# This docker-compose file can be used to bring up an example instance of oauth2-proxy
# for manual testing and exploration of features.
# Alongside OAuth2-Proxy, this file also starts Keycloak to act as the identity provider,
# HTTPBin as an example upstream.
#
# This can either be created using docker-compose
#    docker-compose -f docker-compose-keycloak.yaml <command>
# Or:
#    make keycloak-<command> (eg. make keycloak-up, make keycloak-down)
#
# Access http://oauth2-proxy.localtest.me:4180 to initiate a login cycle using user=admin@example.com, password=password
# Access http://keycloak.localtest.me:9080 with the same credentials to check out the settings
version: '3.0'
services:
  oauth2-proxy:
    container_name: oauth2-proxy
    image: quay.io/oauth2-proxy/oauth2-proxy:v7.9.0
    command: --config /oauth2-proxy.cfg
    hostname: oauth2-proxy
    volumes:
      - "./oauth2-proxy-keycloak.cfg:/oauth2-proxy.cfg"
    restart: unless-stopped
    ports:
      - 4180:4180/tcp
    networks:
      keycloak: {}
      httpbin: {}
      oauth2-proxy: {}
    depends_on:
      - httpbin
      - keycloak

  httpbin:
    container_name: httpbin
    image: kennethreitz/httpbin:latest
    hostname: httpbin
    ports:
      - 8080:80/tcp
    networks:
      httpbin:
        aliases:
          - httpbin.localtest.me

  keycloak:
    container_name: keycloak
    image: keycloak/keycloak:25.0
    hostname: keycloak
    command:
      - 'start-dev'
      - '--http-port=9080'
      - '--import-realm'
    volumes:
      - ./keycloak:/opt/keycloak/data/import
    environment:
      KC_HTTP_PORT: 9080
      KEYCLOAK_ADMIN: admin@example.com
      KEYCLOAK_ADMIN_PASSWORD: password
    ports:
      - 9080:9080/tcp
    networks:
      keycloak:
        aliases:
          - keycloak.localtest.me

networks:
  httpbin: {}
  keycloak: {}
  oauth2-proxy: {}