name: step-ca services: postgres: image: postgres:16-alpine container_name: ca-postgres restart: unless-stopped environment: POSTGRES_DB: stepca POSTGRES_USER: stepca POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password volumes: - postgres-data:/var/lib/postgresql/data networks: - ca-internal secrets: - postgres_password healthcheck: test: ["CMD-SHELL", "pg_isready -U stepca"] interval: 10s timeout: 5s retries: 5 step-ca: #image: smallstep/step-ca container_name: ca build: context: . dockerfile: Dockerfile restart: unless-stopped stdin_open: true tty: true depends_on: postgres: condition: service_healthy ports: - ${STEP_CA_IP:-127.0.0.1}:${STEP_CA_PORT:-9000}:9000 dns: - ${DNS_1:-8.8.8.8} - ${DNS_2:-8.8.4.4} dns_search: - ${DNS_SEARCH_1:-localhost} - ${DNS_SEARCH_2:-local} - ${DNS_SEARCH_3:-internal} entrypoint: ["/scripts/init.sh"] environment: - DOCKER_STEPCA_INIT_NAME=${STEP_CA_NAME:-Default CA} - DOCKER_STEPCA_INIT_ISSUER=${STEP_CA_ISSUER:-CN=Default CA, O=Organization, C=US} - DOCKER_STEPCA_INIT_DNS_NAMES=${STEP_CA_DNS_NAMES:-localhost,ca.local} - DOCKER_STEPCA_INIT_PROVISIONER_NAME=${STEP_CA_PROVISIONER:-admin} - DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT=${STEP_CA_REMOTE_MANAGEMENT:-true} - DOCKER_STEPCA_INIT_ADMIN_SUBJECT=${STEP_CA_ADMIN_SUBJECT:-admin@example.com} - DOCKER_STEPCA_INIT_SSH=${STEP_CA_SSH:-true} - DOCKER_STEPCA_INIT_ACME=${STEP_CA_ACME:-true} - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password - DOCKER_STEPCA_INIT_PWD_FILE=/run/secrets/password volumes: - stepca-data:/home/step - ./init.sh:/scripts/init.sh:ro networks: - ca-internal secrets: - postgres_password - source: step_pwd target: /run/secrets/password alpine: image: alpine:latest volumes: - stepca-data:/step entrypoint: /bin/ash volumes: stepca-data: name: ca-stepca-data postgres-data: name: ca-postgres-data secrets: postgres_password: file: ./secrets/postgres_password.txt step_pwd: file: ./secrets/step_pwd.txt networks: ca-internal: driver: bridge