Sync

2025-03-13 01:26:58 +01:00 · 2025-03-13 01:26:58 +01:00 · 77cdb652e9
commit 77cdb652e9
parent 6a6eed8978
6 changed files with 138 additions and 414 deletions
--- a/docker-compose.production.yml
+++ b/docker-compose.production.yml
@ -2,7 +2,7 @@ services:
    web:
        build:
            context: .
-            dockerfile: ./frontend/Dockerfile
+            dockerfile: frontend/Dockerfile
        restart: unless-stopped
        networks:
            - dwengo-1
@ -14,7 +14,7 @@ services:
    api:
        build:
            context: .
-            dockerfile: ./backend/Dockerfile
+            dockerfile: backend/Dockerfile
        restart: unless-stopped
        volumes:
            # TODO Replace with environment keys
@ -46,29 +46,39 @@ services:

    reverse-proxy:
        image: traefik:v3.3
-        command: >
-            --api.insecure=true
-            --providers.docker=true
-            --providers.docker.exposedbydefault=false
-            --entrypoints.web.address=:80/tcp
-            --entrypoints.web.http.redirections.entryPoint.to=websecure
-            --entrypoints.web.http.redirections.entrypoint.scheme=https
-            --entrypoints.websecure.address=:443/tcp
-            --entrypoints.websecure.http.tls=true
-            --entrypoints.websecure.http.tls.certResolver=letsencrypt
-            --entrypoints.websecure.http.tls.domains[0].main=sel2-1.ugent.be
-            --certificatesresolvers.letsencrypt.acme.email=timo.demeyst@ugent.be
-            --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
-            --certificatesresolvers.letsencrypt.acme.httpChallenge=true
-            --certificatesresolvers.letsencrypt.acme.httpChallenge.entrypoint=web
+        command:
+            # TODO REMOVE ME
+            - "--api.insecure=true"
+
+            # Add Docker provider
+            - "--providers.docker=true"
+            - "--providers.docker.exposedbydefault=false"
+
+            # Add web entrypoint
+            - "--entrypoints.web.address=:80/tcp"
+            - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
+            - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
+
+            # Add websecure entrypoint
+            - "--entrypoints.websecure.address=:443/tcp"
+            - "--entrypoints.websecure.http.tls=true"
+            - "--entrypoints.websecure.http.tls.certResolver=letsencrypt"
+            - "--entrypoints.websecure.http.tls.domains[0].main=sel2-1.ugent.be"
+
+            # Certificates
+            - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
+            - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
+            - "--certificatesresolvers.letsencrypt.acme.email=timo.demeyst@ugent.be"
+            - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
        ports:
-            - '8080:8080'
+            # TODO Remove the 8080 port and --api-insecure=true
+            - '2002:8080'
            - '80:80/tcp'
            - '443:443/tcp'
        restart: unless-stopped
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock:ro
-            - dwengo_letsencrypt:/letsencrypt:ro
+            - dwengo_letsencrypt:/letsencrypt
        networks:
            - dwengo-1

@ -84,12 +94,6 @@ services:
        restart: unless-stopped
        networks:
            - dwengo-1
-        labels:
-            - 'traefik.enable=true'
-            - 'traefik.http.middlewares.logging-prefix.stripprefix.prefixes=/logging'
-            - 'traefik.http.routers.web.rule=PathPrefix(`/logging`)'
-            - 'traefik.http.routers.web.middlewares=logging-prefix'
-            - 'traefik.http.services.web.loadbalancer.server.port=3102'

    dashboards:
        image: grafana/grafana:latest
@ -101,11 +105,46 @@ services:
        networks:
            - dwengo-1

+    idp: # Based on: https://medium.com/@fingervinicius/easy-running-keycloak-with-docker-compose-b0d7a4ee2358
+        image: quay.io/keycloak/keycloak:latest
+        volumes:
+            - dwengo_idp_data:/opt/keycloak/data
+            - ./config/idp:/opt/keycloak/data/import
+        environment:
+            KC_HOSTNAME: sel2-1.ugent.be
+            KC_HOSTNAME_PORT: 7080
+            KC_HOSTNAME_STRICT_BACKCHANNEL: 'true'
+            KC_BOOTSTRAP_ADMIN_USERNAME: admin
+            KC_BOOTSTRAP_ADMIN_PASSWORD: admin
+            KC_HEALTH_ENABLED: 'true'
+            KC_LOG_LEVEL: info
+        env_file:
+            -   ./config/idp/.env
+        healthcheck:
+            test: ['CMD', 'curl', '-f', 'http://localhost:7080/health/ready']
+            interval: 15s
+            timeout: 2s
+            retries: 15
+        # TODO Replace with proper production command
+        command: ['start-dev', '--http-port', '7080', '--https-port', '7443', '--import-realm']
+        ports:
+            - '7080:7080'
+            - '7443:7443'
+        depends_on:
+            - db
+        networks:
+            - dwengo-1
+        labels:
+            - 'traefik.enable=true'
+            - 'traefik.http.routers.idp.rule=PathPrefix(`/auth`)'
+            - 'traefik.http.services.idp.loadbalancer.server.port=7080'
+
 volumes:
-    dwengo_postgres_data:
+    dwengo_grafana_data:
+    dwengo_idp_data:
    dwengo_letsencrypt:
    dwengo_loki_data:
-    dwengo_grafana_data:
+    dwengo_postgres_data:

 networks:
    dwengo-1: