-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yaml
150 lines (143 loc) · 4.14 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# SPDX-License-Identifier: AGPL-3.0-only
# SPDX-FileCopyrightText: 2023 Univention GmbH
version: "3.7"
services:
keycloak:
# Test Keycloak instance already configured according to README.md
container_name: keycloak
image: keycloak
build: ./keycloak/test
command: start-dev --http-enabled=true --import-realm
ports:
- 5050:8080
environment:
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=univention
- PROXY_ADDRESS_FORWARDING=true
- KC_PROXY=edge
- KEYCLOAK_LOGLEVEL=ALL
- ROOT_LOGLEVEL=ALL
proxy:
# The proxy in front of Keycloak handling blocks and captcha.
# More at /proxy/README.md
container_name: keycloak-proxy
image: keycloak-proxy:develop
build:
context: ./proxy
dockerfile: ../docker/keycloak-proxy/Dockerfile
restart: unless-stopped
ports:
- 8181:8181
depends_on:
- keycloak
- database
- handler
environment:
KEYCLOAK_URL: http://keycloak:8080
LOG_LEVEL: debug
# Database
POSTGRES_USER: postgres
POSTGRES_HOST: database
POSTGRES_DATABASE_NAME: handler
POSTGRES_PASSWORD: postgres
POSTGRES_PORT: 5432
# Captcha
CAPTCHA_SITE_KEY: 6LcUyZkiAAAAAHo98CowhZFoc-E-3yeo38Hs1HSB
CAPTCHA_SECRET_KEY: 6LcUyZkiAAAAAOM0G7kctpprpOtM6DWKagf8Ew88
handler:
# The container checking for new events and triggering actions for the proxy.
# More at /handler/README.md
container_name: keycloak-handler
image: keycloak-handler:develop
build:
context: ./handler
dockerfile: ../docker/keycloak-handler/Dockerfile
restart: unless-stopped
depends_on:
- keycloak
- database
environment:
# Keycloak
KC_AUTH_URL: http://keycloak:8080/admin
KC_USER: admin
KC_PASS: univention
KC_REALM: master
# Database
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DATABASE_NAME: handler
POSTGRES_HOST: database
POSTGRES_PORT: 5432
# Logging
LOG_LEVEL: DEBUG
# Configuration
FAILED_ATTEMPTS_FOR_IP_BLOCK: 7
FAILED_ATTEMPTS_FOR_DEVICE_BLOCK: 5
FAILED_ATTEMPTS_FOR_CAPTCHA_TRIGGER: 3
EVENTS_RETENTION_PERIOD: 1
AUTO_EXPIRE_RULE_IN_MINS: 1
DEVICE_PROTECTION_ENABLE: "True"
IP_PROTECTION_ENABLE: "True"
CAPTCHA_PROTECTION_ENABLE: "False"
# Email
SMTP_HOST: mail.example.org
SMTP_PORT: 587
MAIL_FROM: univention@example.org
SMTP_USERNAME: user
SMTP_PASSWORD: somepassword
NEW_DEVICE_LOGIN_SUBJECT: "New device login"
database:
# PostgreSQL database shared between proxy and handler containers.
container_name: keycloak-extensions-postgres
image: postgres:15.1-alpine
ports:
- 5432:5432
environment:
POSTGRES_PASSWORD: postgres
POSTGRES_USER: postgres
POSTGRES_DB: handler
keycloak-dev:
# A non configured instance of Keycloak for development.
container_name: keycloak-dev
image: keycloak
profiles: ["development"]
build:
context: ./keycloak
args:
KEYCLOAK_VERSION: 19.0.3
command: start-dev --http-enabled=true --import-realm
ports:
- 8080:8080
- 8787:8787
environment:
- KEYCLOAK_ADMIN=admin
- KEYCLOAK_ADMIN_PASSWORD=univention
- PROXY_ADDRESS_FORWARDING=true
- KC_PROXY=edge
- KEYCLOAK_LOGLEVEL=ALL
- ROOT_LOGLEVEL=ALL
- DEBUG=true
- DEBUG_PORT='*:8787'
- DEBUG_SUSPEND=y # to wait until a debugger is connected
e2e-tests:
# Test suite to run end-to-end tests
container_name: e2e-tests
image: e2e-tests:develop
profiles: ["test"]
init: true # https://playwright.dev/docs/ci#docker
build: ./tests/e2e
depends_on:
- keycloak
- database
- handler
- proxy
command: pytest --base-url http://proxy:8181 --slowmo 500 --video retain-on-failure
# Environment which allows to run the tool "helm-docs". See the directory
# "/helm" for more details.
helm-docs:
profiles:
- test
image: "jnorwood/helm-docs:v1.11.0"
command: "-c helm"
volumes:
- ./helm:/helm-docs/helm