docker-compose.local.yml 3.41 KiB
version: '3'
services:
api:
container_name: camino_api_app
build:
context: .
dockerfile: Dockerfile.api
depends_on:
- db
environment:
PGHOST: db
ports:
- ${API_PORT}:${API_PORT}
expose:
- ${API_PORT}
volumes:
- ./.env:/.env
db:
container_name: camino_api_db
image: postgis/postgis:16-3.4
environment:
PGUSER: ${PGUSER}
POSTGRES_USER: ${PGUSER}
POSTGRES_PASSWORD: ${PGPASSWORD}
POSTGRES_DB: ${PGDATABASE}
ports:
- ${PGPORT}:${PGPORT}
volumes:
- ./packages/api/backups/:/dump/
ui:
container_name: camino_ui_app
build:
context: .
dockerfile: Dockerfile.ui
args:
GIT_SHA: unused
environment:
UI_PORT: ${UI_PORT}
API_URL: ${API_URL}
API_MATOMO_URL: ${API_MATOMO_URL}
ports:
- ${UI_PORT}:${UI_PORT}
oauth2:
container_name: camino_oauth2
image: quay.io/oauth2-proxy/oauth2-proxy:v7.8.1
environment:
OAUTH2_PROXY_PROVIDER: 'keycloak-oidc'
OAUTH2_PROXY_CLIENT_ID: ${KEYCLOAK_CLIENT_ID}
OAUTH2_PROXY_CLIENT_SECRET: ${KEYCLOAK_CLIENT_SECRET}
OAUTH2_PROXY_COOKIE_SECRET: ${OAUTH2_COOKIE_SECRET}
OAUTH2_PROXY_OIDC_ISSUER_URL: http://host.docker.internal:${KEYCLOAK_PORT}/realms/camino
OAUTH2_PROXY_REDIRECT_URL: http://localhost:${OAUTH_PORT}
OAUTH2_PROXY_HTTP_ADDRESS: 0.0.0.0:${OAUTH_PORT}
OAUTH2_PROXY_UPSTREAMS: http://host.docker.internal:${UI_PORT}
OAUTH2_PROXY_EMAIL_DOMAINS: "*"
OAUTH2_PROXY_SKIP_PROVIDER_BUTTON: true
OAUTH2_PROXY_PASS_ACCESS_TOKEN: true
OAUTH2_PROXY_SKIP_AUTH_ROUTES: "/*"
# nécessaire pour garder le basic auth
OAUTH2_PROXY_PASS_BASIC_AUTH: true
OAUTH2_PROXY_SKIP_AUTH_STRIP_HEADERS: false
# l’access token de keycloak a une durée de vie de 5min
OAUTH2_PROXY_COOKIE_REFRESH: 4m
# l'url de logout de keycloak, utilisé par utilisateur pour se déconnect de oauth2_proxy ET keycloak
OAUTH2_PROXY_WHITELIST_DOMAINS: 127.0.0.1:${KEYCLOAK_PORT},localhost:${KEYCLOAK_PORT},localhost:${OAUTH_PORT}
OAUTH2_PROXY_PASS_AUTHORIZATION_HEADER: true
#Dev env vars
OAUTH2_PROXY_INSECURE_OIDC_ALLOW_UNVERIFIED_EMAIL: true
OAUTH2_PROXY_COOKIE_SECURE: false