-
Notifications
You must be signed in to change notification settings - Fork 22
/
docker-compose.yaml
113 lines (101 loc) · 2.1 KB
/
docker-compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
---
version: '2.1'
networks:
testnet:
driver: bridge
enable_ipv6: false
ipam:
driver: default
config:
- subnet: 192.168.254.0/24
gateway: 192.168.254.1
services:
builder:
image: duoauthproxy-builder
build:
context: builder/
args:
- VERSION
runtime: &runtime
image: duoauthproxy
build:
context: runtime/
args:
- BUILD_DATE
- VCS_REF
- VERSION
- CI_BUILD_URL=${CIRCLE_BUILD_URL}
read_only: true
cap_drop:
- all
cap_add:
- setgid
- setuid
pids_limit: 20
cpu_shares: 512
mem_limit: 100M
shm_size: 16M
config_allow:
image: config_allow
build:
context: fixtures/allow
dockerfile: Dockerfile
config_deny:
image: config_deny
build:
context: fixtures/deny
dockerfile: Dockerfile
authproxy_allow:
<<: *runtime
volumes_from:
- config_allow:ro
networks:
testnet:
ipv4_address: 192.168.254.253
authproxy_deny:
<<: *runtime
volumes_from:
- config_deny:ro
networks:
testnet:
ipv4_address: 192.168.254.252
radiusd:
image: jumanjiman/radiusd:${RADIUS_TAG}
command: -f -l stdout
networks:
testnet:
ipv4_address: 192.168.254.254
ports:
- 1812:1812/udp
tty: true
read_only: true
cap_drop:
- all
pids_limit: 10
cpu_shares: 512
mem_limit: 100M
shm_size: 16M
radclient: &radclient
image: jumanjiman/radclient:${RADIUS_TAG}
networks:
testnet:
stdin_open: true
tty: true
read_only: true
cap_drop:
- all
pids_limit: 10
cpu_shares: 512
mem_limit: 32M
shm_size: 16M
status:
<<: *radclient
command: -f /root/status_message 192.168.254.254:1812 status testing123
auth_accept:
<<: *radclient
# Connect to service "authproxy_allow".
command: -f /root/test.conf 192.168.254.253:1812 auth foo
auth_reject:
<<: *radclient
# Connect to service "authproxy_deny".
command: -f /root/test.conf 192.168.254.252:1812 auth foo