Diagram
sftsvr01/swarm/docker-compose.yaml
version: "3.8"
services:
mariadb1:
image: mariadb:11.1.2
environment:
MYSQL_ROOT_PASSWORD: lkTR.3p2
MYSQL_DATABASE: soffid
MYSQL_USER: soffid
MYSQL_PASSWORD: 86h.FukT
healthcheck:
test: "/usr/bin/mariadb --user=root --password=lkTR.3p2 --execute \"SHOW DATABASES;\""
interval: 2s
timeout: 20s
retries: 10
deploy:
placement:
constraints:
- node.hostname==sftsvr01
command:
- mariadbd
- --server-id=11
- --log-bin
- --binlog-format=row
- --expire_logs_days=15
- --max_binlog_size=1000M
- --replicate-ignore-table=soffid.SC_SEQUENCE
- --slave-skip-errors=1032,1053,1062
- --max_allowed_packet=256M
- --innodb_log_file_size=256M
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_general_ci
networks:
- cluster
volumes:
- mariadb1_data:/var/lib/mysql
mariadb2:
image: mariadb:11.1.2
environment:
MYSQL_ROOT_PASSWORD: lkTR.3p2
MYSQL_DATABASE: soffid
MYSQL_USER: soffid
MYSQL_PASSWORD: 86h.FukT
healthcheck:
test: "/usr/bin/mariadb --user=root --password=lkTR.3p2 --execute \"SHOW DATABASES;\""
interval: 2s
timeout: 20s
retries: 10
deploy:
placement:
constraints:
- node.hostname==sftsvr02
command:
- mariadbd
- --server-id=22
- --log-bin
- --binlog-format=row
- --expire_logs_days=15
- --max_binlog_size=1000M
- --replicate-ignore-table=soffid.SC_SEQUENCE
- --slave-skip-errors=1032,1053,1062
- --max_allowed_packet=128M
- --innodb_log_file_size=256M
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_general_ci
networks:
- cluster
volumes:
- mariadb2_data:/var/lib/mysql
console:
image: soffid/iam-console:3.6.4
environment:
DB_URL: jdbc:mariadb:sequential://mariadb1,mariadb2/soffid
DB_USER: soffid
DB_PASSWORD: 86h.FukT
ports:
- 8080:8080
networks:
- cluster
configs:
- source: trustedcert_1
target: /opt/soffid/iam-console-3/trustedcerts/test
syncserver:
image: soffid/iam-sync:3.6.2
hostname: soffid.postbank.lpb.co.ls
environment:
SOFFID_PORT: 1760
SOFFID_HOSTNAME: syncserver
SOFFID_MAIN: "yes"
DB_URL: jdbc:mysql:sequential://mariadb1,mariadb2/soffid
DB_USER: soffid
DB_PASSWORD: 86h.FukT
DB_CONFIGURATION_TABLE: ss1
ports:
- 1443:1443
- 49:49
- 1760:1760
networks:
- cluster
pam-store:
image: soffid/pam-store:1.4.36
networks:
- cluster
volumes:
- store_data:/opt/soffid/tomee/data
configs:
- source: trustedcert_1
target: /opt/soffid/tomee/trustedcerts/test
deploy:
placement:
constraints:
- node.hostname==sftsvr01
pam-launcher:
image: soffid/pam-launcher:1.4.37
environment:
STORE_SERVER: http://pam-store:8080
STORE_USER: postbank1-launcher
STORE_PASSWORD: jaQ1S7jjz6CA2WmgjsXzP0WgS/qvB603eM04q0tR87x9WzbYS3zCFJcPF32pXHPt
NETWORK_ID: soffid_cluster
ports:
- 8082:8080
networks:
- cluster
volumes:
- launcher_data:/opt/soffid/tomee/launcher
- /var/run/docker.sock:/var/run/docker.sock
configs:
- source: trustedcert_1
target: /opt/soffid/tomee/trustedcerts/test
traefik:
image: "traefik:v2.10"
command:
- "--log.level=DEBUG"
- "--configFile=/data/traefik.yaml"
- "--log=true"
ports:
- target: 443
published: 443
protocol: tcp
#- "9000:9000"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik:/data"
networks:
- cluster
networks:
cluster:
attachable: true
ipam:
config:
- subnet: 10.250.0.0/16
volumes:
mariadb1_data:
name: compose-mariadbdata
external: true
mariadb2_data:
name: compose-mariadbdata
external: true
store_data:
name: compose_store_data
launcher_data:
name: compose_launcher_data
configs:
trustedcert_1:
file: ./trustedcerts/test
sftsvr01/traefik/traefik.yaml and sftsvr02/traefik/traefik.yaml
entryPoints:
web:
address: ":443"
traefik:
address: ":9000/tcp"
api:
dashboard: true
providers:
file:
directory: /data/dynamic
watch: true
sftsvr01/traefik/dynamic/console.yaml and sftsvr02/traefik/dynamic/console.yaml
http:
routers:
consola:
entryPoints:
- web
rule: "PathPrefix(`/`)"
service: consola
tls:
options:
services:
consola:
loadBalancer:
sticky:
cookie:
name: server
secure: true
httpOnly: true
servers:
- url: http://console:8080/
healthCheck:
scheme: http
path: /soffid/anonymous/logo.svg
port: 8080
sftsvr01/traefik/dynamic/certs.yaml and sftsvr02/traefik/dynamic/certs.yaml
tls:
stores:
default:
defaultCertificate:
certFile: /data/dynamic/25122be6d01ad29b.crt
keyFile: /data/dynamic/server.key
rpx-svr01/docker-compose.yaml
version: "3.8"
services:
wsso:
#image: soffid/wsso:1.2.2-2
image: soffid/wsso:1.3.0
networks:
- host
volumes:
- type: volume
source: shib
target: /etc/shibboleth
- type: volume
source: http
target: /etc/apache2
ports:
- 8080:8080
- 8443:8443
- 7003:7003
- 7004:7004
- 7103:7103
- 7104:7104
volumes:
shib:
#name: /opt/soffid/shib
http:
#name: /opt/soffid/http
networks:
host:
