version: "3.7" x-logging: &default-logging driver: json-file options: max-size: "10m" max-file: "3" networks: shared: ipam: driver: default config: - subnet: 10.10.10.0/24 volumes: webapp: kratos-sqlite: services: sia: build: context: ./docker/sia dockerfile: Dockerfile args: branch: v1.5.3 container_name: sia restart: unless-stopped logging: *default-logging environment: - SIA_MODULES=gctwr env_file: - .env volumes: - ./docker/data/sia:/sia-data networks: shared: ipv4_address: 10.10.10.10 expose: - 9980 caddy: build: context: ./docker/caddy dockerfile: Dockerfile container_name: caddy restart: unless-stopped logging: *default-logging env_file: - .env volumes: - ./docker/data/caddy/data:/data - ./docker/data/caddy/config:/config - ./docker/caddy/Caddyfile:/etc/caddy/Caddyfile networks: shared: ipv4_address: 10.10.10.20 ports: - "80:80" - "443:443" depends_on: - nginx nginx: image: openresty/openresty:1.15.8.3-2-xenial container_name: nginx restart: unless-stopped logging: *default-logging env_file: - .env volumes: - ./docker/nginx/nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf:ro - ./docker/nginx/conf.d:/etc/nginx/conf.d:ro - ./docker/data/nginx/cache:/data/nginx/cache - ./docker/data/nginx/logs:/usr/local/openresty/nginx/logs - ./docker/data/sia/apipassword:/data/sia/apipassword:ro - webapp:/var/www/webportal:ro networks: shared: ipv4_address: 10.10.10.30 expose: - 80 depends_on: - sia - health-check - handshake-api webapp: build: context: ./packages/webapp dockerfile: Dockerfile container_name: webapp restart: unless-stopped logging: *default-logging tty: true volumes: - webapp:/usr/app/public handshake: build: context: ./docker/handshake dockerfile: Dockerfile container_name: handshake restart: unless-stopped logging: *default-logging environment: - HSD_LOG_CONSOLE=false - HSD_HTTP_HOST=0.0.0.0 - HSD_NETWORK=main - HSD_PORT=12037 env_file: - .env volumes: - ./docker/data/handshake/.hsd:/root/.hsd networks: shared: ipv4_address: 10.10.10.40 expose: - 12037 handshake-api: build: context: ./packages/handshake-api dockerfile: Dockerfile container_name: handshake-api restart: unless-stopped logging: *default-logging environment: - HOSTNAME=0.0.0.0 - HSD_HOST=handshake - HSD_NETWORK=main - HSD_PORT=12037 env_file: - .env networks: shared: ipv4_address: 10.10.10.50 expose: - 3100 depends_on: - handshake health-check: build: context: ./packages/health-check dockerfile: Dockerfile container_name: health-check restart: unless-stopped logging: *default-logging volumes: - ./docker/data/health-check/state:/usr/app/state networks: shared: ipv4_address: 10.10.10.60 environment: - HOSTNAME=0.0.0.0 - PORTAL_URL=nginx expose: - 3100 depends_on: - handshake - handshake-api accounts: build: context: ./ dockerfile: ./docker/accounts/Dockerfile container_name: accounts restart: unless-stopped logging: *default-logging environment: - SKYNET_DB_HOST="mongo" - SKYNET_DB_PORT="27017" - SKYNET_DB_USER=${SKYNET_DB_USER} - SKYNET_DB_PASS=${SKYNET_DB_PASS} expose: - 3000 networks: shared: - ipv4_address: 10.10.10.70 depends_on: - mongo - oathkeeper mongo: image: mongo:4.4.1 command: --keyFile=/data/mgkey --replSet=skynet container_name: mongo restart: unless-stopped logging: *default-logging volumes: - ./docker/data/mongo/db:/data/db - ./docker/data/mongo/mgkey:/data/mgkey:rw networks: shared: ipv4_address: 10.10.10.71 ports: - "27017:27017" kratos-migrate: image: oryd/kratos:v0.5.4-alpha.1 container_name: kratos-migrate restart: on-failure logging: *default-logging environment: - DSN=cockroach://root@cockroachd:26257/defaultdb?sslmode=disable&max_conns=20&max_idle_conns=4 - SQA_OPT_OUT=true volumes: - ./docker/kratos/config:/etc/config/kratos - type: volume source: kratos-sqlite target: /var/lib/sqlite read_only: false command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes networks: shared: ipv4_address: 10.10.10.80 kratos: image: oryd/kratos:v0.5.4-alpha.1 container_name: kratos restart: unless-stopped logging: *default-logging ports: - "4433:4433" # public - "4434:4434" # admin expose: - 4433 # public - 4434 # admin environment: - DSN=cockroach://root@cockroachd:26257/defaultdb?sslmode=disable&max_conns=20&max_idle_conns=4 - LOG_LEVEL=trace - SERVE_PUBLIC_BASE_URL=https://siasky.xyz/secure/.ory/kratos/public/ - SQA_OPT_OUT=true command: serve -c /etc/config/kratos/kratos.yml volumes: - ./docker/kratos/config:/etc/config/kratos - type: volume source: kratos-sqlite target: /var/lib/sqlite read_only: false - type: bind source: ./.kratos.yml target: /etc/config/kratos/kratos.yml networks: shared: ipv4_address: 10.10.10.81 depends_on: - kratos-migrate kratos-selfservice-ui-node: image: oryd/kratos-selfservice-ui-node:v0.5.0-alpha.1 container_name: kratos-selfservice-ui-node restart: on-failure logging: *default-logging environment: - PORT=4435 - SECURITY_MODE=jwks - BASE_URL=https://siasky.xyz/secure/ - KRATOS_BROWSER_URL=https://siasky.xyz/secure/.ory/kratos/public - JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json - KRATOS_PUBLIC_URL=http://kratos:4433/ - KRATOS_ADMIN_URL=http://kratos:4434/ - SQA_OPT_OUT=true networks: shared: ipv4_address: 10.10.10.82 oathkeeper: image: oryd/oathkeeper:v0.38 depends_on: - kratos expose: - 4455 - 4456 command: serve proxy -c "/etc/config/oathkeeper/oathkeeper.yml" environment: - LOG_LEVEL=debug volumes: - ./docker/kratos/oathkeeper:/etc/config/oathkeeper restart: on-failure networks: shared: ipv4_address: 10.10.10.83 cockroachd: image: cockroachdb/cockroach:v20.1.0 container_name: cockroachd command: start --insecure volumes: - kratos-sqlite:/cockroach/cockroach-data expose: - 26257 networks: shared: ipv4_address: 10.10.10.84