feat: Upgrade docker compose guide to version 2.25.0 with local https support (AzBuilder#1860)

* feat: Update docker compose to 2.25.0 using traefik with https

* feat: Update docker compose to 2.25.0 using traefik with https

* feat: Update docker compose to 2.25.0 using traefik with https [skip ci]

Author: alfespa17

.gitignore

@@ -18,6 +18,7 @@
 *.zip
 *.tar.gz
 *.rar
+*.pem
 
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*

docker-compose/.env

@@ -0,0 +1,59 @@
+##################
+#GENERAL SETTINGS#
+##################
+TK_VERSION=2.25.0
+DOMAIN=platform.local
+
+##################
+#NETWORK SETTINGS#
+##################
+EXTERNAL_NETWORK_NAME=terrakube-network
+TRAEFIK_IPV4_ADDRESS=10.25.25.253
+HOST_GATEWAY=10.25.25.253
+TRAEFIK_HTTP_PORT=80
+TRAEFIK_HTTPS_PORT=443
+DNS_IP_PUBLIC=
+
+##########
+#SECURITY#
+##########
+PAT_SECRET=ejZRSFgheUBOZXAyUURUITUzdmdINDNeUGpSWHlDM1g=
+INTERNAL_SECRET=S2JeOGNNZXJQTlpWNmhTITkha2NEKkt1VVBVQmFeQjM=
+
+#####
+#DEX#
+#####
+TK_DEX_VERSION=v2.42.0
+
+###################
+#OPEN LDAP SETTING#
+###################
+TK_LDAP_VERSION=2.6.9-debian-12-r10
+
+#######################
+#MINIO STORAGE BACKEND#
+#######################
+TK_MINIO_VERSION=2025
+TK_OUTPUT_ACCESS_KEY=minioadmin
+TK_OUTPUT_ENDPOINT=http://terrakube-minio:9000
+TK_OUTPUT_SECRET_KEY=minioadmin
+TK_OUTPUT_STORAGE_REGION=us-east-1
+TK_OUTPUT_BUCKET_NAME=sample
+TK_OUTPUT_BUCKET_REGION=us-east-1
+
+###################
+#DATABASE SETTINGS#
+###################
+TK_POSTGRESQL_VERSION=17
+TK_POSTGRESQL_USERNAME=terrakube
+TK_POSTGRESQL_PASSWORD=terrakubepassword
+TK_POSTGRESQL_DATABASE_NAME=terrakubedb
+
+################
+#REDIS SETTINGS#
+################
+TK_REDIS_CONTAINER_NAME=terrakube-redis
+TK_REDIS_PASSWORD=password123456
+TK_REDIS_VERSION=7.0.10
+
+

docker-compose/README.md

@@ -1,27 +1,61 @@
 # Terrakube Docker Compose
 
+## Local Domains
+
+We will be using following domains to run Terrakube with docker compose:
+
+```shell
+terrakube.platform.local
+terrakube-api.platform.local
+terrakube-registry.platform.local
+terrakube-dex.platform.local
+```
+
+## HTTPS Local Certificates
+
+Install [mkcert](https://github.com/FiloSottile/mkcert#installation) to generate the local certificates.
+
+## Generate local CA certificate
+
+```shell
+mkcert -install
+Created a new local CA 💥
+The local CA is now installed in the system trust store! ⚡️
+The local CA is now installed in the Firefox trust store (requires browser restart)! 🦊
+```
+
+## Create Docker Network
+
+```bash
+docker network create terrakube-network -d bridge --subnet 10.25.25.0/24 --gateway 10.25.25.254
+```
+
+We will be using `10.25.25.253` for our the traefik gateway
+
 ## Local DNS entries
 
 Update the /etc/hosts file adding the following entries:
 
 ```bash
-127.0.0.1 terrakube-api
-127.0.0.1 terrakube-ui
-127.0.0.1 terrakube-executor
-127.0.0.1 terrakube-dex
-127.0.0.1 terrakube-registry
+10.25.25.253 terrakube.platform.local
+10.25.25.253 terrakube-api.platform.local
+10.25.25.253 terrakube-registry.platform.local
+10.25.25.253 terrakube-dex.platform.local
 ```
 
-## Running Terrakube Locally.
+## Running Terrakube Locally with HTTPS
 
 ```bash
 git clone https://github.com/AzBuilder/terrakube.git
 cd terrakube/docker-compose
-docker-compose up -d
+mkcert -key-file key.pem -cert-file cert.pem platform.local *.platform.local
+CAROOT=$(mkcert -CAROOT)/rootCA.pem
+cp $CAROOT rootCA.pem
+docker compose up -d --force-recreate
 ```
 
 Terrakube will be available in the following URL:
 
-* http://terrakube-ui:3000
+* https://terrakube.platform.local
   * Username: admin@example.com
   * Password: admin 

docker-compose/api.env

@@ -1,74 +1,77 @@
-issuer: http://terrakube-dex:5556/dex
+issuer: https://terrakube-dex.platform.local/dex
 
 storage:
   type: memory
 web:
   http: 0.0.0.0:5556
-  allowedOrigins: ['*']
+  allowedOrigins: ["*"]
 
 oauth2:
-  responseTypes: ["code", "token", "id_token"] 
+  responseTypes: ["code", "token", "id_token"]
 
 connectors:
-- type: ldap
-  name: OpenLDAP
-  id: ldap
-  config:
-    # The following configurations seem to work with OpenLDAP:
-    #
-    # 1) Plain LDAP, without TLS:
-    host: ldap-service:1389
-    insecureNoSSL: true
-    #
-    # 2) LDAPS without certificate validation:
-    #host: localhost:636
-    #insecureNoSSL: false
-    #insecureSkipVerify: true
-    #
-    # 3) LDAPS with certificate validation:
-    #host: YOUR-HOSTNAME:636
-    #insecureNoSSL: false
-    #insecureSkipVerify: false
-    #rootCAData: 'CERT'
-    # ...where CERT="$( base64 -w 0 your-cert.crt )"
+  - type: ldap
+    name: OpenLDAP
+    id: ldap
+    config:
+      # The following configurations seem to work with OpenLDAP:
+      #
+      # 1) Plain LDAP, without TLS:
+      host: terrakube-ldap-service:1389
+      insecureNoSSL: true
+      insecureSkipVerify: true
+      #
+      # 2) LDAPS without certificate validation:
+      #host: localhost:636
+      #insecureNoSSL: false
+      #insecureSkipVerify: true
+      #
+      # 3) LDAPS with certificate validation:
+      #host: YOUR-HOSTNAME:636
+      #insecureNoSSL: false
+      #insecureSkipVerify: false
+      #rootCAData: 'CERT'
+      # ...where CERT="$( base64 -w 0 your-cert.crt )"
 
-    # This would normally be a read-only user.
-    bindDN: cn=admin,dc=example,dc=org
-    bindPW: admin
+      # This would normally be a read-only user.
+      bindDN: cn=admin,dc=example,dc=org
+      bindPW: admin
 
-    usernamePrompt: Email Address
+      usernamePrompt: Email Address
 
-    userSearch:
-      baseDN: ou=users,dc=example,dc=org
-      filter: "(objectClass=person)"
-      username: mail
-      # "DN" (case sensitive) is a special attribute name. It indicates that
-      # this value should be taken from the entity's DN not an attribute on
-      # the entity.
-      idAttr: DN
-      emailAttr: mail
-      nameAttr: cn
+      userSearch:
+        baseDN: ou=users,dc=example,dc=org
+        filter: "(objectClass=person)"
+        username: mail
+        # "DN" (case sensitive) is a special attribute name. It indicates that
+        # this value should be taken from the entity's DN not an attribute on
+        # the entity.
+        idAttr: DN
+        emailAttr: mail
+        nameAttr: cn
 
-    groupSearch:
-      baseDN: ou=Groups,dc=example,dc=org
-      filter: "(objectClass=groupOfNames)"
+      groupSearch:
+        baseDN: ou=Groups,dc=example,dc=org
+        filter: "(objectClass=groupOfNames)"
 
-      userMatchers:
-        # A user is a member of a group when their DN matches
-        # the value of a "member" attribute on the group entity.
-      - userAttr: DN
-        groupAttr: member
+        userMatchers:
+          # A user is a member of a group when their DN matches
+          # the value of a "member" attribute on the group entity.
+          - userAttr: DN
+            groupAttr: member
 
-      # The group name should be the "cn" value.
-      nameAttr: cn
+        # The group name should be the "cn" value.
+        nameAttr: cn
 
 staticClients:
-- id: example-app
-  redirectURIs:
-  - 'http://terrakube-ui:3000'
-  - '/device/callback'
-  - 'http://localhost:10000/login'
-  - 'http://localhost:10001/login'
-  name: 'Example App'
-  #secret: ZXhhbXBsZS1hcHAtc2VjcmV0
-  public: true
+  - id: terrakube-app
+    redirectURIs:
+      - "https://terrakube.platform.local"
+      - "https://terrakube-api.platform.local"
+      - "https://terrakube-dex.platform.local"
+      - "/device/callback"
+      - "http://localhost:10000/login"
+      - "http://localhost:10001/login"
+    name: "Example App"
+    #secret: ZXhhbXBsZS1hcHAtc2VjcmV0
+    public: true