Skip to main content

Diagram

Postbank.drawio(6).png

sftsvr01/swarm/docker-compose.yaml
version: "3.8"
services:
  mariadb1:
    image: mariadb:11.1.2
    environment:
      MYSQL_ROOT_PASSWORD: lkTR.3p2
      MYSQL_DATABASE: soffid
      MYSQL_USER: soffid
      MYSQL_PASSWORD: 86h.FukT
    healthcheck:
      test: "/usr/bin/mariadb --user=root --password=lkTR.3p2 --execute \"SHOW DATABASES;\""
      interval: 2s
      timeout: 20s
      retries: 10
    deploy:
      placement:
        constraints:
          - node.hostname==sftsvr01
    command:
      - mariadbd
      - --server-id=11
      - --log-bin
      - --binlog-format=row
      - --expire_logs_days=15
      - --max_binlog_size=1000M
      - --replicate-ignore-table=soffid.SC_SEQUENCE
      - --slave-skip-errors=1032,1053,1062
      - --max_allowed_packet=256M
      - --innodb_log_file_size=256M
      - --character-set-server=utf8mb4
      - --collation-server=utf8mb4_general_ci
    networks:
      - cluster
    volumes:
      - mariadb1_data:/var/lib/mysql

  mariadb2:
    image: mariadb:11.1.2
    environment:
      MYSQL_ROOT_PASSWORD: lkTR.3p2
      MYSQL_DATABASE: soffid
      MYSQL_USER: soffid
      MYSQL_PASSWORD: 86h.FukT
    healthcheck:
      test: "/usr/bin/mariadb --user=root --password=lkTR.3p2 --execute \"SHOW DATABASES;\""
      interval: 2s
      timeout: 20s
      retries: 10
    deploy:
      placement:
        constraints:
          - node.hostname==sftsvr02
    command:
      - mariadbd
      - --server-id=22
      - --log-bin
      - --binlog-format=row
      - --expire_logs_days=15
      - --max_binlog_size=1000M
      - --replicate-ignore-table=soffid.SC_SEQUENCE
      - --slave-skip-errors=1032,1053,1062
      - --max_allowed_packet=128M
      - --innodb_log_file_size=256M
      - --character-set-server=utf8mb4
      - --collation-server=utf8mb4_general_ci
    networks:
      - cluster
    volumes:
      - mariadb2_data:/var/lib/mysql
  console:
    image: soffid/iam-console:3.6.4
    environment:
      DB_URL: jdbc:mariadb:sequential://mariadb1,mariadb2/soffid
      DB_USER: soffid
      DB_PASSWORD: 86h.FukT
    ports:
      - 8080:8080
    networks:
      - cluster
    configs:
      - source: trustedcert_1
        target: /opt/soffid/iam-console-3/trustedcerts/test

  syncserver:
    image: soffid/iam-sync:3.6.2
    hostname: soffid.postbank.lpb.co.ls
    environment:
      SOFFID_PORT: 1760
      SOFFID_HOSTNAME: syncserver
      SOFFID_MAIN: "yes"
      DB_URL: jdbc:mysql:sequential://mariadb1,mariadb2/soffid
      DB_USER: soffid
      DB_PASSWORD: 86h.FukT
      DB_CONFIGURATION_TABLE: ss1
    ports:
      - 1443:1443
      - 49:49
      - 1760:1760
    networks:
      - cluster

  pam-store:
    image: soffid/pam-store:1.4.36
    networks:
      - cluster
    volumes:
      - store_data:/opt/soffid/tomee/data
    configs:
      - source: trustedcert_1
        target: /opt/soffid/tomee/trustedcerts/test
    deploy:
      placement:
        constraints:
          - node.hostname==sftsvr01

  pam-launcher:
    image: soffid/pam-launcher:1.4.37
    environment:
      STORE_SERVER: http://pam-store:8080
      STORE_USER: postbank1-launcher
      STORE_PASSWORD: jaQ1S7jjz6CA2WmgjsXzP0WgS/qvB603eM04q0tR87x9WzbYS3zCFJcPF32pXHPt
      NETWORK_ID: soffid_cluster
    ports:
      - 8082:8080
    networks:
      - cluster
    volumes:
      - launcher_data:/opt/soffid/tomee/launcher
      - /var/run/docker.sock:/var/run/docker.sock
    configs:
      - source: trustedcert_1
        target: /opt/soffid/tomee/trustedcerts/test
        
  traefik:
    image: "traefik:v2.10"
    command:
      - "--log.level=DEBUG"
      - "--configFile=/data/traefik.yaml"
      - "--log=true"
    ports:
      - target: 443
        published: 443
        protocol: tcp
     #- "9000:9000"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik:/data"
    networks:
      - cluster

networks:
  cluster:
    attachable: true
    ipam:
      config:
        - subnet: 10.250.0.0/16

volumes:
  mariadb1_data:
    name: compose-mariadbdata
    external: true
  mariadb2_data:
    name: compose-mariadbdata
    external: true
  store_data:
    name: compose_store_data
  launcher_data:
    name: compose_launcher_data

configs:
  trustedcert_1:
    file: ./trustedcerts/test

sftsvr01/traefik/traefik.yaml and sftsvr02/traefik/traefik.yaml
entryPoints:
  web:
    address: ":443"
  traefik:
    address: ":9000/tcp"
api:
  dashboard: true
providers:
  file:
    directory: /data/dynamic
    watch: true
sftsvr01/traefik/dynamic/console.yaml and sftsvr02/traefik/dynamic/console.yaml
http:
  routers:
    consola:
      entryPoints:
        - web
      rule: "PathPrefix(`/`)"
      service: consola
      tls:
        options: 
  services:
    consola:
      loadBalancer:
        sticky:
          cookie:
            name: server
            secure: true
            httpOnly: true
        servers:
         - url: http://console:8080/
        healthCheck:
          scheme: http
          path: /soffid/anonymous/logo.svg
          port: 8080
sftsvr01/traefik/dynamic/certs.yaml and sftsvr02/traefik/dynamic/certs.yaml
tls:
  stores:
    default:
      defaultCertificate:
        certFile: /data/dynamic/25122be6d01ad29b.crt
        keyFile: /data/dynamic/server.key
rpx-svr01/docker-compose.yaml
version: "3.8"
services:
  wsso:
    #image: soffid/wsso:1.2.2-2
    image: soffid/wsso:1.3.0
    networks: 
      - host
    volumes:
      - type: volume
        source: shib
        target: /etc/shibboleth
      - type: volume
        source: http
        target: /etc/apache2
    ports:
      - 8080:8080
      - 8443:8443
      - 7003:7003
      - 7004:7004
      - 7103:7103
      - 7104:7104
volumes:
  shib:
  #name: /opt/soffid/shib
  http: 
  #name: /opt/soffid/http

networks:
  host: