docker/compose.dev.yml
version: '3'
services:
traefik:
image: traefik:v2.10
restart: unless-stopped
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--entryPoints.web.address=:80"
- "--entrypoints.web.forwardedHeaders.insecure=true"
- "--entrypoints.web.proxyProtocol.insecure=true"
ports:
- "80:80"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- frontend
- users
client:
build:
context: ${DTAAS_DIR}/
dockerfile: ${DTAAS_DIR}/docker/client.dockerfile
restart: unless-stopped
volumes:
- "${DTAAS_DIR}/client/config/local.js:/dtaas/client/build/env.js"
labels:
- "traefik.enable=true"
- "traefik.http.routers.client.entryPoints=web"
- "traefik.http.services.client.loadbalancer.server.port=4000"
- "traefik.http.routers.client.middlewares=traefik-forward-auth"
- "traefik.http.routers.client.rule=PathPrefix(`/`)"
networks:
- frontend
libms:
build:
context: ${DTAAS_DIR}/
dockerfile: ${DTAAS_DIR}/docker/libms.dockerfile
restart: unless-stopped
volumes:
- ${DTAAS_DIR}/files:/dtaas/libms/files
labels:
- "traefik.enable=true"
- "traefik.http.routers.libms.entryPoints=web"
- "traefik.http.services.libms.loadbalancer.server.port=4001"
- "traefik.http.routers.libms.rule= PathPrefix(`/lib`)"
- "traefik.http.routers.libms.middlewares=traefik-forward-auth"
networks:
- frontend
user1:
image: mltooling/ml-workspace-minimal:0.13.2
restart: unless-stopped
volumes:
- ${DTAAS_DIR}/files/common:/workspace/common
- ${DTAAS_DIR}/files/${username1}:/workspace
environment:
- AUTHENTICATE_VIA_JUPYTER=
- WORKSPACE_BASE_URL=${username1}
shm_size: 512m
labels:
- "traefik.enable=true"
- "traefik.http.routers.u1.entryPoints=web"
- "traefik.http.routers.u1.rule=PathPrefix(`/${username1}`) "
- "traefik.http.routers.u1.middlewares=traefik-forward-auth"
networks:
- users
user2:
image: mltooling/ml-workspace-minimal:0.13.2
restart: unless-stopped
volumes:
- ${DTAAS_DIR}/files/common:/workspace/common
- ${DTAAS_DIR}/files/${username2}:/workspace
environment:
- AUTHENTICATE_VIA_JUPYTER=
- WORKSPACE_BASE_URL=${username2}
shm_size: 512m
labels:
- "traefik.enable=true"
- "traefik.http.routers.u2.entryPoints=web"
- "traefik.http.routers.u2.rule=PathPrefix(`/${username2}`) "
- "traefik.http.routers.u2.middlewares=traefik-forward-auth"
networks:
- users
traefik-forward-auth:
image: thomseddon/traefik-forward-auth:latest
restart: unless-stopped
volumes:
- ${OAUTH_CONF_FILEPATH}:/conf
environment:
- DEFAULT_PROVIDER=generic-oauth
- PROVIDERS_GENERIC_OAUTH_AUTH_URL=${OAUTH_URL}/oauth/authorize
- PROVIDERS_GENERIC_OAUTH_TOKEN_URL=${OAUTH_URL}/oauth/token
- PROVIDERS_GENERIC_OAUTH_USER_URL=${OAUTH_URL}/api/v4/user
- PROVIDERS_GENERIC_OAUTH_CLIENT_ID=${CLIENT_ID}
- PROVIDERS_GENERIC_OAUTH_CLIENT_SECRET=${CLIENT_SECRET}
- PROVIDERS_GENERIC_OAUTH_SCOPE=read_user
- SECRET= ${OAUTH_SECRET}
# INSECURE_COOKIE is required if not using a https entrypoint
- INSECURE_COOKIE=true
- CONFIG=/conf
labels:
- "traefik.enable=true"
- "traefik.http.routers.redirect.entryPoints=web"
- "traefik.http.routers.redirect.rule=PathPrefix(`/_oauth`)"
- "traefik.http.routers.redirect.middlewares=traefik-forward-auth"
- "traefik.http.middlewares.traefik-forward-auth.forwardauth.address=http://traefik-forward-auth:4181"
- "traefik.http.middlewares.traefik-forward-auth.forwardauth.authResponseHeaders=X-Forwarded-User"
- "traefik.http.services.traefik-forward-auth.loadbalancer.server.port=4181"
networks:
- frontend
- users
networks:
frontend:
name: dtaas-frontend
users:
name: dtaas-users