-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathdocker-compose-bundled-sso.yml.template
122 lines (115 loc) · 4.91 KB
/
docker-compose-bundled-sso.yml.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
services:
keycloak:
image: ${dockerUserName}/${sanitizedArtifactId}-keycloak:${dockertag}
restart: unless-stopped
environment:
KC_HOSTNAME_URL: \${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME}
PROXY_ADDRESS_FORWARDING: "true"
KC_HTTP_ENABLED: 'true'
KC_HOSTNAME_STRICT_BACKCHANNEL: "true"
KC_PROXY: reencrypt
KC_HEALTH_ENABLED: 'true'
KC_METRICS_ENABLED: 'true'
KEYCLOAK_DATABASE_VENDOR: postgresql
KEYCLOAK_DATABASE_HOST: postgresql
KEYCLOAK_DATABASE_PORT_NUMBER: 5432
KEYCLOAK_DATABASE_NAME: \${KEYCLOAK_DB}
KEYCLOAK_DATABASE_USER: \${KEYCLOAK_DB_USER}
KEYCLOAK_DATABASE_PASSWORD: \${KEYCLOAK_DB_PASSWORD}
KEYCLOAK_DATABASE_SCHEMA: \${KEYCLOAK_DB_SCHEMA}
KEYCLOAK_CREATE_ADMIN_USER: "true"
KEYCLOAK_ADMIN_USER: \${KEYCLOAK_USER}
KEYCLOAK_ADMIN_PASSWORD: \${KEYCLOAK_PASSWORD}
HOST_URL: \${SERVER_SCHEME}://\${O3_HOSTNAME}
KEYCLOAK_AUTH_SERVER_URL: \${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME}
ODOO_PUBLIC_URL: \${SERVER_SCHEME}://\${ODOO_HOSTNAME}
OPENMRS_PUBLIC_URL: \${SERVER_SCHEME}://\${O3_HOSTNAME}
SENAITE_PUBLIC_URL: \${SERVER_SCHEME}://\${SENAITE_HOSTNAME}
SUPERSET_PUBLIC_URL: \${SERVER_SCHEME}://\${SUPERSET_HOSTNAME}
ODOO_CLIENT_SECRET: \${ODOO_CLIENT_SECRET}
ODOO_CLIENT_UUID: \${ODOO_CLIENT_UUID}
OPENMRS_CLIENT_SECRET: \${OPENMRS_CLIENT_SECRET}
OPENMRS_CLIENT_UUID: \${OPENMRS_CLIENT_UUID}
SENAITE_CLIENT_SECRET: \${SENAITE_CLIENT_SECRET}
SENAITE_CLIENT_UUID: \${SENAITE_CLIENT_UUID}
SUPERSET_CLIENT_SECRET: \${SUPERSET_CLIENT_SECRET}
SUPERSET_CLIENT_UUID: \${SUPERSET_CLIENT_UUID}
SUPERSET_CLIENT_ENABLED: \${SUPERSET_CLIENT_ENABLED}
KEYCLOAK_ADMIN_SA_CLIENT_SECRET: \${KEYCLOAK_ADMIN_SA_CLIENT_SECRET}
EIP_CLIENT_SECRET: \${OAUTH_CLIENT_SECRET}
KEYCLOAK_EXTRA_ARGS_PREPENDED: "--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true"
KEYCLOAK_EXTRA_ARGS: "
-Dkeycloak.profile.feature.scripts=enabled
-Dkeycloak.migration.replace-placeholders=true
-Dkeycloak.migration.action=import
-Dkeycloak.migration.provider=dir
-Dkeycloak.migration.dir=/keycloak-files/realm-config
-Dkeycloak.migration.strategy=OVERWRITE_EXISTING"
healthcheck:
test: ["CMD", "curl", "-f", "http://0.0.0.0:8080/health/ready"]
interval: 15s
timeout: 3s
retries: 5
start_period: 30s
depends_on:
postgresql:
condition: service_started
networks:
ozone:
web:
labels:
traefik.enable: "true"
traefik.http.routers.keycloak.rule: "Host(`\${KEYCLOAK_HOSTNAME}`)"
traefik.http.routers.keycloak.entrypoints: "websecure"
traefik.http.services.keycloak.loadbalancer.server.port: 8080
postgresql:
environment:
KEYCLOAK_DB: \${KEYCLOAK_DB}
KEYCLOAK_DB_SCHEMA: \${KEYCLOAK_DB_SCHEMA}
KEYCLOAK_DB_USER: \${KEYCLOAK_DB_USER}
KEYCLOAK_DB_PASSWORD: \${KEYCLOAK_DB_PASSWORD}
# Odoo
odoo:
environment:
- KEYCLOAK_URL=\${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME}
- ODOO_CLIENT_UUID=\${ODOO_CLIENT_UUID}
- ODOO_CLIENT_SECRET=\${ODOO_CLIENT_SECRET}
- ADDONS=sale_management,stock,account_account,purchase,mrp,mrp_product_expiry,product_expiry,l10n_generic_coa,odoo_initializer,ozone_settings,server_environment,auth_oidc_environment,auth_oidc
# EIP Odoo OpenMRS Integration Service
eip-odoo-openmrs:
environment:
OAUTH_ACCESS_TOKEN_URL: \${OAUTH_ACCESS_TOKEN_URL}
OAUTH_ENABLED: \${ENABLE_SSO}
OAUTH_CLIENT_ID: \${OAUTH_CLIENT_ID}
OAUTH_CLIENT_SECRET: \${OAUTH_CLIENT_SECRET}
OAUTH_CLIENT_SCOPE: \${OAUTH_CLIENT_SCOPE}
# OpenMRS Backend
openmrs:
environment:
OAUTH2_ENABLED: \${ENABLE_SSO}
KEYCLOAK_URL: \${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME}
OPENMRS_CLIENT_UUID: \${OPENMRS_CLIENT_UUID}
OPENMRS_CLIENT_SECRET: \${OPENMRS_CLIENT_SECRET}
frontend:
environment:
SPA_CONFIG_URLS: \${SPA_CONFIG_URLS},/openmrs/spa/configs/ozone-frontend-config-sso.json
ODOO_PUBLIC_URL: \${SERVER_SCHEME}://\${ODOO_HOSTNAME}
SENAITE_PUBLIC_URL: \${SERVER_SCHEME}://\${SENAITE_HOSTNAME}
SUPERSET_PUBLIC_URL: \${SERVER_SCHEME}://\${SUPERSET_HOSTNAME}
# SENAITE
senaite:
image: ${dockerUserName}/${sanitizedArtifactId}-senaite-sso:${dockertag}
environment:
OAUTH_CONFIG_FILE: /data/oidc/client.json
OAUTH_CONFIG_PATH: /data/oidc
KEYCLOAK_URL: \${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME}
SENAITE_CLIENT_UUID: \${SENAITE_CLIENT_UUID}
SENAITE_CLIENT_SECRET: \${SENAITE_CLIENT_SECRET}
# OpenMRS - SENAITE integration service
eip-openmrs-senaite:
environment:
OAUTH_ACCESS_TOKEN_URL: \${OAUTH_ACCESS_TOKEN_URL}
OAUTH_ENABLED: \${ENABLE_SSO}
OAUTH_CLIENT_ID: \${OAUTH_CLIENT_ID}
OAUTH_CLIENT_SECRET: \${OAUTH_CLIENT_SECRET}
OAUTH_CLIENT_SCOPE: \${OAUTH_CLIENT_SCOPE}