-
Notifications
You must be signed in to change notification settings - Fork 88
/
docker-compose-haproxy-ispn-remote.yml
103 lines (97 loc) · 4.99 KB
/
docker-compose-haproxy-ispn-remote.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
services:
acme-ispn-1:
build: ./ispn
volumes:
# relative paths needs to be relative to the docker-compose cwd.
- ./ispn/conf/infinispan-keycloak.xml:/opt/infinispan/server/conf/infinispan-keycloak.xml:z
- ./ispn/conf/users.properties:/opt/infinispan/server/conf/users.properties:z
- ./ispn/ispn-server.jks:/opt/infinispan/server/conf/ispn-server.jks:z
- ./ispn/data/ispn-1:/opt/infinispan/server/mydata:z
healthcheck:
test: ["CMD-SHELL", "curl -k https://$$(ip route get 1.2.3.4 | awk '{print $$7}'):11222"]
interval: 10s
timeout: 5s
retries: 5
depends_on:
acme-keycloak-db:
condition: service_healthy
acme-ispn-2:
build: ./ispn
volumes:
# relative paths needs to be relative to the docker-compose cwd.
- ./ispn/conf/infinispan-keycloak.xml:/opt/infinispan/server/conf/infinispan-keycloak.xml:z
- ./ispn/conf/users.properties:/opt/infinispan/server/conf/users.properties:z
- ./ispn/ispn-server.jks:/opt/infinispan/server/conf/ispn-server.jks:z
- ./ispn/data/ispn-2:/opt/infinispan/server/mydata:z
healthcheck:
test: ["CMD-SHELL", "curl -k https://$$(ip route get 1.2.3.4 | awk '{print $$7}'):11222"]
interval: 10s
timeout: 5s
retries: 5
depends_on:
acme-keycloak-db:
condition: service_healthy
acme-keycloak-1:
extends:
file: ../docker-compose.yml
service: acme-keycloak
env_file:
- ./haproxy-external-ispn.env
volumes:
- ./cli/0100-onstart-setup-remote-caches.cli:/opt/jboss/startup-scripts/0100-onstart-setup-remote-caches.cli:z
- ./ispn/ispn-truststore.jks:/opt/jboss/keycloak/standalone/configuration/ispn-truststore.jks:z
# Patched wildfly infinispan extension to support connect-timeout on remote-store
# - ../../../../keycloak/patches/wildfly-clustering-infinispan-extension-patch/target/wildfly-clustering-infinispan-extension-patch.jar:/opt/jboss/keycloak/modules/system/layers/base/org/jboss/as/clustering/infinispan/main/wildfly-clustering-infinispan-extension-23.0.2.Final.jar:z
# - ./patch/wildfly-clustering-infinispan-extension-patch.jar:/opt/jboss/keycloak/modules/system/layers/base/org/jboss/as/clustering/infinispan/main/wildfly-clustering-infinispan-extension-23.0.2.Final.jar:z
- ./patch/wildfly-clustering-infinispan-extension-patch-26.0.1.jar:/opt/jboss/keycloak/modules/system/layers/base/org/jboss/as/clustering/infinispan/main/wildfly-clustering-infinispan-extension-26.0.1.Final.jar:z
# Patched cacerts without the expired certificates
- ./ispn/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:z
command: [ "--debug", "*:8787", "-Dwildfly.statistics-enabled=true", "-Djboss.site.name=site1" ]
depends_on:
acme-ispn-1:
condition: service_healthy
ports:
- "8080"
- "8443"
- "9990:9990"
- "8787:8787"
acme-keycloak-2:
extends:
file: ../docker-compose.yml
service: acme-keycloak
env_file:
- ./haproxy-external-ispn.env
volumes:
- ./cli/0100-onstart-setup-remote-caches.cli:/opt/jboss/startup-scripts/0100-onstart-setup-remote-caches.cli:z
- ./ispn/ispn-truststore.jks:/opt/jboss/keycloak/standalone/configuration/ispn-truststore.jks:z
# Patched wildfly infinispan extension to support connect-timeout on remote-store
# - ../../../../keycloak/patches/wildfly-clustering-infinispan-extension-patch/target/wildfly-clustering-infinispan-extension-patch.jar:/opt/jboss/keycloak/modules/system/layers/base/org/jboss/as/clustering/infinispan/main/wildfly-clustering-infinispan-extension-23.0.2.Final.jar:z
# - ./patch/wildfly-clustering-infinispan-extension-patch.jar:/opt/jboss/keycloak/modules/system/layers/base/org/jboss/as/clustering/infinispan/main/wildfly-clustering-infinispan-extension-23.0.2.Final.jar:z
- ./patch/wildfly-clustering-infinispan-extension-patch-26.0.1.jar:/opt/jboss/keycloak/modules/system/layers/base/org/jboss/as/clustering/infinispan/main/wildfly-clustering-infinispan-extension-26.0.1.Final.jar:z
# Patched cacerts without the expired certificates
- ./ispn/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:z
command: [ "-Dwildfly.statistics-enabled=true", "-Djboss.site.name=site1" ]
depends_on:
acme-keycloak-db:
condition: service_healthy
acme-ispn-1:
condition: service_healthy
acme-keycloak-db:
extends:
file: ../docker-compose.yml
service: acme-keycloak-db
acme-haproxy-lb:
build: ../haproxy
volumes:
# relative paths needs to be relative to the docker-compose cwd.
- ../haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:z
# - ../../../../config/stage/dev/tls/acme.test+1.pem:/etc/haproxy/haproxy.crt.pem:z
# - ../../../../config/stage/dev/tls/acme.test+1-key.pem:/etc/haproxy/haproxy.crt.pem.key:z
# - ../run/haproxy/run:/var/run:z
sysctls:
- net.ipv4.ip_unprivileged_port_start=0
ports:
- "1443:1443"
depends_on:
- acme-keycloak-1
- acme-keycloak-2