67 lines
2.0 KiB
YAML
67 lines
2.0 KiB
YAML
services:
|
|
|
|
cic-frontend-auth:
|
|
networks:
|
|
- traefik
|
|
image: localhost:5000/cic-auth-proxy:latest
|
|
ports:
|
|
- 8080
|
|
environment:
|
|
GPG_TRUSTED_PUBLICKEY_FINGERPRINT: CCE2E1D2D0E36ADE0405E2D0995BB21816313BD5
|
|
GPG_IMPORT_DIR: /usr/src/cic-auth-proxy/meta/tests/testdata/dev/
|
|
GPG_PUBLICKEY_FILENAME: publickeys.asc
|
|
GPG_SIGNATURE_FILENAME: signature.asc
|
|
PROXY_HOST: cic-meta-server
|
|
PROXY_PORT: 80
|
|
PROXY_PROTO: http
|
|
PROXY_PATH_PREFIX: "/"
|
|
HOMEDIR: .gnupg
|
|
labels:
|
|
- "traefik.enable=true"
|
|
|
|
cic-meta-server:
|
|
networks:
|
|
- traefik
|
|
- default
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.cic-meta-server.rule=Path(`/protected`)"
|
|
- "traefik.http.routers.cic-meta-server.middlewares=cic-auth"
|
|
- "traefik.http.middlewares.cic-auth.forwardauth.address=http://cic-frontend-auth/"
|
|
- "traefik.http.middlewares.cic-auth.forwardauth.authRequestHeaders=Authorization"
|
|
|
|
proxy:
|
|
networks:
|
|
- traefik
|
|
image: traefik:v2.5
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
ports:
|
|
- "80:80"
|
|
- "8080:8080"
|
|
command:
|
|
# Enable Docker in Traefik, so that it reads labels from Docker services
|
|
- --providers.docker
|
|
# Add a constraint to only use services with the label for this stack
|
|
# Do not expose all Docker services, only the ones explicitly exposed
|
|
- --providers.docker.exposedbydefault=false
|
|
- "--providers.docker.network=traefik"
|
|
# Disable Docker Swarm mode for local development
|
|
# - --providers.docker.swarmmode
|
|
# Enable the access log, with HTTP requests
|
|
- --accesslog
|
|
# - log.level=DEBUG
|
|
# Enable the Traefik log, for configurations and errors
|
|
- --log
|
|
- --log.level=DEBUG
|
|
# Enable the Dashboard and API
|
|
- --api
|
|
# Enable the Dashboard and API in insecure mode for local development
|
|
- --api.insecure=true
|
|
labels:
|
|
- traefik.enable=true
|
|
|
|
networks:
|
|
traefik:
|
|
name: "traefik"
|