version: "3.7" x-logging: &default-logging driver: json-file options: max-size: "10m" max-file: "3" services: webapp: build: args: WITH_ACCOUNTS: 0 # temporarily disable accounts frontend nginx: volumes: - ./docker/accounts/nginx.secure.conf:/etc/nginx/conf.extra.d/nginx.secure.conf:ro accounts: build: context: ./docker/accounts dockerfile: Dockerfile container_name: accounts restart: unless-stopped logging: *default-logging env_file: - .env environment: - SKYNET_DB_HOST=mongo - SKYNET_DB_PORT=27017 - SKYNET_DB_USER=${SKYNET_DB_USER} - SKYNET_DB_PASS=${SKYNET_DB_PASS} - COOKIE_DOMAIN=${COOKIE_DOMAIN} - COOKIE_HASH_KEY=${COOKIE_HASH_KEY} - COOKIE_ENC_KEY=${COOKIE_ENC_KEY} expose: - 3000 networks: shared: ipv4_address: 10.10.10.70 depends_on: - mongo - oathkeeper mongo: image: mongo:4.4.1 command: --keyFile=/data/mgkey --replSet=skynet container_name: mongo restart: unless-stopped logging: *default-logging volumes: - ./docker/data/mongo/db:/data/db - ./docker/data/mongo/mgkey:/data/mgkey:rw networks: shared: ipv4_address: 10.10.10.71 ports: - "27017:27017" kratos-migrate: image: oryd/kratos:v0.5.5-alpha.1 container_name: kratos-migrate restart: on-failure logging: *default-logging environment: - DSN=cockroach://root@cockroach:26257/defaultdb?max_conns=20&max_idle_conns=4&sslmode=verify-full&sslcert=/certs/node.crt&sslkey=/certs/node.key&sslrootcert=/certs/ca.crt - SQA_OPT_OUT=true volumes: - ./docker/kratos/config:/etc/config/kratos - ./docker/data/cockroach/sqlite:/var/lib/sqlite - ./docker/kratos/cr_certs:/certs command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes networks: shared: ipv4_address: 10.10.10.80 kratos: image: oryd/kratos:v0.5.5-alpha.1 container_name: kratos restart: unless-stopped logging: *default-logging expose: - 4433 # public - 4434 # admin environment: - DSN=cockroach://root@cockroach:26257/defaultdb?max_conns=20&max_idle_conns=4&sslmode=verify-full&sslcert=/certs/node.crt&sslkey=/certs/node.key&sslrootcert=/certs/ca.crt - LOG_LEVEL=trace - SERVE_PUBLIC_BASE_URL=https://secure.${DOMAIN_NAME}/.ory/kratos/public/ - SQA_OPT_OUT=true command: serve -c /etc/config/kratos/kratos.yml volumes: - ./docker/kratos/config:/etc/config/kratos - ./docker/data/cockroach/sqlite:/var/lib/sqlite - ./docker/kratos/cr_certs:/certs networks: shared: ipv4_address: 10.10.10.81 depends_on: - kratos-migrate dashboard: build: context: ./packages/dashboard dockerfile: Dockerfile container_name: dashboard restart: unless-stopped logging: *default-logging env_file: - .env environment: - SECURITY_MODE=jwks - BASE_URL=/ - KRATOS_BROWSER_URL=/.ory/kratos/public - JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json - KRATOS_PUBLIC_URL=http://kratos:4433/ - KRATOS_ADMIN_URL=http://kratos:4434/ - SQA_OPT_OUT=true volumes: - ./.env:/usr/app/.env.local:ro networks: shared: ipv4_address: 10.10.10.85 expose: - 3000 oathkeeper: image: oryd/oathkeeper:v0.38 container_name: oathkeeper depends_on: - kratos expose: - 4455 - 4456 command: serve proxy -c "/etc/config/oathkeeper/oathkeeper.yml" environment: - LOG_LEVEL=debug volumes: - ./docker/kratos/oathkeeper:/etc/config/oathkeeper restart: on-failure networks: shared: ipv4_address: 10.10.10.83 cockroach: image: cockroachdb/cockroach:v20.2.3 container_name: cockroach env_file: - .env command: start --advertise-addr=${CR_IP} --join=${CR_CLUSTER_NODES} --certs-dir=/certs --listen-addr=0.0.0.0:26257 --http-addr=0.0.0.0:8080 volumes: - ./docker/data/cockroach/sqlite:/cockroach/cockroach-data - ./docker/cockroach/certs:/certs ports: - "4080:8080" - "26257:26257" networks: shared: ipv4_address: 10.10.10.84