Skip to content

Commit

Permalink
Update docker-compose.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
@3goats
3goats authored Mar 15, 2024
1 parent 8af1659 commit 59e8d82
Showing 1 changed file with 85 additions and 13 deletions.
98 changes: 85 additions & 13 deletions docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,32 +6,104 @@ services:
- ./config:/config
profiles:
- control-plane
jwt-this:
jwt-this.example:
#jwt-this:
image: "tr1ck3r/jwt-this:latest"
ports:
- "8001:8000"
command: --config-name "Basic Demo" --policy-names "Basic Demo"
profiles:
- demo
firefly:
#depends_on:
# elevate:
# condition: service_completed_successfully
image: "public.ecr.aws/venafi-images/firefly"
- firefly
- jwtthis
networks:
- firefly


firefly.venafi.example:
depends_on:
jwt-this.example:
condition: service_started
image: "registry.venafi.cloud/public/venafi-images/firefly:latest"
privileged: true
#user: root
ports:
#- "8082:8082"
#- "8123:8123"
- "8289:8281"
command: run -c /etc/firefly/config.yaml
#volumes:
# - /home/ubuntu/development/firefly-playground/config/config.yaml:/etc/firefly/config.yaml
# - /home/ubuntu/development/firefly-playground/config:/etc/firefly:ro
#- /home/ubuntu/development/firefly-playground/socket:/opt/firefly
# - type: volume
# source: /home/ubuntu/development/firefly-playground/config
# target: /etc/firefly:rw
volumes:
- ./config/config.yaml:/etc/firefly/config.yaml
- ./config:/etc/firefly:ro
- ./socket:/opt/firefly:rw
#- ${PWD}/config/config.yaml:/etc/firefly/config.yaml
#- /home/ubuntu/development/firefly-playground/config/config.yaml:/etc/firefly/config.yaml
#- ${PWD}/config:/etc/firefly:ro
#- /home/ubuntu/development/firefly-playground/config:/etc/firefly:ro
#- /home/ubuntu/development/firefly-playground/socket:/opt/firefly
- /home/ubuntu/development/firefly-playground/config:/etc/firefly:rw
#- ${PWD}/config:/etc/firefly:rw
#- type: volume
# source: /home/ubuntu/development/firefly-playground/socket/
# target: /opt/firefly/grpc.sock
cap_add:
- IPC_LOCK
environment:
- ACCEPT_TERMS=Y
links:
- "jwt-this:jwt-this.example"
#links:
# - "jwt-this:jwt-this.example"/Users/carl.bourne/development/vcert/built/vcert86
profiles:
- firefly
networks:
- firefly

vcert:
#depends_on:
# firefly.venafi.example:
# condition: service_started
#jwt-this:
image: "3goats/vcert:latest"
#command: token=$(./get-jwt) && ./vcert enroll --platform firefly -u https://firefly.venafi.example:8289 -t ${TOKEN} --no-prompt --insecure --cn www.5goats.cafe --san-dns www.5goats.cafe -z "Basic Demo" --key-file /tmp/privkey.pem --cert-file /tmp/fullchain.pem
command:
- /bin/sh
- -c
- |
token=$(./get-jwt)
./vcert enroll --platform firefly -u https://firefly.venafi.example:8289 -t $$token --no-prompt --insecure --cn www.5goats.cafe --san-dns www.5goats.cafe -z "Basic Demo" --key-file /tmp/privkey.pem --cert-file /tmp/fullchain.pem
profiles:
- carl
volumes:
- ${PWD}/nginx-conf:/tmp
network_mode: host


nginx:
image: nginx:latest
profiles:
- demo
- nginx
ports:
- "443:443"
# Creates a temporary file system for VCert to write the private key and certificate to
tmpfs: /certs
volumes:
# Adds an HTML demo page
- ${PWD}/nginx-conf/html:/usr/share/nginx/html:ro
# Adds a tools directory that makes Venafi VCert avaialbile to the stabdard NGINX container
- ${PWD}/tools:/tmp:ro
# Adds a shell script that calls VCert to get certificate from Firefly during the NGINX initialization
- ${PWD}/nginx-conf/entrypoint/getcert.sh:/docker-entrypoint.d/getcert.sh
# Adds a default NGINX configuration that tells NGINX to use the private key and certificate located in the /certs directory
- ${PWD}/nginx-conf/default.conf:/etc/nginx/conf.d/default.conf
- ${PWD}/nginx-conf/nginx.conf:/etc/nginx/nginx.conf
#- ${PWD}/nginx-conf/logging.js:/etc/nginx/conf.d/logging.js
networks:
- firefly
environment:
- token=${VTOKEN}
- vcert=/tmp/vcert_arm
networks:
firefly:
external: true

0 comments on commit 59e8d82

Please sign in to comment.