-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathdocker-compose.yml
101 lines (96 loc) · 3.11 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
services:
web:
image: node:20.9-alpine
container_name: radix-web_container
read_only: true
working_dir: /app
command: [ "sh", "-c", "npm install --prefer-offline --no-audit && chown -R node:node node_modules && npm start" ]
environment:
- npm_config_proxy=${NPM_PROXY}
volumes:
- type: bind
source: .
target: /app
- type: volume
source: node-modules
target: /app/node_modules
- type: volume
target: /root
tmpfs: {}
networks:
- radix
ports:
- "3000:3000"
- "9222:9222"
proxy:
image: nginxinc/nginx-unprivileged:1.26-alpine
container_name: radix-proxy_container
read_only: true
volumes:
- type: bind
source: ./proxy/server.dev.conf
target: /default.conf
- type: bind
source: ./proxy/run_nginx.sh
target: /run_nginx.sh
- type: bind
source: ./src/inject-env-template.js
target: /usr/share/nginx/html/inject-env.js
- type: volume
target: /etc/nginx/conf.d
tmpfs: {}
- type: volume
target: /tmp
tmpfs: {}
command: [ "/bin/sh", "-c", ". run_nginx.sh" ]
networks:
- radix
ports:
- "8080:8080"
depends_on:
- auth
auth:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.7.1
container_name: radix-auth_container
read_only: true
environment:
# See the `radixconfig.yaml` file for a description of these settings
- OAUTH2_PROXY_CLIENT_ID=5687b237-eda3-4ec3-a2a1-023e85a2bd84
- OAUTH2_PROXY_CLIENT_SECRET=${OAUTH2_PROXY_CLIENT_SECRET}
- OAUTH2_PROXY_COOKIE_REFRESH=45m
- OAUTH2_PROXY_COOKIE_SECRET=${OAUTH2_PROXY_COOKIE_SECRET}
- OAUTH2_PROXY_COOKIE_SECURE=false # only for development
- OAUTH2_PROXY_EMAIL_DOMAINS=*
- OAUTH2_PROXY_HTTP_ADDRESS=http://:8000
- OAUTH2_PROXY_OIDC_ISSUER_URL=https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0/v2.0
- OAUTH2_PROXY_SKIP_CLAIMS_FROM_PROFILE_URL=true
- OAUTH2_PROXY_PASS_ACCESS_TOKEN=true
- OAUTH2_PROXY_PASS_BASIC_AUTH=false
- OAUTH2_PROXY_PASS_USER_HEADERS=false
- OAUTH2_PROXY_PROVIDER=oidc
- OAUTH2_PROXY_REDIRECT_URL=http://localhost:8000/oauth2/callback
- OAUTH2_PROXY_REDIS_CONNECTION_URL=redis://auth-state:6379
- OAUTH2_PROXY_SCOPE=openid profile offline_access 6dae42f8-4368-4678-94ff-3960e28e3630/user.read email # offline_access scope needed to get refresh token: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#successful-response-1
- OAUTH2_PROXY_SESSION_STORE_TYPE=redis
- OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
- OAUTH2_PROXY_UPSTREAMS=http://proxy:8080
networks:
- radix
ports:
- "8000:8000" # In prod, this is served on port 443
depends_on:
- auth-state
# for use with development
auth-state:
image: redis:5-alpine
container_name: radix-auth-state_container
networks:
- radix
ports:
- "6379:6379"
volumes:
node-modules:
name: radix-web_node-modules
networks:
radix:
name: radix