forked from cynthia-rempel/guacamole-compose
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
122 lines (120 loc) · 3.72 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
version: '3'
services:
postgres:
image: docker.io/postgres:9.6
restart: always
volumes:
- ./init/initdb.sql:/docker-entrypoint-initdb.d/initdb.sql
- ./data/guacamole:/var/lib/postgresql/data
environment:
POSTGRES_USER: guacamole_user
POSTGRES_PASSWORD: some_password
POSTGRES_DB: guacamole_db
networks:
- guac
guacd:
image: docker.io/guacamole/guacd:1.1.0
restart: always
networks:
- guac
ports:
- "4822:4822"
guacamole:
image: docker.io/guacamole/guacamole:1.1.0
restart: always
ports:
- "6443:8443"
hostname: guacamole.rfa.net
networks:
guac:
aliases:
- guacamole.rfa.net
volumes:
- ./openid/guacamole-auth-openid-1.1.0.jar:/opt/guacamole/openid/guacamole-auth-openid-1.1.0.jar
- ./init/guacamole.crt:/usr/local/tomcat/conf/guacamole.crt
- ./init/guacamole.key:/usr/local/tomcat/conf/guacamole.key
- ./init/server.xml:/usr/local/tomcat/conf/server.xml
- ./init/cacerts:/docker-java-home/jre/lib/security/cacerts
environment:
POSTGRES_HOSTNAME: postgres
POSTGRES_DATABASE: guacamole_db
POSTGRES_USER: guacamole_user
POSTGRES_PASSWORD: some_password
GUACD_PORT_4822_TCP_ADDR: guacd
GUACD_PORT_4822_TCP_PORT: 4822
GUACD_HOSTNAME: guacd
GUACAMOLE_HOSTNAME: https://guacamole:8443/guacamole/#
# https://keycloak.rfa.net:8443/auth/realms/master/.well-known/openid-configuration
# https://guacamole.apache.org/doc/gug/openid-auth.html
OPENID_AUTHORIZATION_ENDPOINT: https://keycloak.rfa.net:8443/auth/realms/master/protocol/openid-connect/auth
OPENID_JWKS_ENDPOINT: https://keycloak.rfa.net:8443/auth/realms/master/protocol/openid-connect/certs
OPENID_ISSUER: https://keycloak.rfa.net:8443/auth/realms/master
OPENID_CLIENT_ID: guacamole
OPENID_REDIRECT_URI: https://guacamole.rfa.net:8443/guacamole/#/settings/sessions
OPENID_REDIRECT_URI: https://guacamole.rfa.net:8443/guacamole
OPENID_CLAIM_TYPE: sub
# OPENID_CLAIM_TYPE: preferred_username
OPENID_SCOPE: openid profile
OPENID_ALLOWED_CLOCK_SKEW: 99999
OPENID_MAX_TOKEN_VALIDITY: 300
OPENID_MAX_NONCE_VALIDITY: 10
depends_on:
- postgres
- guacd
- keycloak
haproxy:
image: docker.io/haproxy:2.1
restart: always
ports:
- "8443:8443"
volumes:
- ./config/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
networks:
- guac
depends_on:
- guacamole
- keycloak
keycloakpostgres:
image: docker.io/postgres:9.6
restart: always
volumes:
- ./data/keycloak:/var/lib/postgresql/data
environment:
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: keycloak
POSTGRES_DB: keycloak
networks:
- guac
keycloak:
image: docker.io/jboss/keycloak:latest
restart: always
depends_on:
- keycloakpostgres
environment:
- DB_ADDR=keycloakpostgres
- DB_DATABASE=keycloak
- DB_PASSWORD=keycloak
- DB_SCHEMA=public
- DB_USER=keycloak
- DB_VENDOR=POSTGRES
- KEYCLOAK_LOGLEVEL=INFO
- KEYCLOAK_PASSWORD=admin
- KEYCLOAK_USER='admin'
hostname: keycloak.rfa.net
ports:
- "7443:8443"
tmpfs:
- /run
- /tmp
- /opt/jboss/keycloak/standalone/tmp/vfs/temp
volumes:
- ./init/application.keystore:/opt/jboss/keycloak/standalone/configuration/application.keystore
- ./init/cacerts:/usr/lib/jvm/java-11-openjdk-11.0.6.10-0.el8_1.x86_64/lib/security/cacerts
- ./config/keycloak/guacamole-client.json:/guacamole-client.json
networks:
guac:
aliases:
- keycloak.rfa.net
networks:
guac:
driver: bridge