services: postgres_ory: image: postgres:${ORY_POSTGRES_TAG:-17-alpine} container_name: ory_postgres environment: - POSTGRES_USER=${ORY_POSTGRES_USER:-ory} - POSTGRES_PASSWORD=${ORY_POSTGRES_PASSWORD:-secret} - POSTGRES_DB=${ORY_POSTGRES_DB:-ory} volumes: - ./docker/ory/init-db:/docker-entrypoint-initdb.d - ory_postgres_data:/var/lib/postgresql/data networks: - ory-net healthcheck: test: [ "CMD-SHELL", "pg_isready -U ${ORY_POSTGRES_USER:-ory} -d ${KRATOS_DB:-ory_kratos}", ] interval: 5s timeout: 5s retries: 5 kratos-migrate: image: oryd/kratos:${KRATOS_VERSION:-v25.4.0} environment: - DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KRATOS_DB:-ory_kratos}?sslmode=disable&max_conns=20 - KRATOS_SERVE_PUBLIC_BASE_URL="${KRATOS_BROWSER_URL:-http://localhost:4433}" - KRATOS_SERVE_ADMIN_BASE_URL="${KRATOS_ADMIN_URL:-http://kratos:4434}" - KRATOS_SELFSERVICE_DEFAULT_BROWSER_RETURN_URL="${KRATOS_UI_URL:-http://localhost:5000}" - KRATOS_SELFSERVICE_ALLOWED_RETURN_URLS='["${KRATOS_UI_URL:-http://localhost:5000}","${USERFRONT_URL:-http://localhost:5000}"]' volumes: - ./docker/ory/kratos:/etc/config/kratos command: migrate sql up -e -c /etc/config/kratos/kratos.yml --yes depends_on: postgres_ory: condition: service_healthy networks: - ory-net kratos: image: oryd/kratos:${KRATOS_VERSION:-v25.4.0} container_name: ory_kratos environment: - DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KRATOS_DB:-ory_kratos}?sslmode=disable&max_conns=20 - COOKIE_SECRET="${COOKIE_SECRET:-localcookie123}" - KRATOS_SERVE_PUBLIC_BASE_URL="${KRATOS_BROWSER_URL:-http://localhost:4433}" - KRATOS_SERVE_ADMIN_BASE_URL="${KRATOS_ADMIN_URL:-http://kratos:4434}" - KRATOS_SELFSERVICE_DEFAULT_BROWSER_RETURN_URL="${KRATOS_UI_URL:-http://localhost:5000}" - KRATOS_SELFSERVICE_ALLOWED_RETURN_URLS='["${KRATOS_UI_URL:-http://localhost:5000}","${USERFRONT_URL:-http://localhost:5000}"]' volumes: - ./docker/ory/kratos:/etc/config/kratos command: serve -c /etc/config/kratos/kratos.yml depends_on: kratos-migrate: condition: service_completed_successfully networks: - ory-net - kratosnet hydra-migrate: image: oryd/hydra:${HYDRA_VERSION:-v25.4.0} environment: - DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${HYDRA_DB:-ory_hydra}?sslmode=disable&max_conns=20 command: migrate sql up -e --yes depends_on: postgres_ory: condition: service_healthy networks: - ory-net hydra: image: oryd/hydra:${HYDRA_VERSION:-v25.4.0} container_name: ory_hydra environment: - DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${HYDRA_DB:-ory_hydra}?sslmode=disable&max_conns=20 - URLS_SELF_ISSUER=${USERFRONT_URL:-http://localhost:5000}/oidc - URLS_LOGIN=${USERFRONT_URL:-http://localhost:5000}/login - URLS_CONSENT=${USERFRONT_URL:-http://localhost:5000}/consent - SECRETS_SYSTEM=${ORY_POSTGRES_PASSWORD} volumes: - ./docker/ory/hydra:/etc/config/hydra command: serve -c /etc/config/hydra/hydra.yml all --dev depends_on: hydra-migrate: condition: service_completed_successfully networks: - ory-net - hydranet oathkeeper: image: oryd/oathkeeper:${OATHKEEPER_VERSION:-v0.40.6} container_name: oathkeeper restart: unless-stopped depends_on: kratos: condition: service_started environment: - LOG_LEVEL=debug command: serve proxy --config /etc/config/oathkeeper/oathkeeper.yml volumes: - ./docker/ory/oathkeeper:/etc/config/oathkeeper - oathkeeper_logs:/var/log/oathkeeper networks: - ory-net - baron_net - public_net ports: - "4455:4455" - "4456:4456" healthcheck: test: ["CMD", "wget", "-qO-", "http://127.0.0.1:4456/health/ready"] interval: 5s timeout: 5s retries: 5 ory_stack_check: image: alpine:latest container_name: ory_stack_check command: > /bin/sh -c " apk add --no-cache curl; echo 'Wait for services...'; until curl -s http://kratos:4433/health/ready; do sleep 1; done; until curl -s http://hydra:4444/health/ready; do sleep 1; done; echo 'Ory Stack is fully operational!';" depends_on: - kratos - hydra networks: - ory-net init-rp: image: oryd/hydra:${HYDRA_VERSION:-v25.4.0} container_name: init-rp entrypoint: ["/bin/sh"] command: - -ec - | echo "Creating/Updating OAuth2 Clients..." hydra create oauth2-client \ --endpoint http://hydra:4445 \ --id adminfront \ --name "AdminFront" \ --grant-type authorization_code,refresh_token \ --response-type code \ --scope openid,offline_access,profile,email \ --token-endpoint-auth-method none \ --redirect-uri ${ADMINFRONT_CALLBACK_URLS:-http://localhost:5173/auth/callback,http://172.16.10.176:5173/auth/callback} hydra create oauth2-client \ --endpoint http://hydra:4445 \ --id devfront \ --name "DevFront" \ --grant-type authorization_code,refresh_token \ --response-type code \ --scope openid,offline_access,profile,email \ --token-endpoint-auth-method none \ --redirect-uri ${DEVFRONT_CALLBACK_URLS:-http://localhost:5174/auth/callback,http://172.16.10.176:5174/auth/callback} hydra create oauth2-client \ --endpoint http://hydra:4445 \ --id orgfront \ --name "OrgFront" \ --grant-type authorization_code,refresh_token \ --response-type code \ --scope openid,offline_access,profile,email \ --token-endpoint-auth-method none \ --redirect-uri ${ORGFRONT_CALLBACK_URLS:-http://localhost:5175/auth/callback,http://172.16.10.176:5175/auth/callback,https://baron-orgchart.hmac.kr/auth/callback} echo "All RP clients initialized successfully." depends_on: ory_stack_check: condition: service_completed_successfully networks: - ory-net - hydranet volumes: ory_postgres_data: oathkeeper_logs: networks: ory-net: external: true name: ory-net hydranet: external: true name: hydranet kratosnet: external: true name: kratosnet public_net: external: true name: public_net baron_net: external: true name: baron_net