && wget https://github.com/rundeck-plugins/rundeck-ec2-nodes-plugin/releases/download/v1.5.12/rundeck-ec2-nodes-plugin-1.5.12.jar
	RUN cd ./libext && wget https://github.com/rundeck-plugins/slack-incoming-webhook-plugin/releases/download/v1.2.5/slack-incoming-webhook-plugin-1.2.5.jar
	RUN cd ./libext && wget https://github.com/rundeck-plugins/kubernetes/releases/download/1.0.12/kubernetes-plugin-1.0.12.zip

	RUN chown -R rundeck:root ./libext

	map $http_x_forwarded_email $rundeck_role {
	default "";

	"root@example.com" "admin";
	"user1@example.com" "users";
	"user2@example.com" "users";
	}


	server {
	resolver 8.8.8.8 valid=10s;

	location / {
	proxy_set_header X-Forwarded-Roles $rundeck_role;
	proxy_pass http://rundeck:4440;
	}
	}