Update rauthy

This commit is contained in:
eraden 2024-08-03 05:48:14 +02:00
parent e8f04f4dde
commit 5f825093cc
4 changed files with 83 additions and 60 deletions

2
.env
View File

@ -40,3 +40,5 @@ SONIC_INGEST_PASS=SecretPassword
SEARCH_ACTIVE=true SEARCH_ACTIVE=true
KANIDM_IDM_ADMIN_PASS=2MScM5Cr2ANyLRps4ccGZjSJdx8bth6yXEwKJDqYU5ZdNfKN KANIDM_IDM_ADMIN_PASS=2MScM5Cr2ANyLRps4ccGZjSJdx8bth6yXEwKJDqYU5ZdNfKN
RAUTHY_API_KEY=oidc$1nrMx5FY6crQaejAKTBAFlx8t8ObnKOUUSBhlBkkUBnyCfwAJvKmlEQ5LoqanRyn

View File

@ -3,7 +3,7 @@ server {
server_name rauthy.lvh; server_name rauthy.lvh;
location ~ / { location ~ / {
proxy_pass http://rauthy:8080; proxy_pass http://rauthy:8301;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

View File

@ -17,7 +17,7 @@
# If you don't need the extra validations, you can set this to `false` to # If you don't need the extra validations, you can set this to `false` to
# save some resources, if your clients to a lot of `/userinfo` lookups. # save some resources, if your clients to a lot of `/userinfo` lookups.
# default: true # default: true
#USERINFO_STRICT=true USERINFO_STRICT=false
# Can be used when 'OPEN_USER_REG=true' to restrict the domains # Can be used when 'OPEN_USER_REG=true' to restrict the domains
# for a registration. For instance, set it to # for a registration. For instance, set it to
@ -60,7 +60,7 @@
# in the Admin UI. If these are correct, your setup is okay. # in the Admin UI. If these are correct, your setup is okay.
# #
# (default: true) # (default: true)
# SESSION_VALIDATE_IP=false SESSION_VALIDATE_IP=false
# By default, Rauthy will log a warning into the logs, if an active password # By default, Rauthy will log a warning into the logs, if an active password
# reset form is being access multiple times from different hosts. You can set # reset form is being access multiple times from different hosts. You can set
@ -81,17 +81,17 @@
# Cloudflare, which adds custom headers in this case. # Cloudflare, which adds custom headers in this case.
# For instance, if your requests are proxied through cloudflare, your would # For instance, if your requests are proxied through cloudflare, your would
# set `CF-Connecting-IP`. # set `CF-Connecting-IP`.
# PEER_IP_HEADER_NAME="CF-Connecting-IP" PEER_IP_HEADER_NAME="CF-Connecting-IP"
PEER_IP_HEADER_NAME="X-Forwarded-For"
# You can enable authn/authz headers which would be added to the response # You can enable authn/authz headers which would be added to the response
# of the `/auth/v1/forward_auth` endpoint. With `AUTH_HEADERS_ENABLE=true`, # of the `/auth/v1/oidc/forward_auth` endpoint. With `AUTH_HEADERS_ENABLE=true`,
# the headers below will be added to authenticated requests. These could # the headers below will be added to authenticated requests. These could
# be used on legacy downstream applications, that don't support OIDC on # be used on legacy downstream applications, that don't support OIDC on
# their own. # their own.
# However, be careful when using this, since this kind of authn/authz has # However, be careful when using this, since this kind of authn/authz has
# a lot of pitfalls out of the scope of Rauthy. # a lot of pitfalls out of the scope of Rauthy.
# AUTH_HEADERS_ENABLE=true # default: false
AUTH_HEADERS_ENABLE=true
# Configure the header names being used for the different values. # Configure the header names being used for the different values.
# You can change them to your needs, if you cannot easily change your # You can change them to your needs, if you cannot easily change your
@ -174,7 +174,7 @@ AUTH_HEADER_MFA=x-forwarded-user-mfa
#S3_BUCKET=my_s3_bucket_name #S3_BUCKET=my_s3_bucket_name
#S3_ACCESS_KEY= #S3_ACCESS_KEY=
#S3_ACCESS_SECRET= #S3_ACCESS_SECRET=
#S3_DANGER_ACCEPT_INVALID_CERTS=false #S3_DANGER_ALLOW_INSECURE=false
# Restores the given backup # Restores the given backup
# #
@ -217,7 +217,7 @@ BOOTSTRAP_ADMIN_EMAIL=admin@localhost.de
# If set, this plain text password will be used for the # If set, this plain text password will be used for the
# initial admin password instead of generating a random # initial admin password instead of generating a random
# password. # password.
BOOTSTRAP_ADMIN_PASSWORD_PLAIN="n!U@vNYM9*SQpS" # BOOTSTRAP_ADMIN_PASSWORD_PLAIN="123SuperSafe"
# If set, this will take the argon2id hashed password # If set, this will take the argon2id hashed password
# during the initialization of an empty production database. # during the initialization of an empty production database.
@ -285,17 +285,17 @@ BOOTSTRAP_ADMIN_PASSWORD_PLAIN="n!U@vNYM9*SQpS"
# If the cache should start in HA mode or standalone # If the cache should start in HA mode or standalone
# accepts 'true|false', defaults to 'false' # accepts 'true|false', defaults to 'false'
HA_MODE=false #HA_MODE=false
# The connection strings (with hostnames) of the HA instances # The connection strings (with hostnames) of the HA instances
# as a CSV. # as a CSV.
# Format: 'scheme://hostname:port' # Format: 'scheme://hostname:port'
HA_HOSTS="http://rauthy-0.rauthy:8080" #HA_HOSTS="http://rauthy-0.rauthy:8000, http://rauthy-1.rauthy:8000, http://rauthy-2.rauthy:8000"
# Overwrite the hostname which is used to identify each cache member. # Overwrite the hostname which is used to identify each cache member.
# Useful in scenarios, where for instance all members are on the same host with # Useful in scenarios, where for instance all members are on the same host with
# different ports or for testing. # different ports or for testing.
HOSTNAME_OVERWRITE="rauthy-0.rauthy:8080" #HOSTNAME_OVERWRITE="rauthy-0.rauthy:8080"
## Define buffer sizes for channels between the components ## Define buffer sizes for channels between the components
# Buffer for client requests on the incoming stream - server # Buffer for client requests on the incoming stream - server
@ -378,7 +378,6 @@ CACHE_USERS_LIFESPAN=28800
#DATABASE_URL=sqlite::memory: #DATABASE_URL=sqlite::memory:
#DATABASE_URL=sqlite:data/rauthy.db #DATABASE_URL=sqlite:data/rauthy.db
#DATABASE_URL=postgresql://rauthy:123SuperSafe@localhost:5432/rauthy #DATABASE_URL=postgresql://rauthy:123SuperSafe@localhost:5432/rauthy
DATABASE_URL=postgresql://rauthy:123SuperSafe@rauthy-psql:5432/rauthy
# Max DB connections - irrelevant for SQLite (default: 5) # Max DB connections - irrelevant for SQLite (default: 5)
#DATABASE_MAX_CONN=5 #DATABASE_MAX_CONN=5
@ -435,7 +434,7 @@ DPOP_NONCE_EXP=900
# handled properly and your users just login blindly to any client # handled properly and your users just login blindly to any client
# they get redirected to. # they get redirected to.
# default: false # default: false
ENABLE_DYN_CLIENT_REG=false #ENABLE_DYN_CLIENT_REG=false
# If specified, this secret token will be expected during # If specified, this secret token will be expected during
# dynamic client registrations to be given as a # dynamic client registrations to be given as a
@ -515,12 +514,12 @@ EMAIL_SUB_PREFIX="Rauthy IAM"
# TLS fails. It will never allow an unencrypted connection. # TLS fails. It will never allow an unencrypted connection.
# You might want to set `SMTP_DANGER_INSECURE=true` if you # You might want to set `SMTP_DANGER_INSECURE=true` if you
# need this for local dev. # need this for local dev.
SMTP_URL=mailcrab #SMTP_URL=
SMTP_USERNAME= #SMTP_USERNAME=
SMTP_PASSWORD= #SMTP_PASSWORD=
# Format: "Rauthy <rauthy@localhost.de>" # Format: "Rauthy <rauthy@localhost.de>"
# default: "Rauthy <rauthy@localhost.de>" # default: "Rauthy <rauthy@localhost.de>"
SMTP_FROM=notif@example.com #SMTP_FROM=
# The number of retries that should be done for connecting to # The number of retries that should be done for connecting to
# the given SMTP_URL. # the given SMTP_URL.
@ -537,7 +536,7 @@ SMTP_FROM=notif@example.com
# ignored and you can modify the target port with # ignored and you can modify the target port with
# `SMTP_DANGER_INSECURE_PORT`. # `SMTP_DANGER_INSECURE_PORT`.
# default: false # default: false
SMTP_DANGER_INSECURE=true #SMTP_DANGER_INSECURE=false
# The port for an insecure SMTP relay. # The port for an insecure SMTP relay.
# This will most likely be used for testing only. # This will most likely be used for testing only.
@ -662,7 +661,7 @@ MAX_HASH_THREADS=1
##################################### #####################################
# The E-Mail address event notifications should be sent to. # The E-Mail address event notifications should be sent to.
#EVENT_EMAIL=admin@localhost.de EVENT_EMAIL=admin@localhost.de
# Matrix variables for event notifications. # Matrix variables for event notifications.
# `EVENT_MATRIX_USER_ID` and `EVENT_MATRIX_ROOM_ID` are mandatory. # `EVENT_MATRIX_USER_ID` and `EVENT_MATRIX_ROOM_ID` are mandatory.
@ -673,7 +672,7 @@ MAX_HASH_THREADS=1
# you should provide `EVENT_MATRIX_ACCESS_TOKEN`. # you should provide `EVENT_MATRIX_ACCESS_TOKEN`.
# If both are given, the `EVENT_MATRIX_ACCESS_TOKEN` will be preferred. # If both are given, the `EVENT_MATRIX_ACCESS_TOKEN` will be preferred.
# #
# If left empty, no messages will be sent to Slack. # If left empty, no messages will be sent to Matrix.
# Format: `@<user_id>:<server address>` # Format: `@<user_id>:<server address>`
#EVENT_MATRIX_USER_ID= #EVENT_MATRIX_USER_ID=
# Format: `!<random string>:<server address>` # Format: `!<random string>:<server address>`
@ -703,7 +702,7 @@ MAX_HASH_THREADS=1
# The notification level for events. Works the same way as a logging level. # The notification level for events. Works the same way as a logging level.
# For instance: 'notice' means send out a notifications for all events with # For instance: 'notice' means send out a notifications for all events with
# the info level or higher. # the notice level or higher.
# Possible values: # Possible values:
# - info # - info
# - notice # - notice
@ -726,11 +725,11 @@ EVENT_NOTIFY_LEVEL_SLACK=notice
# - warning # - warning
# - critical # - critical
# default: 'info' # default: 'info'
EVENT_PERSIST_LEVEL=info #EVENT_PERSIST_LEVEL=info
# Define the number of days when events should be cleaned up from the database. # Define the number of days when events should be cleaned up from the database.
# default: 31 # default: 31
EVENT_CLEANUP_DAYS=31 #EVENT_CLEANUP_DAYS=31
# The level for the generated Event after a new user has been registered. # The level for the generated Event after a new user has been registered.
# default: info # default: info
@ -790,7 +789,7 @@ EVENT_LEVEL_FAILED_LOGIN=info
# by doing a request to the Github API to check the latest release. # by doing a request to the Github API to check the latest release.
# This ignores any type of prerelease and will only notify for a new stable. # This ignores any type of prerelease and will only notify for a new stable.
# default: false # default: false
DISABLE_APP_VERSION_CHECK=true #DISABLE_APP_VERSION_CHECK=false
##################################### #####################################
############## FED CM ############### ############## FED CM ###############
@ -838,14 +837,15 @@ DISABLE_APP_VERSION_CHECK=true
# Session lifetime in seconds - the session can not be # Session lifetime in seconds - the session can not be
# extended beyond this time and a new login will be forced. # extended beyond this time and a new login will be forced.
# This is the session for the authorization code flow. (default: 14400) # This is the session for the authorization code flow.
# (default: 14400)
#SESSION_LIFETIME=14400 #SESSION_LIFETIME=14400
# If 'true', a 2FA / MFA check will be done with each automatic # If 'true', a 2FA / MFA check will be done with each automatic
# token generation, even with an active session, which kind of # token generation, even with an active session, which kind of
# makes the session useless with Webauthn enabled, but provides # makes the session useless with Webauthn enabled, but provides
# maximum amount of security. # maximum amount of security.
# If 'false', the user will not get a MFA prompt with an active # If 'false', the user will not get an MFA prompt with an active
# session at the authorization endpoint. # session at the authorization endpoint.
# (default: false) # (default: false)
#SESSION_RENEW_MFA=false #SESSION_RENEW_MFA=false
@ -873,7 +873,7 @@ DISABLE_APP_VERSION_CHECK=true
# This is the log level for stdout logs # This is the log level for stdout logs
# Accepts: error, info, debug, trace (default: info) # Accepts: error, info, debug, trace (default: info)
LOG_LEVEL=trace #LOG_LEVEL=info
# This is a special config which allows the configuration of # This is a special config which allows the configuration of
# customized access logs. These logs will be logged with each # customized access logs. These logs will be logged with each
@ -900,7 +900,7 @@ LOG_LEVEL=trace
# If 'true', MFA for an account must be enabled to access the # If 'true', MFA for an account must be enabled to access the
# rauthy admin UI (default: true) # rauthy admin UI (default: true)
#ADMIN_FORCE_MFA=true ADMIN_FORCE_MFA=false
##################################### #####################################
############## POW ################# ############## POW #################
@ -923,12 +923,12 @@ POW_EXP=30
# The server address to listen on. Can bind to a specific IP. # The server address to listen on. Can bind to a specific IP.
# default: 0.0.0.0 # default: 0.0.0.0
LISTEN_ADDRESS=0.0.0.0 #LISTEN_ADDRESS=0.0.0.0
# The listen ports for HTTP / HTTPS, depending on the # The listen ports for HTTP / HTTPS, depending on the
# activated 'LISTEN_SCHEME' # activated 'LISTEN_SCHEME'
# default: 8080 # default: 8080
LISTEN_PORT_HTTP=8080 #LISTEN_PORT_HTTP=8080
# default: 8443 # default: 8443
#LISTEN_PORT_HTTPS=8443 #LISTEN_PORT_HTTPS=8443
@ -941,43 +941,43 @@ LISTEN_SCHEME=http
# HEADER later on, which is especially important when running # HEADER later on, which is especially important when running
# rauthy behind a reverse proxy. In case of a non-standard # rauthy behind a reverse proxy. In case of a non-standard
# port (80/443), you need to add the port to the PUB_URL # port (80/443), you need to add the port to the PUB_URL
PUB_URL=rauthy.lvh PUB_URL=localhost:8301
# default value: number of available physical cores # default value: number of available physical cores
HTTP_WORKERS=10 #HTTP_WORKERS=1
# When rauthy is running behind a reverse proxy, set to true # When rauthy is running behind a reverse proxy, set to true
# default: false # default: false
PROXY_MODE=true PROXY_MODE=false
# A `\n` separated list of trusted proxy CIDRs. # A `\n` separated list of trusted proxy CIDRs.
# When `PROXY_MODE=true` or `PEER_IP_HEADER_NAME` is set, # When `PROXY_MODE=true` or `PEER_IP_HEADER_NAME` is set,
# these are mandatory to be able to extract the real client # these are mandatory to be able to extract the real client
# IP properly and safely to prevent IP header spoofing. # IP properly and safely to prevent IP header spoofing.
# All requests with a different source will be blocked. # All requests with a different source will be blocked.
TRUSTED_PROXIES=" #TRUSTED_PROXIES="
192.168.14.0/24 #192.168.14.0/24
" #"
# To enable or disable the additional HTTP server to expose the /metrics endpoint # To enable or disable the additional HTTP server to expose the /metrics endpoint
# default: true # default: true
METRICS_ENABLE=true # METRICS_ENABLE=true
# The IP address to listen on for the /metrics endpoint. # The IP address to listen on for the /metrics endpoint.
# You do not want to expose your metrics on a publicly reachable endpoint! # You do not want to expose your metrics on a publicly reachable endpoint!
# default: 0.0.0.0 # default: 0.0.0.0
METRICS_ADDR=0.0.0.0 # METRICS_ADDR=0.0.0.0
# The post to listen on for the /metrics endpoint. # The post to listen on for the /metrics endpoint.
# You do not want to expose your metrics on a publicly reachable endpoint! # You do not want to expose your metrics on a publicly reachable endpoint!
# default: 9090 # default: 9090
METRICS_PORT=8302 # METRICS_PORT=9090
# If the Swagger UI should be served together with the /metrics route on the internal # If the Swagger UI should be served together with the /metrics route on the internal
# server. It it then reachable via: # server. It it then reachable via:
# http://METRICS_ADDR:METRICS_PORT/docs/v1/swagger-ui/ # http://METRICS_ADDR:METRICS_PORT/docs/v1/swagger-ui/
# default: true # default: true
SWAGGER_UI_INTERNAL=true # SWAGGER_UI_INTERNAL=true
# If the Swagger UI should be served externally as well. This makes the link in the # If the Swagger UI should be served externally as well. This makes the link in the
# Admin UI work. # Admin UI work.
@ -986,7 +986,7 @@ SWAGGER_UI_INTERNAL=true
# Rauthy is open source, which means anyone could just download it and see on their # Rauthy is open source, which means anyone could just download it and see on their
# own, but it may be a security concern to just expose less information. # own, but it may be a security concern to just expose less information.
# default: false # default: false
SWAGGER_UI_EXTERNAL=true #SWAGGER_UI_EXTERNAL=false
# The interval in seconds in which keep-alives should be sent to SSE clients. # The interval in seconds in which keep-alives should be sent to SSE clients.
# Depending on your network setup, proxy timeouts, ... # Depending on your network setup, proxy timeouts, ...
@ -1061,7 +1061,7 @@ SWAGGER_UI_EXTERNAL=true
# Enable / disable TLS for the cache communication # Enable / disable TLS for the cache communication
# (default: true) # (default: true)
CACHE_TLS=false CACHE_TLS=true
# The path to the server TLS certificate PEM file # The path to the server TLS certificate PEM file
# default: tls/redhac.cert-chain.pem # default: tls/redhac.cert-chain.pem
@ -1089,7 +1089,7 @@ CACHE_TLS_SERVER_KEY=tls/key.pem
# 'X509v3 Subject Alternative Name' when you take a look at # 'X509v3 Subject Alternative Name' when you take a look at
# the servers certificate with the openssl tool. # the servers certificate with the openssl tool.
# default: redhac.local # default: redhac.local
CACHE_TLS_CLIENT_VALIDATE_DOMAIN=rauthy.lvh CACHE_TLS_CLIENT_VALIDATE_DOMAIN=redhac.local
# Can be used if you need to overwrite the SNI when the # Can be used if you need to overwrite the SNI when the
# client connects to the server, for instance if you are # client connects to the server, for instance if you are
@ -1105,12 +1105,12 @@ CACHE_TLS_CLIENT_VALIDATE_DOMAIN=rauthy.lvh
# (default: localhost) # (default: localhost)
# CAUTION: When this changes, already registered devices will stop # CAUTION: When this changes, already registered devices will stop
# working and users cannot log in anymore! # working and users cannot log in anymore!
RP_ID=rauthy.lvh RP_ID=localhost
# Url containing the effective domain name # Url containing the effective domain name
# (default: http://localhost:8080) # (default: http://localhost:8080)
# CAUTION: Must include the port number! # CAUTION: Must include the port number!
RP_ORIGIN=http://rauthy.lvh RP_ORIGIN=http://localhost:8080
# Non critical RP Name # Non critical RP Name
# Has no security properties and may be changed without issues # Has no security properties and may be changed without issues
@ -1141,7 +1141,7 @@ RP_NAME='Rauthy Webauthn'
# again. That is why we should ask for the original password # again. That is why we should ask for the original password
# in addition once in a while to set the cookie. # in addition once in a while to set the cookie.
# The value is in hours (default: 2160) # The value is in hours (default: 2160)
#WEBAUTHN_RENEW_EXP=2160 WEBAUTHN_RENEW_EXP=2160
# This feature can be set to 'true' to force User verification # This feature can be set to 'true' to force User verification
# during the Webauthn ceremony. UV will be true, if the user # during the Webauthn ceremony. UV will be true, if the user
@ -1153,7 +1153,7 @@ RP_NAME='Rauthy Webauthn'
# option, since Android and some special combinations of OS + # option, since Android and some special combinations of OS +
# browser to not support UV yet. # browser to not support UV yet.
# (default: false) # (default: false)
#WEBAUTHN_FORCE_UV=false WEBAUTHN_FORCE_UV=false
# Can be set to 'true' to disable password expiry for users # Can be set to 'true' to disable password expiry for users
# that have at least one active passkey. When set to 'false', # that have at least one active passkey. When set to 'false',
@ -1162,4 +1162,4 @@ RP_NAME='Rauthy Webauthn'
# With this option active, rauthy will ignore any password # With this option active, rauthy will ignore any password
# expiry set by the password policy for Webauthn users. # expiry set by the password policy for Webauthn users.
# default: true # default: true
WEBAUTHN_NO_PASSWORD_EXPIRY=true #WEBAUTHN_NO_PASSWORD_EXPIRY=true

View File

@ -2,15 +2,17 @@ version: '3'
services: services:
rumqqtd: rumqqtd:
image: bytebeamio/rumqttd image: bytebeamio/rumqttd
restart: no
ports: ports:
- 1883:1883 - 1883:1883
- 1884:1884 - 1884:1884
rauthy-nginx: rauthy-nginx:
image: nginx:latest image: nginx:latest
restart: no
ports: ports:
- 80:80 - 80:80
volumes: volumes:
# /etc/nginx/conf.d/*.conf;
- ./config/rauth.nginx:/etc/nginx/conf.d/rauth.conf:ro - ./config/rauth.nginx:/etc/nginx/conf.d/rauth.conf:ro
depends_on: depends_on:
- rauthy - rauthy
@ -21,20 +23,36 @@ services:
POSTGRES_PASSWORD: 123SuperSafe POSTGRES_PASSWORD: 123SuperSafe
POSTGRES_USER: rauthy POSTGRES_USER: rauthy
POSTGRES_DB: rauthy POSTGRES_DB: rauthy
DATABASE_URL: postgresql://rauthy:123SuperSafe@localhost:5432/rauthy ports:
- 6677:5432
volumes: volumes:
- rauthy-psql:/var/lib/postgresql/data - rauthy-psql:/var/lib/postgresql/data
rauthy: rauthy:
image: ghcr.io/sebadob/rauthy:0.23.5 image: ghcr.io/sebadob/rauthy:0.24.1
depends_on: depends_on:
- rauthy-psql - rauthy-psql
- mailcrab
ports: ports:
- 8302:8302 - 8302:8302
- 8301:9090 - 8301:8301
- 9090:9090
environment: environment:
COOKIE_MODE: danger-insecure - COOKIE_MODE=danger-insecure
SWAGGER_UI_EXTERNAL: true - SWAGGER_UI_EXTERNAL=true
- RUSY_LOG=actix_http::h1::dispatcher=error,actix_server::signals=error,trace
- DATABASE_URL=postgresql://rauthy:123SuperSafe@rauthy-psql:5432/rauthy
- LISTEN_PORT_HTTP=8301
- SMTP_URL=mailcrab
- SMTP_USERNAME=""
- SMTP_PASSWORD=""
- SMTP_DANGER_INSECURE=true
- SMTP_DANGER_INSECURE_PORT=1025
- METRICS_ENABLE=true
- METRICS_ADDR=0.0.0.0
- METRICS_PORT=9090
- SWAGGER_UI_INTERNAL=true
- SWAGGER_UI_EXTERNAL=true
volumes: volumes:
- rauthy:/app/data - rauthy:/app/data
- ./config/rauthy.cfg:/app/rauthy.cfg - ./config/rauthy.cfg:/app/rauthy.cfg
@ -42,7 +60,7 @@ services:
quickwit: quickwit:
image: quickwit/quickwit:v0.5.2 image: quickwit/quickwit:v0.5.2
command: run command: run
restart: always restart: no
environment: environment:
QW_ENABLE_OTLP_ENDPOINT: true QW_ENABLE_OTLP_ENDPOINT: true
QW_ENABLE_JAEGER_ENDPOINT: true QW_ENABLE_JAEGER_ENDPOINT: true
@ -54,7 +72,7 @@ services:
jaeger: jaeger:
image: jaegertracing/jaeger-query:1.45 image: jaegertracing/jaeger-query:1.45
restart: always restart: no
depends_on: depends_on:
- quickwit - quickwit
environment: environment:
@ -65,7 +83,7 @@ services:
grafana: grafana:
image: grafana/grafana-enterprise:10.0.0 image: grafana/grafana-enterprise:10.0.0
restart: always restart: no
depends_on: depends_on:
- quickwit - quickwit
environment: environment:
@ -77,7 +95,10 @@ services:
mailcrab: mailcrab:
image: 'marlonb/mailcrab:latest' image: 'marlonb/mailcrab:latest'
restart: unless-stopped restart: no
environment:
- ENABLE_TLS_AUTH=false
- RUST_LOG=debug
ports: ports:
- 1125:1025 - 1125:1025
- 1180:1080 - 1180:1080