chatgpt-example-app/docker-compose.yml at main · curityio/chatgpt-example-app · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
services:

  #
  # The API gateway that exposes backend components at domain based URLs
  #
  api-gateway:
    image: kong-api-gateway:1.0
    ports:
      - 80:3001
    volumes:
      - ./apigateway/kong.yml:/usr/local/kong/declarative/kong.yml
    environment:
      KONG_DATABASE: 'off'
      KONG_DECLARATIVE_CONFIG: '/usr/local/kong/declarative/kong.yml'
      KONG_PROXY_LISTEN: '0.0.0.0:3001'
      KONG_LOG_LEVEL: 'info'
      KONG_PLUGINS: 'bundled,phantom-token'
      KONG_NGINX_HTTP_LUA_SHARED_DICT: 'phantom-token 10m'

  #
  # The MCP server that serves the ChatGPT widget and implements the HAAPI step-up flow
  # Share widget files from the host to enable code changes without Docker redeployment
  #
  mcp-server:
    image: mcp-server:1.0
    hostname: mcp-server
    volumes:
      - ./mcp-server/widget/dist:/usr/api/widget/dist
    env_file: mcp-server/.env

  #
  # The Portfolio API that uses OAuth to secure access
  #
  portfolio-api:
    image: portfolio-api:1.0
    hostname: portfolio-api
    env_file: portfolio-api/.env

  #
  # The Curity Identity Server implements security standards and HAAPI
  #
  authorization-server:
    image: curity.azurecr.io/curity/idsvr:latest
    hostname: idsvr
    ports:
      - 6749:6749
    volumes:
      - ./idsvr/curity-config.xml:/opt/idsvr/etc/init/curity-config.xml
#      - ./idsvr/curity-base-config.xml:/opt/idsvr/etc/init/curity-base-config.xml
#      - ./idsvr/curity-scenario-config.xml:/opt/idsvr/etc/init/curity-scenario-config.xml
      - ./idsvr/plugins/access-token-authenticator/target/plugin:/opt/idsvr/usr/share/plugins/accessTokenAuthenticator
      - ./idsvr/plugins/simple-consentor/target/simple-consentor-1.0.0-SNAPSHOT.jar:/opt/idsvr/usr/share/plugins/simpleConsentor/simple-consentor-1.0.0-SNAPSHOT.jar
      - ./idsvr/pre-processing-procedures/mcp-client-registration-policy.js:/opt/idsvr/etc/init/pre-processing-procedures/mcp-client-registration-policy.js
      - ./idsvr/token-procedures/set-access-token-audience.js:/opt/idsvr/etc/init/token-procedures/oauth-token-authorization-code/set-access-token-audience.js
      - ./idsvr/token-procedures/mcp-token-exchange.js:/opt/idsvr/etc/init/token-procedures/oauth-token-oauth-token-exchange/mcp-token-exchange.js
      - ./idsvr/token-procedures/issue-jwt.js:/opt/idsvr/etc/init/token-procedures/oauth-token-client-credentials/issue-jwt.js
    environment:
      ADMIN: 'true'
      LICENSE_KEY: "${LICENSE_KEY}"
      LOGGING_LEVEL: 'INFO'

  #
  # A database with pre-shipped user accounts, which stores dynamically registered clients
  #
  authorization-server-data:
    image: postgres:latest
    hostname: dbserver
    volumes:
      - ./idsvr/data-backup.sql:/docker-entrypoint-initdb.d/data-backup.sql
    environment:
      POSTGRES_USER: 'postgres'
      POSTGRES_PASSWORD: 'Password1'
      POSTGRES_DB: 'idsvr'

  #
  # An email server with a test email inbox for the initial login
  #
  mail-server:
    image: maildev/maildev:latest
    hostname: smtpserver
    ports:
      - 1080:1080
    environment:
      MAILDEV_INCOMING_USER: 'noreply@maildev'
      MAILDEV_INCOMING_PASSWORD: 'Password1'