forked from Infisical/infisical
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.dev.yml
More file actions
340 lines (319 loc) · 9.19 KB
/
Copy pathdocker-compose.dev.yml
File metadata and controls
340 lines (319 loc) · 9.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
version: "3.9"
services:
nginx:
container_name: infisical-dev-nginx
image: nginx
restart: "always"
ports:
- 8080:80
volumes:
- ./nginx/default.dev.conf:/etc/nginx/conf.d/default.conf:ro
depends_on:
- backend
- frontend
db:
image: postgres:14-alpine
ports:
- "5432:5432"
volumes:
- postgres-data:/var/lib/postgresql/data
environment:
POSTGRES_PASSWORD: infisical
POSTGRES_USER: infisical
POSTGRES_DB: infisical
redis:
image: redis
container_name: infisical-dev-redis
environment:
- ALLOW_EMPTY_PASSWORD=yes
ports:
- 6379:6379
volumes:
- redis_data:/data
clickhouse:
image: clickhouse/clickhouse-server:25.12.5
container_name: infisical-dev-clickhouse
restart: unless-stopped
ports:
- "8123:8123"
- "9000:9000"
volumes:
- clickhouse_data:/var/lib/clickhouse
- clickhouse_logs:/var/log/clickhouse-server
environment:
- CLICKHOUSE_DB=infisical
- CLICKHOUSE_USER=infisical
- CLICKHOUSE_PASSWORD=infisical
- CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT=1
ulimits:
nofile:
soft: 262144
hard: 262144
redis-commander:
container_name: infisical-dev-redis-commander
image: rediscommander/redis-commander
restart: always
depends_on:
- redis
environment:
- REDIS_HOSTS=local:redis:6379
ports:
- "8085:8081"
bull-board:
container_name: infisical-dev-bull-board
image: venatum/bull-board:3.3.7
restart: always
depends_on:
- redis
environment:
- REDIS_HOST=redis
- REDIS_PORT=6379
- BULL_VERSION=BULLMQ
- BULL_PREFIX=bull
ports:
- "3008:3000"
profiles: [queue]
db-test:
profiles: ["test"]
image: postgres:14-alpine
ports:
- "5430:5432"
environment:
POSTGRES_PASSWORD: infisical
POSTGRES_USER: infisical
POSTGRES_DB: infisical-test
command: postgres -c max_locks_per_transaction=512
backend:
container_name: infisical-dev-api
build:
context: ./backend
dockerfile: Dockerfile.dev.fips
depends_on:
db:
condition: service_started
redis:
condition: service_started
clickhouse:
condition: service_started
env_file:
- .env
ports:
- 4000:4000
- 9464:9464 # for OTEL collection of Prometheus metrics
- 9229:9229 # For debugger access
environment:
- NODE_ENV=development
- DB_CONNECTION_URI=postgres://infisical:infisical@db/infisical?sslmode=disable
- TELEMETRY_ENABLED=false
# Dev-only: lets the backend accept PingFederate's self-signed cert when testing
# OIDC locally via `make up-dev-pingfed`. NEVER set this in production.
# - NODE_TLS_REJECT_UNAUTHORIZED=0
volumes:
- ./backend/src:/app/src
- softhsm_tokens:/etc/softhsm2/tokens # SoftHSM tokens are stored in a volume to persist across container restarts
extra_hosts:
- "host.docker.internal:host-gateway"
- "pf.local:host-gateway" # PingFederate dev container — resolves the same on host and inside compose
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:4000/api/status"]
interval: 30s
timeout: 5s
retries: 3
start_period: 120s
prometheus:
image: prom/prometheus
volumes:
- ./prometheus.dev.yml:/etc/prometheus/prometheus.yml
ports:
- "9090:9090"
command:
- "--config.file=/etc/prometheus/prometheus.yml"
profiles: [metrics]
otel-collector:
image: otel/opentelemetry-collector-contrib
volumes:
- ./otel-collector-config.yaml:/etc/otelcol-contrib/config.yaml
ports:
- 1888:1888 # pprof extension
- 8888:8888 # Prometheus metrics exposed by the Collector
- 8889:8889 # Prometheus exporter metrics
- 13133:13133 # health_check extension
- 4317:4317 # OTLP gRPC receiver
- 4318:4318 # OTLP http receiver
- 55679:55679 # zpages extension
profiles: [metrics-otel]
grafana:
image: grafana/grafana
container_name: grafana
restart: unless-stopped
environment:
- GF_LOG_LEVEL=debug
ports:
- "3005:3000"
volumes:
- "grafana_storage:/var/lib/grafana"
profiles: [metrics]
frontend:
container_name: infisical-dev-frontend
restart: unless-stopped
depends_on:
- backend
build:
context: ./frontend
dockerfile: Dockerfile.dev
volumes:
- ./frontend/src:/app/src/ # mounted whole src to avoid missing reload on new files
- ./frontend/public:/app/public
- ./frontend/index.html:/app/index.html
env_file: .env
backend-go:
container_name: infisical-dev-api-go
build:
context: ./backend-go
dockerfile: Dockerfile.dev.fips
depends_on:
db:
condition: service_started
redis:
condition: service_started
backend:
condition: service_healthy
ports:
- 4040:4040
volumes:
- ./backend-go:/app
environment:
- DB_CONNECTION_URI=postgres://infisical:infisical@db/infisical?sslmode=disable
- REDIS_URL=redis://redis:6379
env_file:
- .env
profiles: [go]
pgadmin:
image: dpage/pgadmin4
restart: always
volumes:
- ./servers.json:/pgadmin4/servers.json
environment:
PGADMIN_DEFAULT_EMAIL: admin@example.com
PGADMIN_DEFAULT_PASSWORD: pass
ports:
- 5050:80
depends_on:
- db
smtp-server:
container_name: infisical-dev-smtp-server
image: lytrax/mailhog:latest # https://github.com/mailhog/MailHog/issues/353#issuecomment-821137362
restart: always
logging:
driver: "none" # disable saving logs
ports:
- 1025:1025 # SMTP server
- 8025:8025 # Web UI
openldap:
# note: more advanced configuration is available
image: osixia/openldap:1.5.0
restart: always
environment:
LDAP_ORGANISATION: Acme
LDAP_DOMAIN: acme.com
LDAP_ADMIN_PASSWORD: admin
ports:
- 389:389
- 636:636
volumes:
- ldap_data:/var/lib/ldap
- ldap_config:/etc/ldap/slapd.d
profiles: [ldap]
phpldapadmin:
# username: cn=admin,dc=acme,dc=com, pass is admin
image: osixia/phpldapadmin:latest
restart: always
environment:
- PHPLDAPADMIN_LDAP_HOSTS=openldap
- PHPLDAPADMIN_HTTPS=false
ports:
- 6433:80
depends_on:
- openldap
profiles: [ldap]
keycloak:
image: quay.io/keycloak/keycloak:26.1.0
restart: always
environment:
- KC_BOOTSTRAP_ADMIN_PASSWORD=admin
- KC_BOOTSTRAP_ADMIN_USERNAME=admin
command: start-dev
ports:
- 8088:8080
profiles: [sso]
pingfederate:
# Requires free Ping Identity DevOps credentials — register at
# https://devops.pingidentity.com/how-to/devopsRegistration/
# then set PING_IDENTITY_DEVOPS_USER and PING_IDENTITY_DEVOPS_KEY in your .env.
# Alternatively, leave both unset to run in Trial Product mode using the
# bundled license from pingidentity-server-profiles (expires periodically).
# Admin console: https://localhost:9999/pingfederate (administrator / 2FederateM0re)
# Runtime endpoint (SAML/OIDC/SCIM): https://localhost:9031
image: pingidentity/pingfederate:2604
restart: always
environment:
- PING_IDENTITY_ACCEPT_EULA=YES
- PING_IDENTITY_DEVOPS_USER=${PING_IDENTITY_DEVOPS_USER}
- PING_IDENTITY_DEVOPS_KEY=${PING_IDENTITY_DEVOPS_KEY}
- SERVER_PROFILE_URL=https://github.com/pingidentity/pingidentity-server-profiles.git
- SERVER_PROFILE_PATH=getting-started/pingfederate
# Enable Outbound Provisioning runtime for SCIM testing.
# Maps to pf.provisioner.mode in run.properties. STANDALONE = single node.
- PF_PROVISIONER_MODE=STANDALONE
ports:
- 9999:9999 # admin console
- 9031:9031 # runtime (SAML/OIDC/SCIM)
volumes:
- pingfederate_data:/opt/out
extra_hosts:
- "host.docker.internal:host-gateway"
profiles: [pingfed]
samba-ad:
# Samba 4 Active Directory Domain Controller for SCIM/SSO testing.
# Bootstraps an ACME.LOCAL domain on first start (~60s).
# Admin: Administrator / value of SAMBA_ADMIN_PASSWORD (defaults to Passw0rd!).
# Reachable from compose network at samba-ad:389; from host at localhost:1389.
image: nowsci/samba-domain:latest
container_name: infisical-dev-samba-ad
hostname: dc1
cap_add:
- SYS_ADMIN
privileged: true
environment:
- DOMAIN=ACME.LOCAL
- DOMAIN_DC=dc=acme,dc=local
- DOMAINPASS=${SAMBA_ADMIN_PASSWORD:-Passw0rd!}
- DNSFORWARDER=8.8.8.8
- HOSTIP=0.0.0.0
- INSECURELDAP=true # dev only — allows ldap:// without TLS
ports:
- 1389:389 # ldap (mapped off 389 to coexist with the openldap profile)
- 1636:636 # ldaps
- 88:88 # kerberos
- 88:88/udp
volumes:
- samba_data:/var/lib/samba
- samba_etc:/etc/samba/external
profiles: [ad]
volumes:
postgres-data:
driver: local
redis_data:
driver: local
clickhouse_data:
driver: local
clickhouse_logs:
driver: local
ldap_data:
ldap_config:
pingfederate_data:
samba_data:
samba_etc:
grafana_storage:
softhsm_tokens:
driver: local