-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdocker-compose.yml
95 lines (87 loc) · 2.08 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
version: '3.4'
x-domains_env:
SERVER_DOMAIN: &serverdomain ${SERVER_DOMAIN:-localmaeher.dev.pvarki.fi}
MTLS_DOMAIN: &mtlsdomein "mtls.${SERVER_DOMAIN:-localmaeher.dev.pvarki.fi}"
API_HTTPS_PORT: &apiport ${NGINX_HTTPS_PORT:-4439}
x-cfssl_env: &cfssl_env
INT_SHARED_CERT_FOLDER: /ca_public
CFSSL_BIND_ADDRESS: ${CFSSL_BIND_ADDRESS:-0.0.0.0}
CFSSL_BIND_PORT: &cfsslport ${CFSSL_BIND_PORT:-8888}
CFSSL_OCSP_BIND_PORT: &oscpport ${CFSSL_OCSP_BIND_PORT:-8889}
CFSSL_CA_NAME: ${CFSSL_CA_NAME:-testca}
OCSP_HOST: *serverdomain
OCSP_PORT: *apiport
CFSSL_PERSISTENT_FOLDER: /data/persistent
services:
cfssl:
image: pvarki/cfssl:api-latest
build:
context: .
dockerfile: Dockerfile
target: api
networks:
- canet
environment:
<<: *cfssl_env
volumes:
- cfssl_data:/data/persistent
- ca_public:/ca_public
healthcheck:
test: 'cfssl info -remote http://127.0.0.1:8888 || exit 1'
interval: 5s
timeout: 5s
retries: 5
start_period: 5s
restart: unless-stopped
ocsp:
image: pvarki/cfssl:ocsp-latest
build:
context: .
dockerfile: Dockerfile
target: ocsp
networks:
- ocspnet
environment:
<<: *cfssl_env
volumes:
- cfssl_data:/data/persistent
- ca_public:/ca_public
healthcheck:
test: 'true' # FIXME
interval: 5s
timeout: 5s
retries: 3
start_period: 5s
depends_on:
cfssl:
condition: service_healthy
restart: unless-stopped
ocsprest:
image: pvarki/cfssl:ocsprest-latest
build:
context: .
dockerfile: Dockerfile
target: ocsprest
networks:
- ocspnet
environment:
<<: *cfssl_env
volumes:
- cfssl_data:/data/persistent
- ca_public:/ca_public
healthcheck:
test: 'ocsprest healthcheck || exit 1'
interval: 10s
timeout: 10s
retries: 3
start_period: 15s
depends_on:
cfssl:
condition: service_healthy
restart: unless-stopped
networks:
canet:
ocspnet:
volumes:
cfssl_data:
ca_public: