-
Notifications
You must be signed in to change notification settings - Fork 5
/
docker-compose.yml
139 lines (139 loc) · 6.73 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
version: '3.7'
services:
mock-oauth2-server:
image: ghcr.io/navikt/mock-oauth2-server:0.5.5
ports:
- '8080:8080'
healthcheck:
test:
[
'CMD',
'wget',
'--no-verbose',
'--tries=1',
'--spider',
'http://localhost:8080/default/.well-known/openid-configuration',
]
interval: 15s
timeout: 10s
retries: 10
environment:
JSON_CONFIG: |
{
"interactiveLogin": true,
"httpServer": "NettyWrapper",
"tokenCallbacks": [
{
"issuerId": "azureAd",
"tokenExpiry": 3600,
"requestMappings": [
{
"requestParam": "code",
"match": "saksbeh",
"claims": {
"aud": ["fpfrontend"],
"sub": "saksbeh",
"NAVident": "saksbeh"
}
},
{
"requestParam": "grant_type",
"match": "authorization_code",
"claims": {
"sub": "saksbeh",
"sid": "1234",
"aud": "local-client-123"
}
}
]
}
]
}
hostname: host.docker.internal
wonderwall:
image: ghcr.io/nais/wonderwall:latest
ports:
- '9000:9000'
command: >
--openid.provider=azure
--openid.scopes=api://vtp.teamforeldrepenger.fpfrontend/.default
--openid.client-id=local-client-123
--openid.well-known-url=http://host.docker.internal:8080/azureAd/.well-known/openid-configuration
--ingress=http://localhost:9000,http://wonderwall:9000
--bind-address=0.0.0.0:9000
--upstream-host=frontend:9090
--auto-login=true
--session.max-lifetime=12h0m0s
--session.inactivity-timeout=12h0m0s
--session.refresh=true
--log-level=debug
--log-format=text
restart: on-failure
environment:
WONDERWALL_OPENID_CLIENT_JWK: |
{
"p": "uglj69HBqwsI8HoRZ3O3LZLagL4LASooVJktgCvTgjucVDovIYeSSUmd1LTtDKFM2W-oobbWQA-t1-pnTM0dnEgti0d3fWuiBe1StAoiCSh18KOcnMnors-MQi-WlmBUACGRYX2v0coMCLWMBkMfRjPGZ43eHutCcyRydNCopOE",
"kty": "RSA",
"q": "s1uYe4HX1HHKbVlmHbHsGjiMown3Qio0KYO8ehohVbkH9-2lFpb00h2-NZMXZxluBBWmx5ukIV07NJ9nKiFbRTkR2b2ww5WocPYRk4fAMYDe8sCHOHuOAZiI6F97x4kySPiqj_U2ut_EWkgDtUkMwtciZDzwRmcuGPb-c8OHSkU",
"d": "CGME29GzZxGC7CcqfiWabszarqXfCFLBkVD6cQqYBilA3DJ-3j3_txIWaQVtUplBQt6YOIL8S_-4D_LGFn5B4bHYq5pPLsV6FJfqYLz2CRppWH5cvQYqH1MraOSm0127vG19KRDK02FUC77P7X9gFiOPLerU8j02mhu6riQmfvT8fRZ3It8yN_RL0aaQ87m_acI33pS5lUhR8ooaWBKN27pWeiVMImMJ4OxiPZiU-9C8rbLwFjiXjZzjuxmWQ7zu1-aqfy4iqc4kyFLo6H6wIY3mGgK76k3zmQrerJRTZElAzm6018IWNLNkVJKjsaH5GwSmK0KVnZLj6NPrbWzvgQ",
"e": "AQAB",
"use": "sig",
"kid": "azureAd",
"qi": "g87KpFNEigeOQ2EF6hdjllzmyYu3rVIUvqKTR7RjiqDQwujRlugGbXGXxJy93X5FLpk6Z2xM-cwE2PEm1369ZZxom3EDx46sic1v5aH9mbU2BhaGOfpY4Mi9X72VkW_KBMoAfJYPi3SCScBMoqYkAOFGbtS3uARvY0-HB0P5X2U",
"dp": "GmTOqlxeD7hHEmcfJQBD0tFs8qsDwKyMgEQjMnYFUgrHCSQgH6-uT3uESvNIVmxkDM1MrXTVPM18qo91DG5lbxDGdWY0S7UDjbe37hcp8QauhO-RfqUev_5uNc2unbMY99PLXnuIgEkcH_gx34mSXFFoKrTz-IsEKHXZTz1zT8E",
"dq": "Zy48bGDoDxlfQMT7T_35O6Rok6q6CeBJndBhb0T1BGGryd9256X0NaRStnNmNTOV7Nef2JkbNO5zjvRc3wnNfec087SCqiHAgyusNNkVoeTnXXOQ1teNfDGKIVQ82y98NCqJxMNmtt7gEKf5KiNaKgSljlDYUUguZsJA48wKWpk",
"n": "glchA7ywlOiBhxPj6WxGcbiT2ejpfVivkWz0KdQ8BiXxZaUBMr4hdB6voYfSWaNaZle6Avy10MVr-hn8Ef15G1y4ot_vEVdomhLBsaX1UcyMSY8J-rZusq1sPmkBZbe0Xoivt__AJaXBS2OZi8PgCe80HYEN2G3PB3ytvA8YC99l3xBzTmYlSWCth9mJiR4ovlQdsswu7ruDNCrtO2MktLrFehKkha3LFiZiq0MTaXzK2XyvgjwU8o12pyWpVnmF8vttY2mQln8C5_ybTxT1C62e2Q0QR9K25t3YY6qeDjsD0SypaxCtfiQ5dwidorwTi1mKKaz_5AuAAmtmUsR6pQ",
"alg": "RS256"
}
depends_on:
- mock-oauth2-server
upstream:
image: mendhak/http-https-echo:28
ports:
- '4000:4000'
environment:
HTTP_PORT: 4000
JWT_HEADER: Authorization
LOG_IGNORE_PATH: /
frontend:
build:
context: .
dockerfile: Dockerfile
ports:
- '9090:9090'
environment:
NODE_ENV: development
AZURE_APP_CLIENT_ID: local-client-123
AZURE_APP_JWKS: |
{"keys":[
{
"p": "uglj69HBqwsI8HoRZ3O3LZLagL4LASooVJktgCvTgjucVDovIYeSSUmd1LTtDKFM2W-oobbWQA-t1-pnTM0dnEgti0d3fWuiBe1StAoiCSh18KOcnMnors-MQi-WlmBUACGRYX2v0coMCLWMBkMfRjPGZ43eHutCcyRydNCopOE",
"kty": "RSA",
"q": "s1uYe4HX1HHKbVlmHbHsGjiMown3Qio0KYO8ehohVbkH9-2lFpb00h2-NZMXZxluBBWmx5ukIV07NJ9nKiFbRTkR2b2ww5WocPYRk4fAMYDe8sCHOHuOAZiI6F97x4kySPiqj_U2ut_EWkgDtUkMwtciZDzwRmcuGPb-c8OHSkU",
"d": "CGME29GzZxGC7CcqfiWabszarqXfCFLBkVD6cQqYBilA3DJ-3j3_txIWaQVtUplBQt6YOIL8S_-4D_LGFn5B4bHYq5pPLsV6FJfqYLz2CRppWH5cvQYqH1MraOSm0127vG19KRDK02FUC77P7X9gFiOPLerU8j02mhu6riQmfvT8fRZ3It8yN_RL0aaQ87m_acI33pS5lUhR8ooaWBKN27pWeiVMImMJ4OxiPZiU-9C8rbLwFjiXjZzjuxmWQ7zu1-aqfy4iqc4kyFLo6H6wIY3mGgK76k3zmQrerJRTZElAzm6018IWNLNkVJKjsaH5GwSmK0KVnZLj6NPrbWzvgQ",
"e": "AQAB",
"use": "sig",
"kid": "azureAd",
"qi": "g87KpFNEigeOQ2EF6hdjllzmyYu3rVIUvqKTR7RjiqDQwujRlugGbXGXxJy93X5FLpk6Z2xM-cwE2PEm1369ZZxom3EDx46sic1v5aH9mbU2BhaGOfpY4Mi9X72VkW_KBMoAfJYPi3SCScBMoqYkAOFGbtS3uARvY0-HB0P5X2U",
"dp": "GmTOqlxeD7hHEmcfJQBD0tFs8qsDwKyMgEQjMnYFUgrHCSQgH6-uT3uESvNIVmxkDM1MrXTVPM18qo91DG5lbxDGdWY0S7UDjbe37hcp8QauhO-RfqUev_5uNc2unbMY99PLXnuIgEkcH_gx34mSXFFoKrTz-IsEKHXZTz1zT8E",
"dq": "Zy48bGDoDxlfQMT7T_35O6Rok6q6CeBJndBhb0T1BGGryd9256X0NaRStnNmNTOV7Nef2JkbNO5zjvRc3wnNfec087SCqiHAgyusNNkVoeTnXXOQ1teNfDGKIVQ82y98NCqJxMNmtt7gEKf5KiNaKgSljlDYUUguZsJA48wKWpk",
"n": "glchA7ywlOiBhxPj6WxGcbiT2ejpfVivkWz0KdQ8BiXxZaUBMr4hdB6voYfSWaNaZle6Avy10MVr-hn8Ef15G1y4ot_vEVdomhLBsaX1UcyMSY8J-rZusq1sPmkBZbe0Xoivt__AJaXBS2OZi8PgCe80HYEN2G3PB3ytvA8YC99l3xBzTmYlSWCth9mJiR4ovlQdsswu7ruDNCrtO2MktLrFehKkha3LFiZiq0MTaXzK2XyvgjwU8o12pyWpVnmF8vttY2mQln8C5_ybTxT1C62e2Q0QR9K25t3YY6qeDjsD0SypaxCtfiQ5dwidorwTi1mKKaz_5AuAAmtmUsR6pQ",
"alg": "RS256"
}
]}
AZURE_APP_WELL_KNOWN_URL: http://host.docker.internal:8080/azureAd/.well-known/openid-configuration
PROXY_CONFIG: |
{"apis":
[
{"path":"/fpsak/api","url":"http://upstream:4000","scopes":"api://fpsak/.default"}, {"path":"/fptilbake/api","url":"http://upstream:4000","scopes":"api://fptilbake/.default"}]}
PORT: 9090
restart: on-failure
container_name: frontend
healthcheck:
test: ['CMD', 'wget', '--no-verbose', '--tries=1', '--spider', 'http://localhost:9090/health/isReady']
interval: 15s
timeout: 10s
retries: 10
depends_on:
- mock-oauth2-server
- upstream