forked from keaaa/radix-example-front-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.yaml
65 lines (60 loc) · 2.5 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
version: "3.5"
networks:
radix-example-front-proxy:
name: radix-example-front-proxy
services:
api:
build:
context: api
image: radix-example-front-proxy-api
container_name: radix-example-front-proxy-api_container
environment:
- AZURE_AD_PUBLIC_KEY_URL=https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0/discovery/v2.0/keys
- API_RESOURCE_ID=${API_RESOURCE_ID}
networks:
- radix-example-front-proxy
ports:
- "8002:8002" # For local debug only; not exposed in prod
frontend:
build:
context: frontend
image: radix-example-front-proxy-frontend
container_name: radix-example-front-proxy-frontend_container
networks:
- radix-example-front-proxy
ports:
- "8001:8001" # For local debug only; not exposed in prod
depends_on:
- "api"
auth-state:
image: redis:5-alpine
container_name: radix-example-front-proxy-state_container
networks:
- radix-example-front-proxy
ports:
- "6379:6379"
auth:
image: quay.io/oauth2-proxy/oauth2-proxy:v7.1.3
container_name: radix-example-front-proxy-auth_container
environment:
- OAUTH2_PROXY_PROVIDER=oidc # https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc
- OAUTH2_PROXY_OIDC_ISSUER_URL=https://login.microsoftonline.com/3aa4a235-b6e2-48d5-9195-7fcf05b459b0/v2.0
- OAUTH2_PROXY_CLIENT_ID=${OAUTH2_PROXY_CLIENT_ID}
- OAUTH2_PROXY_CLIENT_SECRET=${OAUTH2_PROXY_CLIENT_SECRET}
- OAUTH2_PROXY_COOKIE_SECRET=${OAUTH2_PROXY_COOKIE_SECRET}
- OAUTH2_PROXY_SCOPE=openid email offline_access ${API_RESOURCE_ID}/user_impersonation # resource client id
- OAUTH2_PROXY_REDIRECT_URL=http://localhost:8000/oauth2/callback
- OAUTH2_PROXY_HTTP_ADDRESS=http://:8000
- OAUTH2_PROXY_UPSTREAMS=http://frontend:8001
- OAUTH2_PROXY_COOKIE_REFRESH=60m
- OAUTH2_PROXY_REDIS_CONNECTION_URL=redis://auth-state:6379 # Where to store session info (the auth-state component)
- OAUTH2_PROXY_SESSION_STORE_TYPE=redis # We're using Redis for storing session info instead of cookies (cookies would get too big for Edge and Safari)
- OAUTH2_PROXY_COOKIE_SECURE=false # only for development
- OAUTH2_PROXY_EMAIL_DOMAINS=*
- OAUTH2_PROXY_PASS_ACCESS_TOKEN=true
- OAUTH2_PROXY_PASS_USER_HEADERS=false
- OAUTH2_PROXY_SKIP_PROVIDER_BUTTON=true
networks:
- radix-example-front-proxy
ports:
- "8000:8000" # In prod, this is served on port 443