services:
  redis:
    image: redis:7
    ports:
      - "6379:6379"
  mock-oauth2-server:
    image: ghcr.io/navikt/mock-oauth2-server:3.0.1
    ports:
      - "8888:8080"
    environment:
      JSON_CONFIG: "{\"interactiveLogin\":false}"
  wonderwall:
    image: ghcr.io/nais/wonderwall:latest
    ports:
      - "3000:3000"
    command: >
      --openid.client-id=bogus
      --openid.client-secret=not-so-secret
      --openid.well-known-url=http://localhost:8888/default/.well-known/openid-configuration
      --ingress=http://localhost:3000
      --bind-address=0.0.0.0:3000
      --upstream-host=upstream:4000
      --redis.uri=redis://redis:6379
      --log-level=debug
      --log-format=text
    restart: on-failure
    extra_hosts:
      # Wonderwall needs to both reach and redirect user agents to the mock-oauth2-server:
      # - 'mock-oauth2-server:8888' resolves from the container, but is not resolvable for user agents at the host (e.g. during redirects).
      # - 'localhost:8888' allows user agents to resolve redirects to the mock-oauth2-server, but breaks connectivity from the container itself.
      # This additional mapping allows the container to reach the mock-oauth2-server at 'localhost' through the host network, as well as allowing user agents to correctly resolve redirects.
      - localhost:host-gateway
  upstream:
    image: mendhak/http-https-echo:30
    ports:
      - "4000:4000"
    environment:
      HTTP_PORT: 4000
      JWT_HEADER: Authorization
      LOG_IGNORE_PATH: /