mikkel/pvm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pvm/docker/docker-compose.dev.yml
Mikkel Georgsen c0cb2d25a0 Fix auth flow: federated logout, login page move, and healthcheck 
- Add federated logout endpoint that clears Auth.js session AND ends
  Zitadel SSO session via OIDC end_session endpoint
- Move sign-in page from /auth/signin to /login to avoid Auth.js
  route conflict causing ERR_TOO_MANY_REDIRECTS
- Add callbackUrl to all signIn calls so users land on /dashboard
- Store id_token in session for federated logout id_token_hint
- Fix Zitadel healthcheck using binary ready command (no curl needed)
- Update post_logout_redirect_uri in setup script

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-08 12:55:35 +01:00

96 lines
3.3 KiB
YAML
Raw Blame History

services:
zitadel:
image: ghcr.io/zitadel/zitadel:latest
command: start-from-init --masterkey "${ZITADEL_MASTERKEY}" --tlsMode disabled
user: "0"
environment:
ZITADEL_DATABASE_POSTGRES_HOST: zitadel-db
ZITADEL_DATABASE_POSTGRES_PORT: 5432
ZITADEL_DATABASE_POSTGRES_DATABASE: zitadel
ZITADEL_DATABASE_POSTGRES_USER_USERNAME: zitadel
ZITADEL_DATABASE_POSTGRES_USER_PASSWORD: "${ZITADEL_DB_PASSWORD}"
ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE: disable
ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME: zitadel
ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD: "${ZITADEL_DB_PASSWORD}"
ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE: disable
ZITADEL_EXTERNALDOMAIN: localhost
ZITADEL_EXTERNALPORT: 8080
ZITADEL_EXTERNALSECURE: "false"
ZITADEL_TLS_MODE: disabled
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_USERNAME: admin
ZITADEL_FIRSTINSTANCE_ORG_HUMAN_PASSWORD: "${ZITADEL_ADMIN_PASSWORD}"
ZITADEL_DEFAULTINSTANCE_FEATURES_LOGINV2_REQUIRED: "false"
# Machine user for automated setup (PAT written to bind mount)
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME: pvm-setup
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME: PVM Setup Service User
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_PAT_EXPIRATIONDATE: "2030-01-01T00:00:00Z"
ZITADEL_FIRSTINSTANCE_PATPATH: /machinekey/admin.pat
# SMTP for email sending (verification, password reset)
ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_HOST: "${ZITADEL_SMTP_HOST}:465"
ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_USER: "${ZITADEL_SMTP_USER}"
ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_SMTP_PASSWORD: "${ZITADEL_SMTP_PASSWORD}"
ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_TLS: "true"
ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_FROM: "${ZITADEL_SMTP_USER}"
ZITADEL_DEFAULTINSTANCE_SMTPCONFIGURATION_FROMNAME: "PVM"
ports:
- "8080:8080"
depends_on:
zitadel-db:
condition: service_healthy
volumes:
- ./machinekey:/machinekey
- ./zitadel-healthcheck.yaml:/zitadel-healthcheck.yaml:ro
healthcheck:
test: ["CMD", "/app/zitadel", "ready", "--config", "/zitadel-healthcheck.yaml"]
interval: 10s
timeout: 5s
retries: 15
start_period: 30s
restart: unless-stopped
zitadel-db:
image: postgres:16-alpine
environment:
POSTGRES_DB: zitadel
POSTGRES_USER: zitadel
POSTGRES_PASSWORD: "${ZITADEL_DB_PASSWORD}"
volumes:
- zitadel-pg-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U zitadel -d zitadel"]
interval: 5s
timeout: 5s
retries: 10
restart: unless-stopped
pvm-db:
image: postgres:16-alpine
environment:
POSTGRES_DB: pvm
POSTGRES_USER: pvm
POSTGRES_PASSWORD: "${PVM_DB_PASSWORD}"
ports:
- "5432:5432"
volumes:
- pvm-pg-data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U pvm -d pvm"]
interval: 5s
timeout: 5s
retries: 10
restart: unless-stopped
dragonfly:
image: docker.dragonflydb.io/dragonflydb/dragonfly:latest
ports:
- "6379:6379"
volumes:
- dragonfly-data:/data
ulimits:
memlock: -1
restart: unless-stopped
volumes:
zitadel-pg-data:
pvm-pg-data:
dragonfly-data:
Reference in a new issue View git blame Copy permalink