security/docker-compose.yml

version: '3.4'
services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - '/var/run/docker.sock:/tmp/docker.sock:ro'
      - './shared/nginx/vhost.d:/etc/nginx/vhost.d'
      - './shared/nginx/certs:/etc/nginx/certs:ro'
    networks:
      proxy: null
      identityserverui:
        aliases:
          - sts.skoruba.local
          - admin.skoruba.local
          - admin-api.skoruba.local
    restart: always
  litecharmssecurity.admin:
    image: '${DOCKER_REGISTRY-}skoruba-duende-identityserver-admin'
    build:
      context: .
      dockerfile: src/LiteCharmsSecurity.Admin/Dockerfile
    container_name: skoruba-duende-identityserver-admin
    environment:
      - VIRTUAL_PORT=8080
      - VIRTUAL_HOST=admin.skoruba.local
      - 'ConnectionStrings__DataProtectionDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true;TrustServerCertificate=True'
      - 'AdminConfiguration__AuthenticationConfiguration__Authority=https://sts.skoruba.local'
      - 'AdminConfiguration__ApiConfiguration__ApiRemoteConfiguration__RemoteUrl=https://admin-api.skoruba.local'
      - 'AdminConfiguration__BasicConfiguration__Title=Lite Charms Security'
      - 'AdminConfiguration__BasicConfiguration__BasePath=/'
      - ForwardedHeadersConfiguration__Enabled=true
      - ForwardedHeadersConfiguration__AllowAll=true
      - ForwardedHeadersConfiguration__ForwardLimit=1
      - DockerConfiguration__UpdateCaCertificate=true
      - ASPNETCORE_ENVIRONMENT=Development
    depends_on:
      - db
      - litecharmssecurity.sts.identity
    volumes:
      - './shared/serilog.json:/app/serilog.json'
      - './shared/nginx/certs/cacerts.crt:/usr/local/share/ca-certificates/cacerts.crt'
    networks:
      identityserverui: null
  litecharmssecurity.admin.api:
    image: '${DOCKER_REGISTRY-}skoruba-duende-identityserver-admin-api'
    build:
      context: .
      dockerfile: src/LiteCharmsSecurity.Admin.Api/Dockerfile
    container_name: skoruba-duende-identityserver-admin-api
    environment:
      - VIRTUAL_PORT=8080
      - VIRTUAL_HOST=admin-api.skoruba.local
      - AdminApiConfiguration__RequireHttpsMetadata=false
      - 'AdminApiConfiguration__ApplicationName=Lite Charms Security UI'
      - 'AdminApiConfiguration__ApiBaseUrl=https://admin-api.skoruba.local'
      - 'AdminApiConfiguration__IdentityServerBaseUrl=https://sts.skoruba.local'
      - 'ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true;TrustServerCertificate=True'
      - 'ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true;TrustServerCertificate=True'
      - 'ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true;TrustServerCertificate=True'
      - 'ConnectionStrings__AdminLogDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true;TrustServerCertificate=True'
      - 'ConnectionStrings__AdminAuditLogDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true;TrustServerCertificate=True'
      - 'ConnectionStrings__AdminConfigurationDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true;TrustServerCertificate=True'
      - 'ConnectionStrings__DataProtectionDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true;TrustServerCertificate=True'
      - 'IdentityServerData__Clients__0__ClientUri=https://admin.skoruba.local'
      - 'IdentityServerData__Clients__0__RedirectUris__0=https://admin.skoruba.local/signin-oidc'
      - 'IdentityServerData__Clients__0__FrontChannelLogoutUri=https://admin.skoruba.local/signin-oidc'
      - 'IdentityServerData__Clients__0__PostLogoutRedirectUris__0=https://admin.skoruba.local/signout-callback-oidc'
      - 'IdentityServerData__Clients__0__AllowedCorsOrigins__0=https://admin.skoruba.local'
      - 'IdentityServerData__Clients__1__RedirectUris__0=https://admin-api.skoruba.local/swagger/oauth2-redirect.html'
      - 'SeedConfiguration__ApplySeed=true'
      - 'DatabaseMigrationsConfiguration__ApplyDatabaseMigrations=true'
      - ForwardedHeadersConfiguration__Enabled=true
      - ForwardedHeadersConfiguration__AllowAll=true
      - ForwardedHeadersConfiguration__ForwardLimit=1
      - DockerConfiguration__UpdateCaCertificate=true
      - ASPNETCORE_ENVIRONMENT=Development
    volumes:
      - './shared/serilog.json:/app/serilog.json'
      - './shared/identitydata.json:/app/identitydata.json'
      - './shared/identityserverdata.json:/app/identityserverdata.json'
      - './shared/nginx/certs/cacerts.crt:/usr/local/share/ca-certificates/cacerts.crt'
    networks:
      identityserverui: null
  litecharmssecurity.sts.identity:
    image: '${DOCKER_REGISTRY-}skoruba-duende-identityserver-sts-identity'
    build:
      context: .
      dockerfile: src/LiteCharmsSecurity.STS.Identity/Dockerfile
    container_name: skoruba-duende-identityserver-sts-identity
    environment:
      - VIRTUAL_PORT=8080
      - VIRTUAL_HOST=sts.skoruba.local
      - 'ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true;TrustServerCertificate=True'
      - 'ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true;TrustServerCertificate=True'
      - 'ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true;TrustServerCertificate=True'
      - 'ConnectionStrings__DataProtectionDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true;TrustServerCertificate=True'
      - 'AdminConfiguration__IdentityAdminBaseUrl=https://admin.skoruba.local'
      - 'IdentityServerOptions__IssuerUri=https://sts.skoruba.local'
      - IdentityServerOptions__KeyManagement__Enabled=true
      - IdentityServerOptions__Events__RaiseErrorEvents=true
      - IdentityServerOptions__Events__RaiseInformationEvents=true
      - IdentityServerOptions__Events__RaiseFailureEvents=true
      - IdentityServerOptions__Events__RaiseSuccessEvents=true
      - ServerSideSessionsConfiguration__Enabled=true
      - ForwardedHeadersConfiguration__Enabled=true
      - ForwardedHeadersConfiguration__AllowAll=true
      - ForwardedHeadersConfiguration__ForwardLimit=1
      - DockerConfiguration__UpdateCaCertificate=true
      - ASPNETCORE_ENVIRONMENT=Development
    depends_on:
      - db
    volumes:
      - './shared/serilog.json:/app/serilog.json'
      - './shared/nginx/certs/cacerts.crt:/usr/local/share/ca-certificates/cacerts.crt'
    networks:
      identityserverui:
        aliases:
          - sts.skoruba.local
  db:
    image: 'mcr.microsoft.com/mssql/server:2017-CU20-ubuntu-16.04'
    ports:
      - '7900:1433'
    container_name: skoruba-duende-identityserver-db
    environment:
      SA_PASSWORD: '${DB_PASSWORD:-Password_123}'
      ACCEPT_EULA: 'Y'
    volumes:
      - 'dbdata:/var/opt/mssql'
    networks:
      identityserverui: null
volumes:
  dbdata:
    driver: local
networks:
  proxy:
    driver: bridge
  identityserverui:
    driver: bridge