docker-compose.yml

version: '3.7'

services:
  web:
    build:
      context: .
      dockerfile: Dockerfile-env
    ports:
      - 5000:5000
    env_file:
      - ./.env
    hostname: web
    privileged: true
    volumes:
      - ".:/usr/src/app/"
      - "./saml:/usr/src/app/turnpike/saml"
      - "./dev-backends.yml:/etc/turnpike/backends.yml"
      - "./dev-config.py:/etc/turnpike/dev-config.py"
    networks:
      mynet:
        aliases:
          - web.svc.cluster.local
    environment:
      TURNPIKE_CONFIG: /etc/turnpike/dev-config.py
  nginx:
    build:
      context: ./nginx
      dockerfile: Dockerfile
    ports:
      - 443:8443
    depends_on:
      - web
    hostname: nginx
    volumes:
      - "./dev-backends.yml:/etc/turnpike/backends.yml"
      - "./nginx/certs:/etc/nginx/certs"
    networks:
      mynet:
        aliases:
          - nginx.svc.cluster.local
    environment:
      NGINX_LISTEN: 8443 ssl
      NGINX_SERVER_NAME: ${SERVER_NAME}
      FLASK_SERVICE_URL: http://web.svc.cluster.local:5000
      FLASK_SERVER_NAME: ${SERVER_NAME}
      NGINX_SSL_CONFIG: |
       ssl_certificate certs/cert.pem;
       ssl_certificate_key certs/key.pem;
       ssl_verify_client optional;
       ssl_verify_depth 3;
       ssl_client_certificate certs/ca.pem;
       if (${_dollarhack:-$}ssl_client_verify = "SUCCESS") {
           set ${_dollarhack:-$}http_x_rh_certauth_subject /${_dollarhack:-$}ssl_client_s_dn;
           set ${_dollarhack:-$}http_x_rh_certauth_issuer /${_dollarhack:-$}ssl_client_i_dn;
       }
  redis:
    image: redis:6
    hostname: redis
    networks:
      mynet:
        aliases:
          - redis.svc.cluster.local
  echo-server:
    image: jmalloc/echo-server:latest
    hostname: echo-server
    ports:
      - 8080:8080
    networks:
      mynet:
        aliases:
          - echo-server.svc.cluster.local
    environment:
      PORT: 8080
networks:
  mynet: