Files
oidc2fer/docker-compose.yml
T
Jonathan Perret 3b2e63e2b5 (test) setup end-to-end manual test
This sets up a test OIDC client, that will start an authentication flow
to the RENATER test federation through our SATOSA instance.
2024-04-17 16:10:12 +02:00

64 lines
1.8 KiB
YAML

services:
app-dev:
build:
context: .
target: development
args:
DOCKER_USER: ${DOCKER_USER:-1000}
user: ${DOCKER_USER:-1000}
image: oidc2fer:development
environment:
PYLINTHOME: /app/.pylint.d
BASE_URL: https://satosa.traefik.me
env_file:
- env.d/development/common
- env.d/development/satosa
volumes:
- ./src/satosa:/app
app:
build:
context: .
target: production
args:
DOCKER_USER: ${DOCKER_USER:-1000}
user: ${DOCKER_USER:-1000}
image: oidc2fer:production
env_file:
- env.d/development/common
- env.d/development/satosa
oidc-test-client:
image: ghcr.io/beryju/oidc-test-client
depends_on:
- nginx # nginx must be up to override satosa.traefik.me resolution
- app-dev
volumes:
- ./env.d/development/certs/mkcert-root-ca.pem:/usr/local/share/ca-certificates/mkcert-root-ca.crt
# - run update-ca-certificates to make mkcert certificates valid
# - add startup delay because IDP must be available on boot
entrypoint: /bin/bash -c 'update-ca-certificates && sleep 1; exec /oidc-test-client'
environment:
OIDC_ROOT_URL: https://oidc-test-client.traefik.me
OIDC_PROVIDER: https://satosa.traefik.me
OIDC_CLIENT_ID: oidc-test-client
OIDC_CLIENT_SECRET: oidc-test-secret
OIDC_DO_INTROSPECTION: false
OIDC_DO_REFRESH: false
OIDC_DO_USER_INFO: true
nginx:
image: nginx:1.25
ports:
- "443:443"
- "8081:8081"
volumes:
- ./docker/files/etc/nginx/conf.d:/etc/nginx/conf.d:ro
- ./env.d/development/certs:/etc/nginx/certs:ro
networks:
default:
aliases:
# expose proxy internally as the public names to make internal HTTPS work
- satosa.traefik.me
- oidc-test-client.traefik.me