-
-
Notifications
You must be signed in to change notification settings - Fork 233
Expand file tree
/
Copy pathcompose.yaml
More file actions
162 lines (155 loc) · 6 KB
/
compose.yaml
File metadata and controls
162 lines (155 loc) · 6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
services:
php:
image: ${IMAGES_PREFIX:-}app-php
depends_on:
database:
condition: service_started
pwa:
condition: service_started
keycloak:
condition: service_started
redis:
condition: service_healthy
restart: unless-stopped
environment:
CACHE_INVALIDATION_URL: "http://localhost:2019/souin-api/souin"
PWA_UPSTREAM: pwa:3000
OIDC_UPSTREAM: keycloak:8080
SERVER_NAME: ${SERVER_NAME:-localhost}, php:80
MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
TRUSTED_PROXIES: ${TRUSTED_PROXIES:-127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16}
TRUSTED_HOSTS: ${TRUSTED_HOSTS:-^${SERVER_NAME:-example\.com|localhost}|php$$}
DATABASE_URL: postgresql://${POSTGRES_USER:-app}:${POSTGRES_PASSWORD:-!ChangeMe!}@database:5432/${POSTGRES_DB:-app}?serverVersion=${POSTGRES_VERSION:-16}&charset=${POSTGRES_CHARSET:-utf8}
MERCURE_URL: ${CADDY_MERCURE_URL:-http://php/.well-known/mercure}
MERCURE_PUBLIC_URL: ${CADDY_MERCURE_PUBLIC_URL:-https://${SERVER_NAME:-localhost}:${HTTPS_PORT:-443}/.well-known/mercure}
MERCURE_JWT_SECRET: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
OIDC_SERVER_URL: ${OIDC_SERVER_URL:-https://localhost/oidc/realms/demo}
OIDC_SERVER_URL_INTERNAL: ${OIDC_SERVER_URL_INTERNAL:-http://keycloak:8080/oidc/realms/demo}
volumes:
- caddy_data:/data
- caddy_config:/config
ports:
# HTTP
- target: 80
published: ${HTTP_PORT:-80}
protocol: tcp
# HTTPS
- target: 443
published: ${HTTPS_PORT:-443}
protocol: tcp
# HTTP/3
- target: 443
published: ${HTTP3_PORT:-443}
protocol: udp
healthcheck:
test: curl --insecure --fail https://localhost/docs || exit 1
timeout: 5s
retries: 5
start_period: 60s
pwa:
image: ${IMAGES_PREFIX:-}app-pwa
depends_on:
database:
condition: service_healthy
environment:
NEXT_PUBLIC_ENTRYPOINT: http://php
NEXT_PUBLIC_OIDC_CLIENT_ID: ${OIDC_CLIENT_ID:-api-platform-pwa}
NEXT_PUBLIC_OIDC_SERVER_URL: ${OIDC_SERVER_URL:-https://localhost/oidc/realms/demo}
NEXT_PUBLIC_OIDC_SERVER_URL_INTERNAL: ${OIDC_SERVER_URL_INTERNAL:-http://keycloak:8080/oidc/realms/demo}
NEXT_PUBLIC_OIDC_AUTHORIZATION_CLIENT_ID: ${OIDC_AUTHORIZATION_CLIENT_ID:-api-platform-api}
OIDC_CLIENT_SECRET: ${OIDC_CLIENT_SECRET:-!ChangeThisPwaClientSecret!}
BETTER_AUTH_SECRET: ${BETTER_AUTH_SECRET:-!ChangeThisBetterAuthSecret!}
BETTER_AUTH_URL: ${BETTER_AUTH_URL:-https://localhost/api/auth}
BETTER_AUTH_DATABASE_URL: postgresql://${POSTGRES_USER:-app}:${POSTGRES_PASSWORD:-!ChangeMe!}@database:5432/${POSTGRES_DB:-app}
NEXT_SHARP_PATH: /srv/app/node_modules/sharp
healthcheck:
test: curl -f http://localhost:3000 || exit 1
timeout: 5s
interval: 5s
retries: 5
start_period: 60s
###> doctrine/doctrine-bundle ###
database:
image: docker.io/postgres:${POSTGRES_VERSION:-16}-alpine
environment:
- POSTGRES_DB=${POSTGRES_DB:-app}
# You should definitely change the password in production
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-!ChangeMe!}
- POSTGRES_USER=${POSTGRES_USER:-app}
healthcheck:
test: ["CMD", "pg_isready", "-d", "${POSTGRES_DB:-app}", "-U", "${POSTGRES_USER:-app}"]
timeout: 5s
retries: 5
start_period: 60s
volumes:
- database_data:/var/lib/postgresql/data:rw
# You may use a bind-mounted host directory instead, so that it is harder to accidentally remove the volume and lose all your data!
# - ./api/docker/db/data:/var/lib/postgresql/data:rw
###< doctrine/doctrine-bundle ###
# Mercure is installed as a Caddy module, prevent the Flex recipe from installing another service
###> symfony/mercure-bundle ###
###< symfony/mercure-bundle ###
redis:
image: docker.io/redis:8-alpine
restart: unless-stopped
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 3s
retries: 5
volumes:
- redis_data:/data
keycloak-database:
image: docker.io/postgres:${KEYCLOAK_POSTGRES_VERSION:-16}-alpine
environment:
POSTGRES_DB: ${KEYCLOAK_POSTGRES_DB:-keycloak}
# You should definitely change the password in production
POSTGRES_PASSWORD: ${KEYCLOAK_POSTGRES_PASSWORD:-!ChangeMe!}
POSTGRES_USER: ${KEYCLOAK_POSTGRES_USER:-keycloak}
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U ${KEYCLOAK_POSTGRES_USER:-keycloak}" ]
start_period: 1s
interval: 5s
timeout: 3s
retries: 3
volumes:
- keycloak_db_data:/var/lib/postgresql/data
keycloak:
image: app_keycloak
environment:
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://keycloak-database:5432/${KEYCLOAK_POSTGRES_DB:-keycloak}
KC_DB_USERNAME: ${KEYCLOAK_POSTGRES_USER:-keycloak}
KC_DB_PASSWORD: ${KEYCLOAK_POSTGRES_PASSWORD:-!ChangeMe!}
KC_BOOTSTRAP_ADMIN_USERNAME: ${KC_BOOTSTRAP_ADMIN_USERNAME:-admin}
KC_BOOTSTRAP_ADMIN_PASSWORD: ${KC_BOOTSTRAP_ADMIN_PASSWORD:-!ChangeMe!}
# Must finish with a trailing slash
KC_HTTP_RELATIVE_PATH: /oidc/
KC_HOSTNAME: https://${SERVER_NAME:-localhost}/oidc/
KC_HOSTNAME_ADMIN: https://${SERVER_NAME:-localhost}/oidc/
KC_HEALTH_ENABLED: "true"
KC_METRICS_ENABLED: "true"
healthcheck:
test: ["CMD-SHELL", "bash -c ':> /dev/tcp/localhost/8080'"]
start_period: 15s
interval: 5s
timeout: 3s
retries: 15
depends_on:
keycloak-database:
condition: service_started
ports:
- target: 8080
published: 8080
protocol: tcp
volumes:
caddy_data:
caddy_config:
###> doctrine/doctrine-bundle ###
database_data:
###< doctrine/doctrine-bundle ###
###> symfony/mercure-bundle ###
###< symfony/mercure-bundle ###
redis_data:
keycloak_db_data: