services: postgres_ory: image: postgres:${ORY_POSTGRES_TAG:-17-alpine} container_name: ory_postgres environment: - POSTGRES_USER=${ORY_POSTGRES_USER:-ory} - POSTGRES_PASSWORD=${ORY_POSTGRES_PASSWORD:-secret} - POSTGRES_DB=${ORY_POSTGRES_DB:-ory} volumes: - ./docker/ory/init-db:/docker-entrypoint-initdb.d - ory_postgres_data:/var/lib/postgresql/data networks: - ory-net healthcheck: test: [ "CMD-SHELL", "pg_isready -U ${ORY_POSTGRES_USER:-ory} -d ${KRATOS_DB:-ory_kratos}", ] interval: 5s timeout: 5s retries: 5 kratos-migrate: image: oryd/kratos:${KRATOS_VERSION:-v25.4.0} environment: - DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KRATOS_DB:-ory_kratos}?sslmode=disable&max_conns=20 - KRATOS_SERVE_PUBLIC_BASE_URL="${KRATOS_BROWSER_URL:-http://localhost:4433}" - KRATOS_SERVE_ADMIN_BASE_URL="${KRATOS_ADMIN_URL:-http://kratos:4434}" - KRATOS_SELFSERVICE_DEFAULT_BROWSER_RETURN_URL="${KRATOS_UI_URL:-http://localhost:5000}" - KRATOS_SELFSERVICE_ALLOWED_RETURN_URLS='["${KRATOS_UI_URL:-http://localhost:5000}","${USERFRONT_URL:-http://localhost:5000}"]' volumes: - ./docker/ory/kratos:/etc/config/kratos command: migrate sql up -e -c /etc/config/kratos/kratos.yml --yes depends_on: postgres_ory: condition: service_healthy networks: - ory-net kratos: image: oryd/kratos:${KRATOS_VERSION:-v25.4.0} container_name: ory_kratos environment: - DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${KRATOS_DB:-ory_kratos}?sslmode=disable&max_conns=20 - COOKIE_SECRET="${COOKIE_SECRET:-localcookie123}" - KRATOS_SERVE_PUBLIC_BASE_URL="${KRATOS_BROWSER_URL:-http://localhost:4433}" - KRATOS_SERVE_ADMIN_BASE_URL="${KRATOS_ADMIN_URL:-http://kratos:4434}" - KRATOS_SELFSERVICE_DEFAULT_BROWSER_RETURN_URL="${KRATOS_UI_URL:-http://localhost:5000}" - KRATOS_SELFSERVICE_ALLOWED_RETURN_URLS='["${KRATOS_UI_URL:-http://localhost:5000}","${USERFRONT_URL:-http://localhost:5000}"]' volumes: - ./docker/ory/kratos:/etc/config/kratos command: serve -c /etc/config/kratos/kratos.yml depends_on: kratos-migrate: condition: service_completed_successfully networks: - ory-net - kratosnet hydra-migrate: image: oryd/hydra:${HYDRA_VERSION:-v25.4.0} environment: - DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${HYDRA_DB:-ory_hydra}?sslmode=disable&max_conns=20 command: migrate sql up -e --yes depends_on: postgres_ory: condition: service_healthy networks: - ory-net hydra: image: oryd/hydra:${HYDRA_VERSION:-v25.4.0} container_name: ory_hydra environment: - DSN=postgres://${ORY_POSTGRES_USER}:${ORY_POSTGRES_PASSWORD}@postgres_ory:5432/${HYDRA_DB:-ory_hydra}?sslmode=disable&max_conns=20 - URLS_SELF_ISSUER="${USERFRONT_URL:-http://localhost:5000}/oidc" - URLS_LOGIN="${USERFRONT_URL:-http://localhost:5000}/login" - URLS_CONSENT="${USERFRONT_URL:-http://localhost:5000}/consent" - SECRETS_SYSTEM="${ORY_POSTGRES_PASSWORD}" volumes: - ./docker/ory/hydra:/etc/config/hydra command: serve -c /etc/config/hydra/hydra.yml all --dev depends_on: hydra-migrate: condition: service_completed_successfully networks: - ory-net - hydranet # [수정됨] Oathkeeper 서비스 추가 (Backend 연결 문제 해결) oathkeeper: image: oryd/oathkeeper:${OATHKEEPER_VERSION:-v0.40.6} container_name: ory_oathkeeper restart: unless-stopped depends_on: kratos: condition: service_started environment: - LOG_LEVEL=debug command: serve proxy --config /etc/config/oathkeeper/oathkeeper.yml volumes: - ./docker/ory/oathkeeper:/etc/config/oathkeeper networks: - ory-net - baron_net # Backend가 통신하기 위해 필수 - public_net ports: - "4455:4455" # Proxy - "4456:4456" # API (Backend 헬스체크용) healthcheck: test: ["CMD", "wget", "-qO-", "http://127.0.0.1:4456/health/ready"] interval: 5s timeout: 5s retries: 5 volumes: ory_postgres_data: networks: ory-net: external: true name: ory-net hydranet: external: true name: hydranet kratosnet: external: true name: kratosnet public_net: external: true name: public_net # [수정됨] Baron Net 추가 정의 (Oathkeeper 연결용) baron_net: external: true name: baron_net