diff --git a/docker-compose.yml b/docker-compose.yml index ccba78f..a848336 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,32 +6,104 @@ services: - ./config:/config profiles: - control-plane - jwt-this: + jwt-this.example: + #jwt-this: image: "tr1ck3r/jwt-this:latest" ports: - "8001:8000" command: --config-name "Basic Demo" --policy-names "Basic Demo" profiles: - - demo - firefly: - #depends_on: - # elevate: - # condition: service_completed_successfully - image: "public.ecr.aws/venafi-images/firefly" + - firefly + - jwtthis + networks: + - firefly + + + firefly.venafi.example: + depends_on: + jwt-this.example: + condition: service_started + image: "registry.venafi.cloud/public/venafi-images/firefly:latest" + privileged: true + #user: root ports: #- "8082:8082" #- "8123:8123" - "8289:8281" command: run -c /etc/firefly/config.yaml + #volumes: + # - /home/ubuntu/development/firefly-playground/config/config.yaml:/etc/firefly/config.yaml + # - /home/ubuntu/development/firefly-playground/config:/etc/firefly:ro + #- /home/ubuntu/development/firefly-playground/socket:/opt/firefly + # - type: volume + # source: /home/ubuntu/development/firefly-playground/config + # target: /etc/firefly:rw volumes: - - ./config/config.yaml:/etc/firefly/config.yaml - - ./config:/etc/firefly:ro - - ./socket:/opt/firefly:rw + #- ${PWD}/config/config.yaml:/etc/firefly/config.yaml + #- /home/ubuntu/development/firefly-playground/config/config.yaml:/etc/firefly/config.yaml + #- ${PWD}/config:/etc/firefly:ro + #- /home/ubuntu/development/firefly-playground/config:/etc/firefly:ro + #- /home/ubuntu/development/firefly-playground/socket:/opt/firefly + - /home/ubuntu/development/firefly-playground/config:/etc/firefly:rw + #- ${PWD}/config:/etc/firefly:rw + #- type: volume + # source: /home/ubuntu/development/firefly-playground/socket/ + # target: /opt/firefly/grpc.sock cap_add: - IPC_LOCK environment: - ACCEPT_TERMS=Y - links: - - "jwt-this:jwt-this.example" + #links: + # - "jwt-this:jwt-this.example"/Users/carl.bourne/development/vcert/built/vcert86 + profiles: + - firefly + networks: + - firefly + + vcert: + #depends_on: + # firefly.venafi.example: + # condition: service_started + #jwt-this: + image: "3goats/vcert:latest" + #command: token=$(./get-jwt) && ./vcert enroll --platform firefly -u https://firefly.venafi.example:8289 -t ${TOKEN} --no-prompt --insecure --cn www.5goats.cafe --san-dns www.5goats.cafe -z "Basic Demo" --key-file /tmp/privkey.pem --cert-file /tmp/fullchain.pem + command: + - /bin/sh + - -c + - | + token=$(./get-jwt) + ./vcert enroll --platform firefly -u https://firefly.venafi.example:8289 -t $$token --no-prompt --insecure --cn www.5goats.cafe --san-dns www.5goats.cafe -z "Basic Demo" --key-file /tmp/privkey.pem --cert-file /tmp/fullchain.pem + profiles: + - carl + volumes: + - ${PWD}/nginx-conf:/tmp + network_mode: host + + + nginx: + image: nginx:latest profiles: - - demo + - nginx + ports: + - "443:443" + # Creates a temporary file system for VCert to write the private key and certificate to + tmpfs: /certs + volumes: + # Adds an HTML demo page + - ${PWD}/nginx-conf/html:/usr/share/nginx/html:ro + # Adds a tools directory that makes Venafi VCert avaialbile to the stabdard NGINX container + - ${PWD}/tools:/tmp:ro + # Adds a shell script that calls VCert to get certificate from Firefly during the NGINX initialization + - ${PWD}/nginx-conf/entrypoint/getcert.sh:/docker-entrypoint.d/getcert.sh + # Adds a default NGINX configuration that tells NGINX to use the private key and certificate located in the /certs directory + - ${PWD}/nginx-conf/default.conf:/etc/nginx/conf.d/default.conf + - ${PWD}/nginx-conf/nginx.conf:/etc/nginx/nginx.conf + #- ${PWD}/nginx-conf/logging.js:/etc/nginx/conf.d/logging.js + networks: + - firefly + environment: + - token=${VTOKEN} + - vcert=/tmp/vcert_arm +networks: + firefly: + external: true