I previously wrote on how to run Dex using docker. In this article, I will create nearly the same setup using docker-compose. This will allow you to run, stop, and restart the setup from a central location.

Setting up the docker-compose file

You’ll want to make sure that you have the same Dex config file from the previous article but with one small change. The issuer field should be changed to http://dex:5556/dex to match the service name that will be used in the docker-compose file. If the issuer field is not changed, the example app will try to find Dex within the container it is running in and will not be able to reach it. Changing it to http://dex:5556/dex will allow the example app to reach Dex through the network that docker-compose creates.

Create a docker-compose.yml file alongside the config.yaml file.

Adding Dex to the docker-compose file

Adding Dex to the compose file will look very similar to the command that was previously used run Dex. Placing the command in the docker-compose.yml file will make it much easier to work with. Add the following to the docker-compose.yml file:

1
2
3
4
5
6
7
8

dex:
  restart: always
  container_name: dex
  image: dexidp/dex:latest
  volumes:
    - ./config.docker.yaml:/etc/dex/config.docker.yaml
  ports:
    - 5556:5556

This will specify the Dex image, volume mount the config, expose the ports needed to reach Dex, name the container, and make sure it always restarts in case of an error.

Adding the example app to the docker-compose file

Another benefit of using docker-compose is that the example app can now be ran within docker without having to deal with setting up a separate network since docker-compose will do it for you.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

example-app:
  container_name: example-app
  restart: always
  image: ghcr.io/dexidp/example-app:latest
  depends_on:
    - dex
  ports:
    - 5555:5555
  entrypoint:
    [
      "example-app",
      "--issuer",
      "http://dex:5556/dex",
      "--listen",
      "http://0.0.0.0:5555",
    ]

This specifies the same fields as the Dex service but it also specifies that it depends on the Dex service and overrides the entrypoint for this specific setup. Note that the issuer is the same as what we changed in the Dex config file and the listen address is set to 0.0.0.0 to accept connections from any IP address.

Modifying /etc/hosts

The last step to make Dex work with the example app is to modify the /etc/hosts file to point dex to 127.0.0.1. This will the changes we made to the issuer field in the Dex config file to point to the hostname dex but make the systems browser requests to dex go to the localhost.

1
2
3

echo "
127.0.0.1 dex
" | sudo tee -a /etc/hosts

Final steps

The final steps are to run the following command to start the services:

1

docker-compose up

This will start the Dex and example app services. You can now navigate to http://localhost:5555 to see the example app running and follow the same authentication flow as the previous example.

Summary

This example takes the previous article and makes it easier to manage by using docker-compose. This will allow you to run, stop, and restart the setup from a central location.

Full docker-compose file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

services:
  dex:
    restart: always
    container_name: dex
    image: dexidp/dex:latest
    volumes:
      - ./config.docker.yaml:/etc/dex/config.docker.yaml
    ports:
      - 5556:5556
  example-app:
    container_name: example-app
    restart: always
    image: ghcr.io/dexidp/example-app:latest
    depends_on:
      - dex
    ports:
      - 5555:5555
    entrypoint:
      [
        "example-app",
        "--issuer",
        "http://dex:5556/dex",
        "--listen",
        "http://0.0.0.0:5555",
      ]

Full config.yaml file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

issuer: http://dex:5556/dex
storage:
  type: sqlite3
web:
  http: 0.0.0.0:5556
staticClients:
  - id: example-app
    redirectURIs:
      - "http://127.0.0.1:5555/callback"
    name: "Example App"
    secret: ZXhhbXBsZS1hcHAtc2VjcmV0
enablePasswordDB: true
staticPasswords:
  - email: "admin@example.com"
    hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
    username: "admin"
    userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"