-
Notifications
You must be signed in to change notification settings - Fork 4
/
docker-compose.yml
88 lines (83 loc) · 3.18 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# This file provides the base orchestration.
# The `docker compose up` command will read this and automatically overlay the contents of the `docker-compose.override.yml` file.
services:
proxy:
image: nginx:stable-alpine3.17
# If there are multiple deployments of the SSM on the same host then they each need to expose a different PROXY_EXTERNAL_PORT
ports:
- ${PROXY_EXTERNAL_PORT:-8089}:80
expose:
- 80
environment:
scheme: ${SERVICE_PROTOCOL:-http}
server_port: ${SERVICE_PORT:-8089}
kc_proxy_pass: '${EXTERNAL_KEYCLOAK_AUTH_SERVER_URL:-http://keycloak:8080/auth}'
documentation_url: '${DOCUMENTATION_URL:-https://spyderisk.org/documentation/modeller/latest/}'
tomcat_port: ${TOMCAT_PORT:-8081}
realm_name: '${KEYCLOAK_REALM:-ssm-realm}'
# When nginx starts it does a health check on the "upstream" servers and if none of them in a group are present it will fail.
# Hence, nginx must start after the ssm and keycloak.
# See https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-health-check/
restart: on-failure
depends_on:
- ssm
- keycloak
entrypoint: /tmp/import/entrypoint.sh
volumes:
- type: bind
source: ./provisioning/nginx
target: /tmp/import
ssm:
build:
context: ./
dockerfile: Dockerfile
# The "init" config means the container responds to signals and exits cleanly
init: true
environment:
# These env variables override the values in application.properties
# https://docs.spring.io/spring-boot/docs/current/reference/html/spring-boot-features.html#boot-features-external-config
SPRING_DATA_MONGODB_HOST: mongo
KEYCLOAK_CREDENTIALS_SECRET: ${KEYCLOAK_CREDENTIALS_SECRET:-DfkQBcVpjbO6gTMXMBUBfHe45UmFhGxk}
RESET_ON_START: ${RESET_ON_START:-true}
DISPLAY_EULA: ${DISPLAY_EULA:-true}
EULA_HTML: ${EULA_HTML}
volumes:
# Persistent named volume for the jena-tdb storage
- type: volume
source: jena
target: /code/jena-tdb
# Persistent named volume for storage of knowledgebase data (domain model, images and palettes)
- type: volume
source: knowledgebases
target: /opt/spyderisk/knowledgebases
depends_on:
- mongo
- keycloak
mongo:
image: mongo:5.0.16-focal
volumes:
- type: volume
source: mongo-db
target: /data/db
- type: volume
source: mongo-configdb
target: /data/configdb
keycloak:
image: keycloak/keycloak:21.0
# WARNING: THIS CONFIGURATION IS INSECURE AND SHOULD ONLY BE USED IN DEVELOPMENT SYSTEMS
# Override the normal entrypoint of `/opt/keycloak/bin/kc.sh`.
entrypoint: /tmp/import/entrypoint.sh
environment:
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN_USERNAME:-admin}
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-password}
KEYCLOAK_CREDENTIALS_SECRET: ${KEYCLOAK_CREDENTIALS_SECRET:-DfkQBcVpjbO6gTMXMBUBfHe45UmFhGxk}
PROXY_ADDRESS_FORWARDING: '${KEYCLOAK_PROXY_ADDRESS_FORWARDING:-false}'
volumes:
- type: bind
source: ./provisioning/keycloak
target: /tmp/import
volumes:
jena:
knowledgebases:
mongo-db:
mongo-configdb: