-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.prod.yml
148 lines (140 loc) · 4.53 KB
/
docker-compose.prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
version: '3.8'
services:
mount-volumes:
image: alpine
volumes:
- shiny-data:/app/data
- shiny-config:/app/config
command:
- /bin/sh
- -c
- |
chown -R 1001:1001 /app/config &&
chown -R 1001:1001 /app/data &&
chmod -R 744 /app/config &&
chmod -R 744 /app/data
db:
image: postgres:16.1-alpine3.18
container_name: pheno-ranker-db
volumes:
- postgres-data:/var/lib/postgresql/data/
environment:
- POSTGRES_DB=${DB_NAME}
- POSTGRES_USER=${DB_USER}
- POSTGRES_PASSWORD=${DB_PW}
restart: unless-stopped
healthcheck:
test: pg_isready -U postgres
networks:
- shiny-net
proxy:
container_name: nginx-proxy
image: nginx:1.25.3-alpine
depends_on:
keycloak:
condition: service_healthy
ports:
- 443:443
volumes:
- ./nginx_mountpoint/templates:/etc/nginx/templates:ro
- ./nginx_mountpoint/includes:/etc/nginx/includes:ro
- ./nginx_mountpoint/logs:/var/log/nginx
- ./nginx_mountpoint/certs/${DOMAIN}.cer:/etc/nginx/${DOMAIN}.cer:ro
- ./nginx_mountpoint/certs/${DOMAIN}_privatekey.pem:/etc/nginx/${DOMAIN}_privatekey.pem:ro
- ./nginx_mountpoint/html/chromium_based_browsers_not_yet_supported.html:/usr/share/nginx/chromium_based_browsers_not_yet_supported.html:ro
networks:
- shiny-net
restart: unless-stopped
shinyproxy:
image: openanalytics/shinyproxy:3.1.1
container_name: shinyproxy
environment:
DOCKER_IMG: ${DOCKER_IMG}
DOMAIN: ${DOMAIN}
KC_INTERNAL_URL: keycloak:8080
KC_REALM: ${KC_REALM}
KC_CLIENT_ID: ${KC_CLIENT_ID}
KC_CLIENT_SECRET: ${KC_CLIENT_SECRET}
PR_DB_NAME: ${DB_NAME}
PR_DB_USER: ${DB_USER}
PR_DB_PW: ${DB_PW}
PR_DB_PORT: 5432
ports:
- 3830:8080
volumes:
- /run/user/1001/docker.sock:/var/run/docker.sock:ro
- ./shinyproxy/application.yml:/opt/shinyproxy/application.yml:ro
# - ./shinyproxy/shinyproxy.log:/opt/shinyproxy/shinyproxy.log:rw
group_add:
- ${DOCKER_GROUP} # getent group docker | cut -d: -f3
networks:
- shiny-net
restart: unless-stopped
keycloak-db:
image: postgres:16.1-alpine3.18
container_name: kc-db
environment:
POSTGRES_DB: ${KC_DB}
POSTGRES_USER: ${KC_DB_USER}
POSTGRES_PASSWORD: ${KC_DB_PW}
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "psql -U $KC_DB_USER -d $KC_DB -c 'SELECT 1' || exit 1"]
interval: 10s
timeout: 10s
retries: 3
keycloak:
container_name: keycloak
image: quay.io/keycloak/keycloak:20.0.1
depends_on:
- keycloak-db
environment:
DB_VENDOR: postgres
DB_ADDR: postgres
DB_DATABASE: keycloak
DB_USER: ${KC_DB_USER}
DB_PASSWORD: ${KC_DB_PW}
KEYCLOAK_ADMIN: ${KC_ADMIN_USER}
KEYCLOAK_ADMIN_PASSWORD: ${KC_ADMIN_PW}
KC_PROXY: edge
KC_HOSTNAME_STRICT: false
KC_HOSTNAME_PATH: /auth
KC_HOSTNAME_URL: https://${DOMAIN}/auth/
# KC_HOSTNAME_URL: https://${DOMAIN}:8444/auth/
KC_HOSTNAME_ADMIN_URL: https://${DOMAIN}/auth/
# KC_HOSTNAME_ADMIN_URL: https://${DOMAIN}:8444/auth/
KC_HTTPS_CERTIFICATE_FILE: /opt/keycloak/conf/server.crt.pem
KC_HTTPS_CERTIFICATE_KEY_FILE: /opt/keycloak/conf/server.key.pem
KC_HEALTH_ENABLED: true
volumes:
- ./realm-export.json:/opt/keycloak/data/import/realm-export.json
- ./nginx_mountpoint/certs/${DOMAIN}.cer:/opt/keycloak/conf/server.crt.pem:ro
- ./nginx_mountpoint/certs/${DOMAIN}_privatekey.pem:/opt/keycloak/conf/server.key.pem:ro
- ./custom_keycloak_theme/dist_keycloak/target/retrocompat-keycloakify-starter-keycloak-theme-6.1.5.jar:/opt/keycloak/providers/retrocompat-keycloakify-starter-keycloak-theme-6.1.5.jar:rw
- ./custom_keycloak_theme/dist_keycloak/src/main/resources/theme/account-v1:/opt/keycloak/themes/account-v1:rw
- ./custom_keycloak_theme/dist_keycloak/src/main/resources/theme/keycloakify-starter_retrocompat:/opt/keycloak/themes/keycloakify-starter_retrocompat:rw
restart: unless-stopped
command: ${KC_CMD}
healthcheck:
test: curl localhost:8080/health | grep -q "UP"
interval: 10s
timeout: 10s
retries: 5
networks:
- shiny-net
volumes:
postgres-data:
shiny-data:
driver: local
driver_opts:
type: none
device: ${PWD}/data
o: bind
shiny-config:
driver: local
driver_opts:
type: none
device: ${PWD}/config
o: bind
networks:
shiny-net: