keycloak-collective-portal/compose.yml

---
version: "3.8"

services:
  app:
    image: "decentral1se/keycloak-collective-portal:latest"
    environment:
      - APP_SECRET_KEY_FILE=/run/secrets/app_secret_key
      - APP_THEME
      - INVITE_TIME_LIMIT
      - KEYCLOAK_CLIENT_ID
      - KEYCLOAK_CLIENT_SECRET_FILE=/run/secrets/keycloak_client_secret
      - KEYCLOAK_DOMAIN
      - KEYCLOAK_REALM
      - REDIS_DB=0
      - REDIS_HOST=cache
      - REDIS_PORT=6379
    secrets:
      - app_secret_key
      - keycloak_client_secret
    networks:
      - proxy
      - internal
    configs:
      - source: entrypoint_sh
        target: /usr/local/bin/entrypoint.sh
        mode: 0555
    entrypoint: /usr/local/bin/entrypoint.sh
    healthcheck:
      test: curl --fail 0.0.0.0:8000/healthz || exit 1
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      labels:
        - "traefik.enable=true"
        - "traefik.http.services.kcp.loadbalancer.server.port=8000"
        - "traefik.http.routers.kcp.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.kcp.entrypoints=web-secure"
        - "traefik.http.routers.kcp.tls.certresolver=production"
    command: |
      uvicorn
      --host 0.0.0.0
      --forwarded-allow-ips="*"
      --proxy-headers
      keycloak_collective_portal.main:app

  cache:
    image: redis:6.2-alpine
    networks:
      - internal
    healthcheck:
      test: redis-cli ping
    volumes:
      - redis:/data

networks:
  proxy:
    external: true
  internal:
configs:
  entrypoint_sh:
    name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
    file: entrypoint.sh.tmpl
    template_driver: golang

secrets:
  app_secret_key:
    external: true
    name: ${STACK_NAME}_app_secret_key_${SECRET_APP_SECRET_KEY}
  keycloak_client_secret:
    external: true
    name: ${STACK_NAME}_keycloak_client_secret_${SECRET_KEYCLOAK_CLIENT_SECRET}

volumes:
  redis:
Initial commit 2021-06-11 11:36:21 +00:00			`---`
			`version: "3.8"`

			`services:`
			`app:`
Init this thing too 2021-06-11 11:40:49 +00:00			`image: "decentral1se/keycloak-collective-portal:latest"`
Add env and secrets 2021-06-11 14:03:03 +00:00			`environment:`
Fix that 2021-06-11 16:36:49 +00:00			`- APP_SECRET_KEY_FILE=/run/secrets/app_secret_key`
Use redis, env vars and healthcheck 2021-06-13 10:20:32 +00:00			`- APP_THEME`
			`- INVITE_TIME_LIMIT`
Add env and secrets 2021-06-11 14:03:03 +00:00			`- KEYCLOAK_CLIENT_ID`
Fix secret path 2021-06-11 14:15:39 +00:00			`- KEYCLOAK_CLIENT_SECRET_FILE=/run/secrets/keycloak_client_secret`
Add env and secrets 2021-06-11 14:03:03 +00:00			`- KEYCLOAK_DOMAIN`
Add missing env var 2021-06-11 14:54:03 +00:00			`- KEYCLOAK_REALM`
Use redis, env vars and healthcheck 2021-06-13 10:20:32 +00:00			`- REDIS_DB=0`
			`- REDIS_HOST=cache`
			`- REDIS_PORT=6379`
Add env and secrets 2021-06-11 14:03:03 +00:00			`secrets:`
			`- app_secret_key`
			`- keycloak_client_secret`
Initial commit 2021-06-11 11:36:21 +00:00			`networks:`
Drop nginx 2021-06-13 10:09:05 +00:00			`- proxy`
Use redis, env vars and healthcheck 2021-06-13 10:20:32 +00:00			`- internal`
Init this thing too 2021-06-11 11:40:49 +00:00			`configs:`
			`- source: entrypoint_sh`
			`target: /usr/local/bin/entrypoint.sh`
			`mode: 0555`
			`entrypoint: /usr/local/bin/entrypoint.sh`
Use redis, env vars and healthcheck 2021-06-13 10:20:32 +00:00			`healthcheck:`
			`test: curl --fail 0.0.0.0:8000/healthz \|\| exit 1`
Drop nginx 2021-06-13 10:09:05 +00:00			`deploy:`
			`update_config:`
			`failure_action: rollback`
Use redis, env vars and healthcheck 2021-06-13 10:20:32 +00:00			`order: start-first`
Drop nginx 2021-06-13 10:09:05 +00:00			`labels:`
			`- "traefik.enable=true"`
			`- "traefik.http.services.kcp.loadbalancer.server.port=8000"`
			- "traefik.http.routers.kcp.rule=Host(`${DOMAIN}`)"
			`- "traefik.http.routers.kcp.entrypoints=web-secure"`
			`- "traefik.http.routers.kcp.tls.certresolver=production"`
OK, back to multiple lines 2021-06-11 16:55:01 +00:00			`command: \|`
			`uvicorn`
			`--host 0.0.0.0`
Try that (bash paranoia) 2021-06-11 17:16:52 +00:00			`--forwarded-allow-ips="*"`
Break that out too 2021-06-11 17:05:20 +00:00			`--proxy-headers`
Use redis, env vars and healthcheck 2021-06-13 10:20:32 +00:00			`keycloak_collective_portal.main:app`

			`cache:`
			`image: redis:6.2-alpine`
			`networks:`
			`- internal`
			`healthcheck:`
			`test: redis-cli ping`
			`volumes:`
			`- redis:/data`
Initial commit 2021-06-11 11:36:21 +00:00
			`networks:`
			`proxy:`
			`external: true`
Use redis, env vars and healthcheck 2021-06-13 10:20:32 +00:00			`internal:`
Init this thing too 2021-06-11 11:40:49 +00:00			`configs:`
			`entrypoint_sh:`
			`name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}`
			`file: entrypoint.sh.tmpl`
			`template_driver: golang`
Add env and secrets 2021-06-11 14:03:03 +00:00
			`secrets:`
			`app_secret_key:`
			`external: true`
			`name: ${STACK_NAME}_app_secret_key_${SECRET_APP_SECRET_KEY}`
			`keycloak_client_secret:`
			`external: true`
			`name: ${STACK_NAME}_keycloak_client_secret_${SECRET_KEYCLOAK_CLIENT_SECRET}`
Use redis, env vars and healthcheck 2021-06-13 10:20:32 +00:00
			`volumes:`
			`redis:`