generated from cyberark/conjur-template
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathdocker-compose.yml
81 lines (76 loc) · 2.43 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
version: '3'
services:
pg:
image: postgres:15
environment:
POSTGRES_HOST_AUTH_METHOD: trust
conjur:
image: cyberark/conjur:edge
command: server -a dev -f /policy/policy.yaml
environment:
CONJUR_DATA_KEY: 'OyXV68Mip14xj33huGaQKewmmS+gKtDlp6ECZ2iATpU='
DATABASE_URL: postgres://postgres@pg/postgres
RAILS_ENV: development
CONJUR_AUTHENTICATORS: authn-ldap/test,authn-oidc/test,authn
LDAP_URI: ldap://ldap-server:389
LDAP_BASE: dc=conjur,dc=net
LDAP_BINDDN: cn=admin,dc=conjur,dc=net
LDAP_BINDPW: ldapsecret
LDAP_FILTER: (uid=%s)
volumes:
- ./test/config:/policy:ro
ports:
- "8000:80"
depends_on:
- pg
- ldap-server
- keycloak
conjur-https:
image: nginx:alpine
volumes:
- ./config/https/nginx.conf:/etc/nginx/nginx.conf:ro
- ./config/https/conjur.conf:/etc/nginx/sites-enabled/conjur.conf:ro
- ./config/https/dhparams.pem:/etc/nginx/dhparams.pem:ro
- ./config/https/conjur.crt:/cert/tls.crt:ro
- ./config/https/conjur.key:/cert/tls.key:ro
- ./config/https/ca.crt:/ca/tls.crt:ro
ports:
- "8443:443"
depends_on:
- conjur
ldap-server:
image: osixia/openldap
command: --copy-service --loglevel debug
hostname: ldap-server
environment:
LDAP_ORGANIZATION: CyberArk
LDAP_DOMAIN: conjur.net
LDAP_ADMIN_PASSWORD: ldapsecret
LDAP_TLS_CA_CRT_FILENAME: "ca-chain.cert.pem"
LDAP_TLS_CRT_FILENAME: "ldap-server.cert.pem"
LDAP_TLS_KEY_FILENAME: "ldap-server.key.pem"
LDAP_TLS_DH_PARAM_FILENAME: 'dhparam.pem'
LDAP_TLS_VERIFY_CLIENT: try
volumes:
- ./test/config/ldap:/container/service/slapd/assets/config/bootstrap/ldif/custom
- ./test/config/ldap/certs:/container/service/slapd/assets/certs:ro
keycloak:
build:
context: .
dockerfile: Dockerfile.keycloak
environment:
- KC_BOOTSTRAP_ADMIN_USERNAME=admin
- KC_BOOTSTRAP_ADMIN_PASSWORD=admin
- DB_VENDOR=H2
- KEYCLOAK_CLIENT_ID=conjurClient
- KEYCLOAK_REDIRECT_URI=http://locallhost.com/
- KEYCLOAK_CLIENT_SECRET=1234
- KEYCLOAK_SCOPE=openid
- KEYCLOAK_LOGLEVEL=ALL
volumes:
- ./test/config/oidc:/scripts
- ./test/config/oidc/keycloak/standalone.xml:/opt/keycloak/standalone/configuration/standalone.xml
networks:
default:
external: true
name: ${DOCKER_NETWORK:-conjur-sdk-java}