grafana/devenv/docker/blocks/jwt_proxy/docker-compose.yaml

  oauthkeycloakdb:
    image: postgres:12.2
    container_name: oauthkeycloakdb
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: keycloak
      POSTGRES_PASSWORD: password
    volumes:
      - ./docker/blocks/jwt_proxy/cloak.sql:/docker-entrypoint-initdb.d/cloak.sql
    restart: unless-stopped

  oauthkeycloak:
    image: quay.io/keycloak/keycloak:12.0.1
    container_name: oauthkeycloak
    environment:
      DB_VENDOR: POSTGRES
      DB_ADDR: oauthkeycloakdb
      DB_DATABASE: keycloak
      DB_USER: keycloak
      DB_PASSWORD: password
      KEYCLOAK_USER: admin
      KEYCLOAK_PASSWORD: admin
      PROXY_ADDRESS_FORWARDING: "true"
    ports:
      - 8087:8080
    depends_on:
      - oauthkeycloakdb
    links:
      - "oauthkeycloakdb:oauthkeycloakdb"
    restart: unless-stopped

  oauthproxy:
    image: docker.io/bitnami/oauth2-proxy:7.3.0
    container_name: oauthproxy
    command: [
    "--cookie-secret=yI-CWT5s4sBR2Zd0DDJJlTYc0aQ3jwGH15jYA18ZAQA=",
    "--upstream=http://localhost:3000",
    "--provider=keycloak",
    "--client-id=grafana-oauth",
    "--client-secret=d17b9ea9-bcb1-43d2-b132-d339e55872a8",
    "--login-url=http://127.0.0.1:8087/auth/realms/grafana/protocol/openid-connect/auth",
    "--redeem-url=http://127.0.0.1:8087/auth/realms/grafana/protocol/openid-connect/token",
    "--profile-url=http://127.0.0.1:8087/auth/realms/grafana/protocol/openid-connect/userinfo",
    "--validate-url=http://127.0.0.1:8087/auth/realms/grafana/protocol/openid-connect/userinfo",
    "--cookie-secure=false",
    "--http-address=0.0.0.0:8088",
    "--redirect-url=http://127.0.0.1:8088/oauth2/callback",
    "--pass-access-token=true",
    "--email-domain=*",
    ]
    network_mode: "host"
    depends_on:
      - oauthkeycloak
    restart: unless-stopped