docker-compose.yml · Oversight

51 lines · yaml

services:
  oversight-registry:
    build: .
    image: oversight-registry:0.4.11
    container_name: oversight-registry
    restart: unless-stopped
    ports:
      - "${OVERSIGHT_REGISTRY_BIND:-127.0.0.1}:8765:8765"
    volumes:
      - oversight_data:/data
    environment:
      OVERSIGHT_DB: /data/oversight-registry.sqlite
      OVERSIGHT_DATA: /data
      OVERSIGHT_CORS_ORIGINS: ${OVERSIGHT_CORS_ORIGINS:-https://oversightprotocol.dev,https://www.oversightprotocol.dev,https://oversight-protocol.github.io}
      OVERSIGHT_DNS_EVENT_SECRET: ${OVERSIGHT_DNS_EVENT_SECRET:-}
      OVERSIGHT_OPERATOR_TOKEN: ${OVERSIGHT_OPERATOR_TOKEN:-}
      OVERSIGHT_JURISDICTION: ${OVERSIGHT_JURISDICTION:-GLOBAL}
      OVERSIGHT_REKOR_ENABLED: ${OVERSIGHT_REKOR_ENABLED:-0}
      OVERSIGHT_REKOR_URL: ${OVERSIGHT_REKOR_URL:-https://log2025-1.rekor.sigstore.dev}
      TRUSTED_PROXY: ${TRUSTED_PROXY:-1}
    healthcheck:
      test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://127.0.0.1:8765/health').read()"]
      interval: 30s
      timeout: 5s
      retries: 3
 
  caddy:
    image: caddy:2-alpine
    container_name: oversight-caddy
    restart: unless-stopped
    profiles: ["live"]
    ports:
      - "${OVERSIGHT_HTTP_BIND:-0.0.0.0}:80:80"
      - "${OVERSIGHT_HTTPS_BIND:-0.0.0.0}:443:443"
    environment:
      OVERSIGHT_REGISTRY_DOMAIN: ${OVERSIGHT_REGISTRY_DOMAIN:-registry.oversightprotocol.dev}
      OVERSIGHT_BEACON_DOMAIN: ${OVERSIGHT_BEACON_DOMAIN:-b.oversightprotocol.dev}
      OVERSIGHT_OCSP_DOMAIN: ${OVERSIGHT_OCSP_DOMAIN:-ocsp.oversightprotocol.dev}
      OVERSIGHT_LICENSE_DOMAIN: ${OVERSIGHT_LICENSE_DOMAIN:-lic.oversightprotocol.dev}
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - caddy_data:/data
      - caddy_config:/config
    depends_on:
      oversight-registry:
        condition: service_healthy
 
volumes:
  oversight_data:
  caddy_data:
  caddy_config:

1	services:
2	oversight-registry:
3	build: .
4	image: oversight-registry:0.4.11
5	container_name: oversight-registry
6	restart: unless-stopped
7	ports:
8	- "${OVERSIGHT_REGISTRY_BIND:-127.0.0.1}:8765:8765"
9	volumes:
10	- oversight_data:/data
11	environment:
12	OVERSIGHT_DB: /data/oversight-registry.sqlite
13	OVERSIGHT_DATA: /data
14	OVERSIGHT_CORS_ORIGINS: ${OVERSIGHT_CORS_ORIGINS:-https://oversightprotocol.dev,https://www.oversightprotocol.dev,https://oversight-protocol.github.io}
15	OVERSIGHT_DNS_EVENT_SECRET: ${OVERSIGHT_DNS_EVENT_SECRET:-}
16	OVERSIGHT_OPERATOR_TOKEN: ${OVERSIGHT_OPERATOR_TOKEN:-}
17	OVERSIGHT_JURISDICTION: ${OVERSIGHT_JURISDICTION:-GLOBAL}
18	OVERSIGHT_REKOR_ENABLED: ${OVERSIGHT_REKOR_ENABLED:-0}
19	OVERSIGHT_REKOR_URL: ${OVERSIGHT_REKOR_URL:-https://log2025-1.rekor.sigstore.dev}
20	TRUSTED_PROXY: ${TRUSTED_PROXY:-1}
21	healthcheck:
22	test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://127.0.0.1:8765/health').read()"]
23	interval: 30s
24	timeout: 5s
25	retries: 3
26
27	caddy:
28	image: caddy:2-alpine
29	container_name: oversight-caddy
30	restart: unless-stopped
31	profiles: ["live"]
32	ports:
33	- "${OVERSIGHT_HTTP_BIND:-0.0.0.0}:80:80"
34	- "${OVERSIGHT_HTTPS_BIND:-0.0.0.0}:443:443"
35	environment:
36	OVERSIGHT_REGISTRY_DOMAIN: ${OVERSIGHT_REGISTRY_DOMAIN:-registry.oversightprotocol.dev}
37	OVERSIGHT_BEACON_DOMAIN: ${OVERSIGHT_BEACON_DOMAIN:-b.oversightprotocol.dev}
38	OVERSIGHT_OCSP_DOMAIN: ${OVERSIGHT_OCSP_DOMAIN:-ocsp.oversightprotocol.dev}
39	OVERSIGHT_LICENSE_DOMAIN: ${OVERSIGHT_LICENSE_DOMAIN:-lic.oversightprotocol.dev}
40	volumes:
41	- ./Caddyfile:/etc/caddy/Caddyfile:ro
42	- caddy_data:/data
43	- caddy_config:/config
44	depends_on:
45	oversight-registry:
46	condition: service_healthy
47
48	volumes:
49	oversight_data:
50	caddy_data:
51	caddy_config: