version: '3.2'
services:
  step-ca:
    image: smallstep/step-ca
    container_name: step-ca
    hostname: step-ca
    restart: unless-stopped
    ports:
      - "172.16.1.60:9000:9000"
      - "172.16.1.60:9001:9001"
    volumes:
      - ./data:/home/step
    networks:
      - dmz
    healthcheck:
      test: [ "CMD", "curl", "-k", "https://172.16.1.60:9000/health" ]
      timeout: 30s
      interval: 10s
      retries: 6

networks:
  dmz:
    external: true