skynet-webportal/docker-compose.yml

version: "3.7"

x-logging: &default-logging
  driver: json-file
  options:
    max-size: "10m"
    max-file: "3"

networks:
  shared:
    ipam:
      driver: default
      config:
        - subnet: 10.10.10.0/24

volumes:
  webapp:

services:
  sia:
    build:
      context: ./docker/sia
      dockerfile: Dockerfile
      args:
        branch: v1.5.4
    container_name: sia
    restart: unless-stopped
    logging: *default-logging
    environment:
      - SIA_MODULES=gctwr
    env_file:
      - .env
    volumes:
      - ./docker/data/sia:/sia-data
    networks:
      shared:
        ipv4_address: 10.10.10.10
    expose:
      - 9980

  caddy:
    build:
      context: ./docker/caddy
      dockerfile: Dockerfile
    container_name: caddy
    restart: unless-stopped
    logging: *default-logging
    env_file:
      - .env
    volumes:
      - ./docker/data/caddy/data:/data
      - ./docker/data/caddy/config:/config
      - ./docker/caddy/Caddyfile:/etc/caddy/Caddyfile
    networks:
      shared:
        ipv4_address: 10.10.10.20
    ports:
      - "80:80"
      - "443:443"
    depends_on:
      - nginx

  nginx:
    build:
      context: ./docker/nginx
      dockerfile: Dockerfile
    container_name: nginx
    restart: unless-stopped
    logging: *default-logging
    env_file:
      - .env
    volumes:
      - ./docker/nginx/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf:ro
      - ./docker/nginx/conf.d:/etc/nginx/conf.d:ro
      - ./docker/data/nginx/cache:/data/nginx/cache
      - ./docker/data/nginx/logs:/usr/local/openresty/nginx/logs
      - ./docker/data/nginx/skynet:/data/nginx/skynet:ro
      - ./docker/data/sia/apipassword:/data/sia/apipassword:ro
      - webapp:/var/www/webportal:ro
    networks:
      shared:
        ipv4_address: 10.10.10.30
    expose:
      - 80
    depends_on:
      - sia
      - health-check
      - handshake-api

  webapp:
    build:
      context: ./packages/webapp
      dockerfile: Dockerfile
    container_name: webapp
    restart: unless-stopped
    logging: *default-logging
    tty: true
    volumes:
      - webapp:/usr/app/public

  handshake:
    build:
      context: ./docker/handshake
      dockerfile: Dockerfile
    container_name: handshake
    restart: unless-stopped
    logging: *default-logging
    environment:
      - HSD_LOG_CONSOLE=false
      - HSD_HTTP_HOST=0.0.0.0
      - HSD_NETWORK=main
      - HSD_PORT=12037
    env_file:
      - .env
    volumes:
      - ./docker/data/handshake/.hsd:/root/.hsd
    networks:
      shared:
        ipv4_address: 10.10.10.40
    expose:
      - 12037

  handshake-api:
    build:
      context: ./packages/handshake-api
      dockerfile: Dockerfile
    container_name: handshake-api
    restart: unless-stopped
    logging: *default-logging
    environment:
      - HOSTNAME=0.0.0.0
      - HSD_HOST=handshake
      - HSD_NETWORK=main
      - HSD_PORT=12037
    env_file:
      - .env
    networks:
      shared:
        ipv4_address: 10.10.10.50
    expose:
      - 3100
    depends_on:
      - handshake

  health-check:
    build:
      context: ./packages/health-check
      dockerfile: Dockerfile
    container_name: health-check
    restart: unless-stopped
    logging: *default-logging
    volumes:
      - ./docker/data/health-check/state:/usr/app/state
    networks:
      shared:
        ipv4_address: 10.10.10.60
    environment:
      - HOSTNAME=0.0.0.0
      - PORTAL_URL=nginx
    expose:
      - 3100
    depends_on:
      - handshake
      - handshake-api

  accounts:
    build:
      context: ./docker/accounts
      dockerfile: Dockerfile
    container_name: accounts
    restart: unless-stopped
    logging: *default-logging
    env_file:
      - .env
    environment:
      - SKYNET_DB_HOST=mongo
      - SKYNET_DB_PORT=27017
      - SKYNET_DB_USER=${SKYNET_DB_USER}
      - SKYNET_DB_PASS=${SKYNET_DB_PASS}
      - COOKIE_DOMAIN=${COOKIE_DOMAIN}
      - COOKIE_HASH_KEY=${COOKIE_HASH_KEY}
      - COOKIE_ENC_KEY=${COOKIE_ENC_KEY}
    expose:
      - 3000
    networks:
      shared:
        ipv4_address: 10.10.10.70
    depends_on:
      - mongo
      - oathkeeper

  mongo:
    image: mongo:4.4.1
    command: --keyFile=/data/mgkey --replSet=skynet
    container_name: mongo
    restart: unless-stopped
    logging: *default-logging
    volumes:
      - ./docker/data/mongo/db:/data/db
      - ./docker/data/mongo/mgkey:/data/mgkey:rw
    networks:
      shared:
        ipv4_address: 10.10.10.71
    ports:
      - "27017:27017"

  kratos-migrate:
    image: oryd/kratos:v0.5.4-alpha.1
    container_name: kratos-migrate
    restart: on-failure
    logging: *default-logging
    environment:
      - DSN=cockroach://root@cockroach:26257/defaultdb?max_conns=20&max_idle_conns=4&sslmode=verify-full&sslcert=/certs/node.crt&sslkey=/certs/node.key&sslrootcert=/certs/ca.crt
      - SQA_OPT_OUT=true
    volumes:
      - ./docker/kratos/config:/etc/config/kratos
      - ./docker/data/cockroach/sqlite:/var/lib/sqlite
      - ./docker/kratos/cr_certs:/certs
    command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
    networks:
      shared:
        ipv4_address: 10.10.10.80

  kratos:
    image: oryd/kratos:v0.5.4-alpha.1
    container_name: kratos
    restart: unless-stopped
    logging: *default-logging
    ports:
      - "4433:4433" # public
      - "4434:4434" # admin
    expose:
      - 4433 # public
      - 4434 # admin
    environment:
      - DSN=cockroach://root@cockroach:26257/defaultdb?max_conns=20&max_idle_conns=4&sslmode=verify-full&sslcert=/certs/node.crt&sslkey=/certs/node.key&sslrootcert=/certs/ca.crt
      - LOG_LEVEL=trace
      - SERVE_PUBLIC_BASE_URL=/.ory/kratos/public/
      - SQA_OPT_OUT=true
    command: serve -c /etc/config/kratos/kratos.yml
    volumes:
      - ./docker/kratos/config:/etc/config/kratos
      - ./docker/data/cockroach/sqlite:/var/lib/sqlite
      - ./docker/kratos/cr_certs:/certs
    networks:
      shared:
        ipv4_address: 10.10.10.81
    depends_on:
      - kratos-migrate

  kratos-selfservice-ui-node:
    image: oryd/kratos-selfservice-ui-node:v0.5.0-alpha.1
    container_name: kratos-selfservice-ui-node
    restart: on-failure
    logging: *default-logging
    volumes:
      - ./docker/kratos-selfservice-ui-node/main.hbs:/usr/src/app/views/layouts/main.hbs:ro
      - ./docker/kratos-selfservice-ui-node/login.hbs:/usr/src/app/views/login.hbs:ro
      - ./docker/kratos-selfservice-ui-node/dashboard.hbs:/usr/src/app/views/dashboard.hbs:ro
      - ./docker/kratos-selfservice-ui-node/registration.hbs:/usr/src/app/views/registration.hbs:ro
      - ./docker/kratos-selfservice-ui-node/icon_logo.hbs:/usr/src/app/views/partials/icon_logo.hbs:ro
      - ./docker/kratos-selfservice-ui-node/branding.css:/usr/src/app/public/branding.css:ro
      - ./docker/kratos-selfservice-ui-node/favico.png:/usr/src/app/public/favico.png:ro
    environment:
      - PORT=4435
      - SECURITY_MODE=jwks
      - PROJECT_NAME=Skynet
      - BASE_URL=/
      - KRATOS_BROWSER_URL=/.ory/kratos/public
      - JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json
      - KRATOS_PUBLIC_URL=http://kratos:4433/
      - KRATOS_ADMIN_URL=http://kratos:4434/
      - SQA_OPT_OUT=true
    networks:
      shared:
        ipv4_address: 10.10.10.82

  oathkeeper:
    image: oryd/oathkeeper:v0.38
    container_name: oathkeeper
    depends_on:
      - kratos
    expose:
      - 4455
      - 4456
    command: serve proxy -c "/etc/config/oathkeeper/oathkeeper.yml"
    environment:
      - LOG_LEVEL=debug
    volumes:
      - ./docker/kratos/oathkeeper:/etc/config/oathkeeper
    restart: on-failure
    networks:
      shared:
        ipv4_address: 10.10.10.83

  cockroach:
    image: cockroachdb/cockroach:v20.2.3
    container_name: cockroach
    env_file:
      - .env
    command: start --advertise-addr=${CR_IP} --join=${CR_CLUSTER_NODES} --certs-dir=/certs --listen-addr=0.0.0.0:26257 --http-addr=0.0.0.0:8080
    volumes:
      - ./docker/data/cockroach/sqlite:/cockroach/cockroach-data
      - ./docker/cockroach/certs:/certs
    ports:
      - "4080:8080"
      - "26257:26257"
    networks:
      shared:
        ipv4_address: 10.10.10.84
Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`version: "3.7"`

update to v1.5.1 2020-11-03 14:43:55 +00:00			`x-logging: &default-logging`
limit docker stdout/stderr log files to 10m and rotate 3 2020-09-30 11:18:39 +00:00			`driver: json-file`
			`options:`
			`max-size: "10m"`
			`max-file: "3"`

Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`networks:`
			`shared:`
assign static ips to containers (#383) 2020-09-08 14:30:54 +00:00			`ipam:`
			`driver: default`
			`config:`
Switch from local network 192.168.0.x to 10.10.10.x. 2020-10-13 11:47:31 +00:00			`- subnet: 10.10.10.0/24`
Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00
migrate to yarn workspaces 2020-07-30 12:23:49 +00:00			`volumes:`
			`webapp:`

Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`services:`
docker setup docker progress docker works env variables 2020-07-08 12:09:54 +00:00			`sia:`
improve sia docker builder image 2020-07-30 10:23:24 +00:00			`build:`
			`context: ./docker/sia`
			`dockerfile: Dockerfile`
			`args:`
upgrade sia to 1.5.4 (#582) * upgrade sia to 1.5.4 * bump builder image 2021-01-13 11:42:49 +00:00			`branch: v1.5.4`
docker setup docker progress docker works env variables 2020-07-08 12:09:54 +00:00			`container_name: sia`
clean up after docker changes 2020-07-30 10:00:58 +00:00			`restart: unless-stopped`
limit docker stdout/stderr log files to 10m and rotate 3 2020-09-30 11:18:39 +00:00			`logging: *default-logging`
docker setup docker progress docker works env variables 2020-07-08 12:09:54 +00:00			`environment:`
			`- SIA_MODULES=gctwr`
			`env_file:`
			`- .env`
			`volumes:`
correct path 2020-07-30 21:21:00 +00:00			`- ./docker/data/sia:/sia-data`
Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`networks:`
assign static ips to containers (#383) 2020-09-08 14:30:54 +00:00			`shared:`
Switch from local network 192.168.0.x to 10.10.10.x. 2020-10-13 11:47:31 +00:00			`ipv4_address: 10.10.10.10`
docker setup docker progress docker works env variables 2020-07-08 12:09:54 +00:00			`expose:`
			`- 9980`

Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`caddy:`
			`build:`
purge caddy more or less 2020-07-27 13:40:26 +00:00			`context: ./docker/caddy`
			`dockerfile: Dockerfile`
Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`container_name: caddy`
clean up after docker changes 2020-07-30 10:00:58 +00:00			`restart: unless-stopped`
limit docker stdout/stderr log files to 10m and rotate 3 2020-09-30 11:18:39 +00:00			`logging: *default-logging`
Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`env_file:`
			`- .env`
			`volumes:`
			`- ./docker/data/caddy/data:/data`
			`- ./docker/data/caddy/config:/config`
			`- ./docker/caddy/Caddyfile:/etc/caddy/Caddyfile`
			`networks:`
assign static ips to containers (#383) 2020-09-08 14:30:54 +00:00			`shared:`
Switch from local network 192.168.0.x to 10.10.10.x. 2020-10-13 11:47:31 +00:00			`ipv4_address: 10.10.10.20`
Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`ports:`
			`- "80:80"`
			`- "443:443"`
			`depends_on:`
			`- nginx`

			`nginx:`
upgrade openresty distro and install luasocket 2020-12-17 15:16:28 +00:00			`build:`
			`context: ./docker/nginx`
			`dockerfile: Dockerfile`
Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`container_name: nginx`
clean up after docker changes 2020-07-30 10:00:58 +00:00			`restart: unless-stopped`
limit docker stdout/stderr log files to 10m and rotate 3 2020-09-30 11:18:39 +00:00			`logging: *default-logging`
purge caddy more or less 2020-07-27 13:40:26 +00:00			`env_file:`
			`- .env`
Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`volumes:`
set user root for nginx 2020-07-30 12:57:34 +00:00			`- ./docker/nginx/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf:ro`
Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`- ./docker/nginx/conf.d:/etc/nginx/conf.d:ro`
			`- ./docker/data/nginx/cache:/data/nginx/cache`
			`- ./docker/data/nginx/logs:/usr/local/openresty/nginx/logs`
allow to include previous skynet stats (#562) * allow to include previous skynet stats * explain chunked response 2020-12-10 13:43:59 +00:00			`- ./docker/data/nginx/skynet:/data/nginx/skynet:ro`
docker setup docker progress docker works env variables 2020-07-08 12:09:54 +00:00			`- ./docker/data/sia/apipassword:/data/sia/apipassword:ro`
migrate to yarn workspaces 2020-07-30 12:23:49 +00:00			`- webapp:/var/www/webportal:ro`
Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`networks:`
assign static ips to containers (#383) 2020-09-08 14:30:54 +00:00			`shared:`
Switch from local network 192.168.0.x to 10.10.10.x. 2020-10-13 11:47:31 +00:00			`ipv4_address: 10.10.10.30`
Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`expose:`
			`- 80`
			`depends_on:`
docker setup docker progress docker works env variables 2020-07-08 12:09:54 +00:00			`- sia`
nginx depends on health-check to be up first 2020-08-26 13:59:47 +00:00			`- health-check`
docker setup docker progress docker works env variables 2020-07-08 12:09:54 +00:00			`- handshake-api`
Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00
migrate to yarn workspaces 2020-07-30 12:23:49 +00:00			`webapp:`
			`build:`
			`context: ./packages/webapp`
			`dockerfile: Dockerfile`
			`container_name: webapp`
			`restart: unless-stopped`
limit docker stdout/stderr log files to 10m and rotate 3 2020-09-30 11:18:39 +00:00			`logging: *default-logging`
migrate to yarn workspaces 2020-07-30 12:23:49 +00:00			`tty: true`
			`volumes:`
			`- webapp:/usr/app/public`

Handshake integration (#302) 2020-07-27 09:30:55 +00:00			`handshake:`
			`build:`
			`context: ./docker/handshake`
			`dockerfile: Dockerfile`
			`container_name: handshake`
clean up after docker changes 2020-07-30 10:00:58 +00:00			`restart: unless-stopped`
limit docker stdout/stderr log files to 10m and rotate 3 2020-09-30 11:18:39 +00:00			`logging: *default-logging`
Handshake integration (#302) 2020-07-27 09:30:55 +00:00			`environment:`
clean up after docker changes 2020-07-30 10:00:58 +00:00			`- HSD_LOG_CONSOLE=false`
Handshake integration (#302) 2020-07-27 09:30:55 +00:00			`- HSD_HTTP_HOST=0.0.0.0`
			`- HSD_NETWORK=main`
			`- HSD_PORT=12037`
			`env_file:`
			`- .env`
			`volumes:`
			`- ./docker/data/handshake/.hsd:/root/.hsd`
			`networks:`
assign static ips to containers (#383) 2020-09-08 14:30:54 +00:00			`shared:`
Switch from local network 192.168.0.x to 10.10.10.x. 2020-10-13 11:47:31 +00:00			`ipv4_address: 10.10.10.40`
Handshake integration (#302) 2020-07-27 09:30:55 +00:00			`expose:`
			`- 12037`

			`handshake-api:`
			`build:`
migrate to yarn workspaces 2020-07-30 12:23:49 +00:00			`context: ./packages/handshake-api`
move the docker context 2020-07-30 10:56:18 +00:00			`dockerfile: Dockerfile`
Handshake integration (#302) 2020-07-27 09:30:55 +00:00			`container_name: handshake-api`
clean up after docker changes 2020-07-30 10:00:58 +00:00			`restart: unless-stopped`
limit docker stdout/stderr log files to 10m and rotate 3 2020-09-30 11:18:39 +00:00			`logging: *default-logging`
Handshake integration (#302) 2020-07-27 09:30:55 +00:00			`environment:`
fix up docker-compose 2020-08-01 15:04:23 +00:00			`- HOSTNAME=0.0.0.0`
Handshake integration (#302) 2020-07-27 09:30:55 +00:00			`- HSD_HOST=handshake`
			`- HSD_NETWORK=main`
			`- HSD_PORT=12037`
			`env_file:`
			`- .env`
clean up after docker changes 2020-07-30 10:00:58 +00:00			`networks:`
assign static ips to containers (#383) 2020-09-08 14:30:54 +00:00			`shared:`
Switch from local network 192.168.0.x to 10.10.10.x. 2020-10-13 11:47:31 +00:00			`ipv4_address: 10.10.10.50`
Handshake integration (#302) 2020-07-27 09:30:55 +00:00			`expose:`
			`- 3100`
			`depends_on:`
			`- handshake`

Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`health-check:`
			`build:`
migrate to yarn workspaces 2020-07-30 12:23:49 +00:00			`context: ./packages/health-check`
move the docker context 2020-07-30 10:56:18 +00:00			`dockerfile: Dockerfile`
Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`container_name: health-check`
clean up after docker changes 2020-07-30 10:00:58 +00:00			`restart: unless-stopped`
limit docker stdout/stderr log files to 10m and rotate 3 2020-09-30 11:18:39 +00:00			`logging: *default-logging`
Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`volumes:`
			`- ./docker/data/health-check/state:/usr/app/state`
			`networks:`
assign static ips to containers (#383) 2020-09-08 14:30:54 +00:00			`shared:`
Switch from local network 192.168.0.x to 10.10.10.x. 2020-10-13 11:47:31 +00:00			`ipv4_address: 10.10.10.60`
Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`environment:`
fix up docker-compose 2020-08-01 15:04:23 +00:00			`- HOSTNAME=0.0.0.0`
purge caddy more or less 2020-07-27 13:40:26 +00:00			`- PORTAL_URL=nginx`
Improve server infrastructure setup and scripts (#231) 2020-06-22 09:54:01 +00:00			`expose:`
			`- 3100`
			`depends_on:`
Make health-check depenent on handshake, handshake-api, and caddy, so it doesn't start before them and report healthy status. 2020-08-05 08:27:25 +00:00			`- handshake`
			`- handshake-api`
Add a MongoDB service. 2020-10-30 18:00:58 +00:00
Add accounts to docker-compose.yml. 2020-12-10 17:52:50 +00:00			`accounts:`
			`build:`
Fix the account service's context. 2020-12-11 09:42:41 +00:00			`context: ./docker/accounts`
Fix the account service's context. 2020-12-11 14:06:57 +00:00			`dockerfile: Dockerfile`
Add accounts to docker-compose.yml. 2020-12-10 17:52:50 +00:00			`container_name: accounts`
			`restart: unless-stopped`
			`logging: *default-logging`
Use the .env file. Actually expose ports. 2021-01-12 15:56:11 +00:00			`env_file:`
			`- .env`
Add accounts to docker-compose.yml. 2020-12-10 17:52:50 +00:00			`environment:`
Fix the account service's context. 2020-12-11 09:42:41 +00:00			`- SKYNET_DB_HOST=mongo`
			`- SKYNET_DB_PORT=27017`
Add accounts to docker-compose.yml. 2020-12-10 17:52:50 +00:00			`- SKYNET_DB_USER=${SKYNET_DB_USER}`
			`- SKYNET_DB_PASS=${SKYNET_DB_PASS}`
Changes from siasky.xyz 2021-01-08 11:04:15 +00:00			`- COOKIE_DOMAIN=${COOKIE_DOMAIN}`
			`- COOKIE_HASH_KEY=${COOKIE_HASH_KEY}`
			`- COOKIE_ENC_KEY=${COOKIE_ENC_KEY}`
Add accounts to docker-compose.yml. 2020-12-10 17:52:50 +00:00			`expose:`
			`- 3000`
			`networks:`
			`shared:`
Fix IP. 2020-12-10 17:54:18 +00:00			`ipv4_address: 10.10.10.70`
Add accounts to docker-compose.yml. 2020-12-10 17:52:50 +00:00			`depends_on:`
			`- mongo`
			`- oathkeeper`

Add a MongoDB service. 2020-10-30 18:00:58 +00:00			`mongo:`
			`image: mongo:4.4.1`
			`command: --keyFile=/data/mgkey --replSet=skynet`
			`container_name: mongo`
			`restart: unless-stopped`
			`logging: *default-logging`
			`volumes:`
			`- ./docker/data/mongo/db:/data/db`
			`- ./docker/data/mongo/mgkey:/data/mgkey:rw`
			`networks:`
			`shared:`
Add accounts to docker-compose.yml. 2020-12-10 17:52:50 +00:00			`ipv4_address: 10.10.10.71`
Add a MongoDB service. 2020-10-30 18:00:58 +00:00			`ports:`
			`- "27017:27017"`
kratos 2020-12-04 16:09:47 +00:00
			`kratos-migrate:`
			`image: oryd/kratos:v0.5.4-alpha.1`
			`container_name: kratos-migrate`
Switch to Cockroach DB for Kratos. Use login.siasky.net as login server. 2020-12-08 15:15:31 +00:00			`restart: on-failure`
kratos 2020-12-04 16:09:47 +00:00			`logging: *default-logging`
			`environment:`
Switch to fully secured cockroachdb. 2021-01-08 16:40:25 +00:00			`- DSN=cockroach://root@cockroach:26257/defaultdb?max_conns=20&max_idle_conns=4&sslmode=verify-full&sslcert=/certs/node.crt&sslkey=/certs/node.key&sslrootcert=/certs/ca.crt`
Opt out of telemetry. 2020-12-09 14:58:31 +00:00			`- SQA_OPT_OUT=true`
kratos 2020-12-04 16:09:47 +00:00			`volumes:`
			`- ./docker/kratos/config:/etc/config/kratos`
rename cockroachr to cockroach 2020-12-14 16:08:12 +00:00			`- ./docker/data/cockroach/sqlite:/var/lib/sqlite`
Switch to fully secured cockroachdb. 2021-01-08 16:40:25 +00:00			`- ./docker/kratos/cr_certs:/certs`
kratos 2020-12-04 16:09:47 +00:00			`command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes`
			`networks:`
			`shared:`
			`ipv4_address: 10.10.10.80`

			`kratos:`
			`image: oryd/kratos:v0.5.4-alpha.1`
			`container_name: kratos`
			`restart: unless-stopped`
			`logging: *default-logging`
Move the values from the override to the main file, so we can use the override to disable the login server. 2020-12-08 15:31:34 +00:00			`ports:`
			`- "4433:4433" # public`
			`- "4434:4434" # admin`
kratos 2020-12-04 16:09:47 +00:00			`expose:`
			`- 4433 # public`
			`- 4434 # admin`
			`environment:`
Switch to fully secured cockroachdb. 2021-01-08 16:40:25 +00:00			`- DSN=cockroach://root@cockroach:26257/defaultdb?max_conns=20&max_idle_conns=4&sslmode=verify-full&sslcert=/certs/node.crt&sslkey=/certs/node.key&sslrootcert=/certs/ca.crt`
kratos 2020-12-04 16:09:47 +00:00			`- LOG_LEVEL=trace`
use secure subdomain 2020-12-16 12:08:51 +00:00			`- SERVE_PUBLIC_BASE_URL=/.ory/kratos/public/`
Opt out of telemetry. 2020-12-09 14:58:31 +00:00			`- SQA_OPT_OUT=true`
kratos 2020-12-04 16:09:47 +00:00			`command: serve -c /etc/config/kratos/kratos.yml`
			`volumes:`
			`- ./docker/kratos/config:/etc/config/kratos`
rename cockroachr to cockroach 2020-12-14 16:08:12 +00:00			`- ./docker/data/cockroach/sqlite:/var/lib/sqlite`
Switch to fully secured cockroachdb. 2021-01-08 16:40:25 +00:00			`- ./docker/kratos/cr_certs:/certs`
kratos 2020-12-04 16:09:47 +00:00			`networks:`
			`shared:`
			`ipv4_address: 10.10.10.81`
			`depends_on:`
			`- kratos-migrate`

			`kratos-selfservice-ui-node:`
			`image: oryd/kratos-selfservice-ui-node:v0.5.0-alpha.1`
			`container_name: kratos-selfservice-ui-node`
Move the values from the override to the main file, so we can use the override to disable the login server. 2020-12-08 15:31:34 +00:00			`restart: on-failure`
kratos 2020-12-04 16:09:47 +00:00			`logging: *default-logging`
selfservice branding 2020-12-14 11:49:35 +00:00			`volumes:`
			`- ./docker/kratos-selfservice-ui-node/main.hbs:/usr/src/app/views/layouts/main.hbs:ro`
fix paths 2020-12-14 14:59:30 +00:00			`- ./docker/kratos-selfservice-ui-node/login.hbs:/usr/src/app/views/login.hbs:ro`
clear dashboard 2020-12-17 11:59:31 +00:00			`- ./docker/kratos-selfservice-ui-node/dashboard.hbs:/usr/src/app/views/dashboard.hbs:ro`
fix paths 2020-12-14 14:59:30 +00:00			`- ./docker/kratos-selfservice-ui-node/registration.hbs:/usr/src/app/views/registration.hbs:ro`
more overrides 2020-12-14 14:53:39 +00:00			`- ./docker/kratos-selfservice-ui-node/icon_logo.hbs:/usr/src/app/views/partials/icon_logo.hbs:ro`
selfservice branding 2020-12-14 11:49:35 +00:00			`- ./docker/kratos-selfservice-ui-node/branding.css:/usr/src/app/public/branding.css:ro`
more overrides 2020-12-14 14:53:39 +00:00			`- ./docker/kratos-selfservice-ui-node/favico.png:/usr/src/app/public/favico.png:ro`
kratos 2020-12-04 16:09:47 +00:00			`environment:`
Add Oathkeeper (broken SSL on login) 2020-12-09 12:50:17 +00:00			`- PORT=4435`
			`- SECURITY_MODE=jwks`
set project name 2020-12-14 16:10:27 +00:00			`- PROJECT_NAME=Skynet`
use secure subdomain 2020-12-16 12:08:51 +00:00			`- BASE_URL=/`
			`- KRATOS_BROWSER_URL=/.ory/kratos/public`
Add Oathkeeper (broken SSL on login) 2020-12-09 12:50:17 +00:00			`- JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json`
kratos 2020-12-04 16:09:47 +00:00			`- KRATOS_PUBLIC_URL=http://kratos:4433/`
			`- KRATOS_ADMIN_URL=http://kratos:4434/`
Opt out of telemetry. 2020-12-09 14:58:31 +00:00			`- SQA_OPT_OUT=true`
kratos 2020-12-04 16:09:47 +00:00			`networks:`
			`shared:`
			`ipv4_address: 10.10.10.82`

Add Oathkeeper (broken SSL on login) 2020-12-09 12:50:17 +00:00			`oathkeeper:`
			`image: oryd/oathkeeper:v0.38`
add oathkeeper container name 2020-12-15 16:24:41 +00:00			`container_name: oathkeeper`
Add Oathkeeper (broken SSL on login) 2020-12-09 12:50:17 +00:00			`depends_on:`
			`- kratos`
			`expose:`
			`- 4455`
			`- 4456`
add oathkeeper container name 2020-12-15 16:24:41 +00:00			`command: serve proxy -c "/etc/config/oathkeeper/oathkeeper.yml"`
Add Oathkeeper (broken SSL on login) 2020-12-09 12:50:17 +00:00			`environment:`
			`- LOG_LEVEL=debug`
			`volumes:`
			`- ./docker/kratos/oathkeeper:/etc/config/oathkeeper`
			`restart: on-failure`
			`networks:`
			`shared:`
			`ipv4_address: 10.10.10.83`

rename cockroachr to cockroach 2020-12-14 16:08:12 +00:00			`cockroach:`
Cockroach backups. Still defunct. Restore to come (or be manual). 2021-01-19 16:58:08 +00:00			`image: cockroachdb/cockroach:v20.2.3`
rename cockroachr to cockroach 2020-12-14 16:08:12 +00:00			`container_name: cockroach`
Use the .env file. Actually expose ports. 2021-01-12 15:56:11 +00:00			`env_file:`
			`- .env`
Switch to fully secured cockroachdb. 2021-01-08 16:40:25 +00:00			`command: start --advertise-addr=${CR_IP} --join=${CR_CLUSTER_NODES} --certs-dir=/certs --listen-addr=0.0.0.0:26257 --http-addr=0.0.0.0:8080`
Enable cockroach persistence. 2020-12-08 15:50:27 +00:00			`volumes:`
rename cockroachr to cockroach 2020-12-14 16:08:12 +00:00			`- ./docker/data/cockroach/sqlite:/cockroach/cockroach-data`
Switch to fully secured cockroachdb. 2021-01-08 16:40:25 +00:00			`- ./docker/cockroach/certs:/certs`
Use the .env file. Actually expose ports. 2021-01-12 15:56:11 +00:00			`ports:`
Clean up. 2021-01-20 13:58:44 +00:00			`- "4080:8080"`
Use the .env file. Actually expose ports. 2021-01-12 15:56:11 +00:00			`- "26257:26257"`
kratos 2020-12-04 16:09:47 +00:00			`networks:`
			`shared:`
Add accounts to docker-compose.yml. 2020-12-10 17:52:50 +00:00			`ipv4_address: 10.10.10.84`