andreypopp · September 9, 2022 16:03
diff --git a/docker-compose.yml b/docker-compose.yml
 version: "3.3"
 services:
  postgres:
    image: postgres:12
    volumes:
    - type: volume
      source: pgdata
      target: /var/lib/postgresql/data
    environment:
    - POSTGRES_HOST_AUTH_METHOD=trust
  develop:
    image: rexdb/build:2022.07.26
    command: [sleep, infinity]
    working_dir: /app
    ports:
    - ${SYNC_PORT}:22000
    volumes:
    - type: volume
      source: appenv
      target: /app
    - type: volume
      source: appdata
      target: /app/data
    - type: volume
      source: apprun
      target: /app/run
    - type: volume
      source: appdocs
      target: /app/doc/build
    - type: volume
      source: cache
      target: /cache
    links:
    - postgres
    environment:
    - PATH=/app/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    - PGHOST=postgres
    - PGUSER=postgres
    - npm_config_cache=/cache/npm
    - YARN_CACHE_FOLDER=/cache/yarn
    - PIP_CACHE_DIR=/cache/pip
    - REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
    - NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
    cap_add:
    - NET_ADMIN
    sysctls:
      net.ipv4.conf.all.route_localnet: 1
  auth:
    image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.1
    command: --config /oauth2-proxy.cfg
    volumes:
      - type: bind
        source: "./oauth2-proxy.cfg"
        target: "/oauth2-proxy.cfg"
    environment:
      OAUTH2_PROXY_COOKIE_SECRET: "$OAUTH2_PROXY_COOKIE_SECRET"
      OAUTH2_PROXY_PROVIDER: "$OAUTH2_PROXY_PROVIDER"
      OAUTH2_PROXY_CLIENT_ID: "$OAUTH2_PROXY_CLIENT_ID"
      OAUTH2_PROXY_CLIENT_SECRET: "$OAUTH2_PROXY_CLIENT_SECRET"
      OAUTH2_PROXY_COOKIE_DOMAINS: "10.0.88.2" # an external app domain
      OAUTH2_PROXY_COOKIE_SECURE: "false" # THIS IS ONLY FOR DEVELOPMENT! (support non-https)
      OAUTH2_PROXY_WHITELIST_DOMAINS: "10.0.88.2"
      OAUTH2_PROXY_REDIRECT_URL: "http://10.0.88.2:8080/oauth2/callback"
    restart: unless-stopped
  nginx:
    image: nginx:1.15
    command:
    - /bin/sh
    - -exc
    - |
      cat > /etc/nginx/conf.d/default.conf <<'EOF'
      map $$uri $$app_user {
          "~^(/~(?<user>[^/]+))" $$user;
          default [email protected];
      }
      map $$host$$uri $$app_socket {
          "~^([^/]+)(/~[^/]+)?(/@(?<app>[^/]+))" /run/app/$$app.socket;
          "~^(?<app>[^/]+)\.localhost/" /run/app/$$app.socket;
          default /run/app/socket;
      }
      map $$uri $$app_prefix {
          "~^(?<prefix>(/~[^/]+)?(/@[^/]+)?)" $$prefix;
      }
      map $$uri $$app_path {
          "~^(/~[^/]+)?(/@[^/]+)?(?<path>.*)" $$path;
      }

      server {
          listen 80;
          server_name .localhost;
          location / {
              if ($$app_path = "") {
                  return 302 $$scheme://$$http_host$$uri/;
              }
              auth_request /oauth2/auth;
              auth_request_set $$app_user $$upstream_http_x_auth_request_email;
              error_page 401 = /oauth2/sign_in?rd=$$request_uri;

              uwsgi_pass unix://$$app_socket;
              uwsgi_modifier1 30;
              include uwsgi_params;
              uwsgi_param SCRIPT_NAME $$app_prefix if_not_empty;
              uwsgi_param REMOTE_USER $$app_user if_not_empty;
          }
          location = /logout {
            return 302 $$scheme://$$http_host/oauth2/sign_out;
          }
          location /doc {
              alias /var/www/doc/html;
              absolute_redirect off;
          }
          location = /oauth2/auth {
            internal;

            proxy_set_header Host       $$host;
            proxy_set_header X-Real-IP  $$remote_addr;
            proxy_set_header X-Scheme   $$scheme;

            proxy_set_header Content-Length   "";
            proxy_pass_request_body           off;

            proxy_pass http://auth:4180/oauth2/auth;
          }

          location /oauth2 {
            proxy_set_header Host       $$host;
            proxy_set_header X-Real-IP  $$remote_addr;
            proxy_set_header X-Scheme   $$scheme;

            proxy_pass http://auth:4180/oauth2;
          }
      }
      EOF
      exec nginx -g 'daemon off;'
    ports:
    - ${HTTP_PORT}:80
    volumes:
    - type: volume
      source: apprun
      target: /run/app
    - type: volume
      source: appdocs
      target: /var/www/doc
      read_only: true
    links:
    - develop
 volumes:
  appenv:
  appdata:
  apprun:
  appdocs:
  pgdata:
  cache:
    external:
      name: rexdb-cache
	version: "3.3"
	services:
	postgres:
	image: postgres:12
	volumes:
	- type: volume
	source: pgdata
	target: /var/lib/postgresql/data
	environment:
	- POSTGRES_HOST_AUTH_METHOD=trust
	develop:
	image: rexdb/build:2022.07.26
	command: [sleep, infinity]
	working_dir: /app
	ports:
	- ${SYNC_PORT}:22000
	volumes:
	- type: volume
	source: appenv
	target: /app
	- type: volume
	source: appdata
	target: /app/data
	- type: volume
	source: apprun
	target: /app/run
	- type: volume
	source: appdocs
	target: /app/doc/build
	- type: volume
	source: cache
	target: /cache
	links:
	- postgres
	environment:
	- PATH=/app/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
	- PGHOST=postgres
	- PGUSER=postgres
	- npm_config_cache=/cache/npm
	- YARN_CACHE_FOLDER=/cache/yarn
	- PIP_CACHE_DIR=/cache/pip
	- REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
	- NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
	cap_add:
	- NET_ADMIN
	sysctls:
	net.ipv4.conf.all.route_localnet: 1
	auth:
	image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.1
	command: --config /oauth2-proxy.cfg
	volumes:
	- type: bind
	source: "./oauth2-proxy.cfg"
	target: "/oauth2-proxy.cfg"
	environment:
	OAUTH2_PROXY_COOKIE_SECRET: "$OAUTH2_PROXY_COOKIE_SECRET"
	OAUTH2_PROXY_PROVIDER: "$OAUTH2_PROXY_PROVIDER"
	OAUTH2_PROXY_CLIENT_ID: "$OAUTH2_PROXY_CLIENT_ID"
	OAUTH2_PROXY_CLIENT_SECRET: "$OAUTH2_PROXY_CLIENT_SECRET"
	OAUTH2_PROXY_COOKIE_DOMAINS: "10.0.88.2" # an external app domain
	OAUTH2_PROXY_COOKIE_SECURE: "false" # THIS IS ONLY FOR DEVELOPMENT! (support non-https)
	OAUTH2_PROXY_WHITELIST_DOMAINS: "10.0.88.2"
	OAUTH2_PROXY_REDIRECT_URL: "http://10.0.88.2:8080/oauth2/callback"
	restart: unless-stopped
	nginx:
	image: nginx:1.15
	command:
	- /bin/sh
	- -exc
	- \|
	cat > /etc/nginx/conf.d/default.conf <<'EOF'
	map $$uri $$app_user {
	"~^(/~(?<user>[^/]+))" $$user;
	default [email protected];
	}
	map $$host$$uri $$app_socket {
	"~^([^/]+)(/~[^/]+)?(/@(?<app>[^/]+))" /run/app/$$app.socket;
	"~^(?<app>[^/]+)\.localhost/" /run/app/$$app.socket;
	default /run/app/socket;
	}
	map $$uri $$app_prefix {
	"~^(?<prefix>(/~[^/]+)?(/@[^/]+)?)" $$prefix;
	}
	map $$uri $$app_path {
	"~^(/~[^/]+)?(/@[^/]+)?(?<path>.*)" $$path;
	}

	server {
	listen 80;
	server_name .localhost;
	location / {
	if ($$app_path = "") {
	return 302 $$scheme://$$http_host$$uri/;
	}
	auth_request /oauth2/auth;
	auth_request_set $$app_user $$upstream_http_x_auth_request_email;
	error_page 401 = /oauth2/sign_in?rd=$$request_uri;

	uwsgi_pass unix://$$app_socket;
	uwsgi_modifier1 30;
	include uwsgi_params;
	uwsgi_param SCRIPT_NAME $$app_prefix if_not_empty;
	uwsgi_param REMOTE_USER $$app_user if_not_empty;
	}
	location = /logout {
	return 302 $$scheme://$$http_host/oauth2/sign_out;
	}
	location /doc {
	alias /var/www/doc/html;
	absolute_redirect off;
	}
	location = /oauth2/auth {
	internal;

	proxy_set_header Host $$host;
	proxy_set_header X-Real-IP $$remote_addr;
	proxy_set_header X-Scheme $$scheme;

	proxy_set_header Content-Length "";
	proxy_pass_request_body off;

	proxy_pass http://auth:4180/oauth2/auth;
	}

	location /oauth2 {
	proxy_set_header Host $$host;
	proxy_set_header X-Real-IP $$remote_addr;
	proxy_set_header X-Scheme $$scheme;

	proxy_pass http://auth:4180/oauth2;
	}
	}
	EOF
	exec nginx -g 'daemon off;'
	ports:
	- ${HTTP_PORT}:80
	volumes:
	- type: volume
	source: apprun
	target: /run/app
	- type: volume
	source: appdocs
	target: /var/www/doc
	read_only: true
	links:
	- develop
	volumes:
	appenv:
	appdata:
	apprun:
	appdocs:
	pgdata:
	cache:
	external:
	name: rexdb-cache