Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Docker compose cleanup #325

Merged
merged 2 commits into from
Mar 2, 2020
Merged

Docker compose cleanup #325

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
765159b
Docker: add 'Dockerfile-dc' to build docker image for Docker Compose
KarthikNayak Dec 30, 2019
99810d6
Docker: update the Docker Compose file as per changes made over time
KarthikNayak Dec 30, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions .docker_compose/config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
serve:
proxy:
port: 4455 # run the proxy at port 4455
api:
port: 4456 # run the api at port 4456

access_rules:
repositories:
- file:///etc/config/oathkeeper/rules.json

errors:
fallback:
- json
handlers:
json:
enabled: true
config:
verbose: true
redirect:
enabled: true
config:
to: https://www.ory.sh/docs

mutators:
header:
enabled: true
config:
headers:
X-User: "{{ print .Subject }}"
noop:
enabled: true
id_token:
enabled: true
config:
issuer_url: http://localhost:4455/
jwks_url: file:///etc/config/oathkeeper/jwks.json

authorizers:
allow:
enabled: true
deny:
enabled: true

authenticators:
anonymous:
enabled: true
config:
subject: guest
18 changes: 18 additions & 0 deletions .docker_compose/jwks.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"keys": [
{
"use": "sig",
"kty": "RSA",
"kid": "387e4978-078b-4664-afb4-cf9142161610",
"alg": "RS256",
"n": "qY_EWBYkXX-8RrH_5tBFTfaEf2uloKC0HJePxf1WQ4qIh1IjcjyHCpOK8dvyfBZtNcCKHa_EQZwupWuIuZtuXGzfmVHYkrlTwbDK6juqyqhrtpQHm-wOaSCjD4hvegD50Cpb5qKm59ZssWRPuQ6AxJWJ-D1MlmNntTI0L3pJd_Np0od-A2SwAczk53gg2V7Zhk87h7dQKHvkbd3e86lzW7FjV8BsUvp2tKxg_ULfEJJYpyjxqIwaDFIUY4qsCrSS6XETOETxBcE2lAQtflPqPlqQIrNra8k9wAxB_OBNIeonmHbM3bI2H6KOcJUWzm72ZjbIfVfrTPsijH-ZhNwjbw",
"e": "AQAB",
"d": "FtEs17mrDRXqTQ0Y5YNzQAmDTO48bIATnKFcjIUJva7_rk4ETRQODANMuD0jxUTzTz9olpQXccjFkicFUAy1biSMdkJIRX5A4hibRaff1MOTMw96cqXyTn1A1A9FCQLmmveIRGHw2dPF7p0UCVAFTe7dkRUWoEoiI4Ts9tKa3lQf8SyWmTuXAMkwTmOXH1ARCCJ0CXgITg5t9_pajn1mX3yCnnrbqQTlYvQ2pkJIqbmxYCAzm6LZpj9u1XFmPLk8IkbPDahdI28bqv7PJgaVRxchlJ8JaP_YzQW1m9xme6PJNhVOcKYlF8L-PgB6gfLUdwNCT1v1MA-WPHLSZbqvQQ",
"p": "xy25H7yYa1m1H09fm9msoaPaCY3cTvF89sJqUzoGCpMHUgPBI276kZgVHPcfp8Fzbq-a_c9BnU11vJ_MV7_kYHt3JM1RTjsK1-JMvDSqNTKWy3qSAmoN2gKKUp4fRG1BskG45QLyj-smesW_7oJoEtPoe_AQ3U47mrrarayb_yE",
"q": "2e8S8IankdTvmBcRetd8kGo1cblpKZ6a9FWbAjkS0ts3fXzTeiBGa_sw5QemIrpPy2fRp3OBMn0NIw2ONbFipgjBqj72Oa-87WTdb7IsH0x8XkgHdUFxBmsU4vzQAKno58WdWY8zP0YLVL-u2ricmsX0gV2EsdvkTPpINaXEoI8",
"dp": "XHLhkVSFXpZ11kGOPBWN5jzaUELzNgUqnpJgrZ6p_TB_Xlb1x4-UaA2yBw7BN6k3_fEuPI59gxjYBCQbwcMEqq_D_mX6ThhjkQ6t1VGQiz6e9XU_3jUBluZE89IG60jXDHkq68kxcxGPe77btkX7LnoDV7t26HGOguQl6iTLB2E",
"dq": "dfQmzRYkdhLJBwldRZ6B5ewGNyJCH-ufNKVsu1xGqudJdlrsXwo-80zGXv-v1NYAQDhVygsDH199j75TfQ4gNXtBzrI7NGfAmsBf9Yd6yAnuulzD5Jvh37ZvXJe2wNU1oNRdYM7XzuRLV7hTnEAVStPfjXEfU-CPBXblRFwPO1M",
"qi": "IfUeLw9BK-4Oby0kPOk3u51D-6GfCAqc9rrYI118vi9deKH3lJUn6G9bZYh6kSA8qjK6gRfSxrjICz-IrGfanYQ-E1zm_Dx6vaa6OXVBMYtpduDaeliGiivQW1HnSWS67UQSV9qK0stUa1epcbpsQBtwhUldSPZezfCpPiUjIPw"
}
]
}
112 changes: 112 additions & 0 deletions .docker_compose/rules.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
[
{
"id": "allow-anonymous-with-header-mutator",
"upstream": {
"url": "https://httpbin.org/anything/header"
},
"match": {
"url": "http://<127.0.0.1|localhost>:4455/anything/header",
"methods": [
"GET"
]
},
"authenticators": [
{
"handler": "anonymous"
}
],
"authorizer": {
"handler": "allow"
},
"mutators": [
{
"handler": "header",
"config": {
"headers": {
"X-User": "{{ print .Subject }}"
}
}
}
]
},
{
"id": "deny-anonymous",
"upstream": {
"url": "https://httpbin.org/anything/deny"
},
"match": {
"url": "http://<127.0.0.1|localhost>:4455/anything/deny",
"methods": [
"GET"
]
},
"authenticators": [
{
"handler": "anonymous"
}
],
"authorizer": {
"handler": "deny"
},
"mutators": [
{
"handler": "noop"
}
],
"errors": [
{
"handler": "json",
"config": {
"when": [
{
"request": {
"header": {
"accept": ["application/json"]
}
}
}
]
}
},
{
"handler": "redirect",
"config": {
"when": [
{
"request": {
"header": {
"accept": ["text/*"]
}
}
}
]
}
}
]
},
{
"id": "allow-anonymous-with-id-token-mutator",
"upstream": {
"url": "https://httpbin.org/anything/id_token"
},
"match": {
"url": "http://<127.0.0.1|localhost>:4455/anything/id_token",
"methods": [
"GET"
]
},
"authenticators": [
{
"handler": "anonymous"
}
],
"authorizer": {
"handler": "allow"
},
"mutators": [
{
"handler": "id_token"
}
]
}
]
18 changes: 18 additions & 0 deletions Dockerfile-dc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
FROM golang:1.13-alpine

RUN addgroup -S ory; \
adduser -S ory -G ory -D -H -s /bin/nologin

RUN apk add -U --no-cache ca-certificates

ADD . /app
WORKDIR /app
ENV GO111MODULE on
RUN go get -u github.com/gobuffalo/packr/v2/packr2
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are using a fixed version of packr2, GO111MODULE=on go install github.com/gobuffalo/packr/v2/packr2 should be enough - see the makefile for reference

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will do!

RUN packr2
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build

USER ory

ENTRYPOINT ["/app/oathkeeper"]
CMD ["serve"]
61 changes: 8 additions & 53 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,62 +1,17 @@
version: '2'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file needs more work - there is for example no config file being loaded. The environment variables also seem to be outdated

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alright, will check and add it!

version: '3.7'

services:

oathkeeper-migrate:
oathkeeper:
build:
context: .
dockerfile: Dockerfile
links:
- postgresd:postgresd
environment:
- LOG_LEVEL=debug
command:
migrate sql postgres://dbuser:secret@postgresd:5432/accesscontroldb?sslmode=disable
restart: on-failure

oathkeeper-proxy:
build:
context: .
dockerfile: Dockerfile
links:
- postgresd:postgresd
dockerfile: Dockerfile-dc
ports:
- "4455:4455"
depends_on:
- oathkeeper-api
command:
serve proxy
environment:
- LOG_LEVEL=debug
- PORT=4455
- ISSUER_URL=http://localhost:4455/
- OATHKEEPER_API_URL=http://oathkeeper-api:4456
- CREDENTIALS_ISSUER_ID_TOKEN_HS256_SECRET=arandomsecretarandomsecretarando
restart: on-failure

oathkeeper-api:
build:
context: .
dockerfile: Dockerfile
links:
- postgresd:postgresd
ports:
- "4456:4456"
depends_on:
- oathkeeper-migrate
command:
serve api
environment:
- LOG_LEVEL=debug
- PORT=4456
- DATABASE_URL=postgres://dbuser:secret@postgresd:5432/accesscontroldb?sslmode=disable
- ISSUER_URL=http://localhost:4455/
- CREDENTIALS_ISSUER_ID_TOKEN_HS256_SECRET=arandomsecretarandomsecretarando
serve --config=/etc/config/oathkeeper/config.yaml
volumes:
- type: bind
source: ./.docker_compose
target: /etc/config/oathkeeper
restart: on-failure

postgresd:
image: postgres:9.6
environment:
- POSTGRES_USER=dbuser
- POSTGRES_PASSWORD=secret
- POSTGRES_DB=accesscontroldb