Compare commits
12 Commits
custom-the
...
5.0.0+20.0
| Author | SHA1 | Date | |
|---|---|---|---|
2ac47abfcd
|
|||
|
ef6ffd9985
|
|||
| 38bdef2fd0 | |||
| 2de7006106 | |||
|
0edb882a06
|
|||
|
2c29c75398
|
|||
| d32ea20cff | |||
| 4e2c0013ce | |||
| 45918d2451 | |||
| 1f2ed7932b | |||
| 6326aff4f0 | |||
| f4220652a7 |
@ -6,9 +6,7 @@ DOMAIN=keycloak.example.com
|
|||||||
LETS_ENCRYPT_ENV=production
|
LETS_ENCRYPT_ENV=production
|
||||||
|
|
||||||
ADMIN_USERNAME=admin
|
ADMIN_USERNAME=admin
|
||||||
|
WELCOME_THEME=keycloak
|
||||||
# CUSTOM_THEME_ENABLED=1
|
|
||||||
# CUSTOM_THEME_URL=
|
|
||||||
|
|
||||||
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||||
SECRET_DB_PASSWORD_VERSION=v1
|
SECRET_DB_PASSWORD_VERSION=v1
|
||||||
|
|||||||
25
README.md
25
README.md
@ -6,12 +6,12 @@
|
|||||||
|
|
||||||
<!-- metadata -->
|
<!-- metadata -->
|
||||||
* **Category**: Apps
|
* **Category**: Apps
|
||||||
* **Status**: ❷💛
|
* **Status**: 2, beta
|
||||||
* **Image**: [`jboss/keycloak`](https://hub.docker.com/r/jboss/keycloak), ❶💚, upstream
|
* **Image**: [`jboss/keycloak`](https://hub.docker.com/r/jboss/keycloak), 4, upstream
|
||||||
* **Healthcheck**: Yes
|
* **Healthcheck**: Yes
|
||||||
* **Backups**: ?
|
* **Backups**: ?
|
||||||
* **Email**: ❸🍎
|
* **Email**: 1
|
||||||
* **Tests**: ❷💛
|
* **Tests**: 2
|
||||||
* **SSO**: N/A
|
* **SSO**: N/A
|
||||||
<!-- endmetadata -->
|
<!-- endmetadata -->
|
||||||
|
|
||||||
@ -25,5 +25,22 @@
|
|||||||
your Docker swarm box
|
your Docker swarm box
|
||||||
5. `abra app YOURAPPDOMAIN deploy`
|
5. `abra app YOURAPPDOMAIN deploy`
|
||||||
|
|
||||||
|
## How do I setup a custom theme?
|
||||||
|
|
||||||
|
Check [this approach](https://git.autonomic.zone/ruangrupa/login.lumbung.space).
|
||||||
|
|
||||||
|
## How do I create another admin user?
|
||||||
|
|
||||||
|
- Under the `Master` realm > `Users` > `Add user`
|
||||||
|
- Create the user and set a temporary password
|
||||||
|
- Under the `Role Mappings` tab, move `admin` from `Available Roles` into `Assigned Roles`
|
||||||
|
|
||||||
|
## How do I configure Keycloak login for..
|
||||||
|
|
||||||
|
- [Nextcloud][nextcloud]
|
||||||
|
- [Peertube][peertube]
|
||||||
|
|
||||||
|
[nextcloud]: https://git.coopcloud.tech/coop-cloud/nextcloud
|
||||||
|
[peertube]: https://git.coopcloud.tech/coop-cloud/peertube
|
||||||
[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
|
[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
|
||||||
[cc-traefik]: https://git.autonomic.zone/coop-cloud/traefik
|
[cc-traefik]: https://git.autonomic.zone/coop-cloud/traefik
|
||||||
|
|||||||
44
compose.yml
44
compose.yml
@ -3,7 +3,9 @@ version: "3.8"
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: "jboss/keycloak:15.0.2"
|
image: "keycloak/keycloak:20.0.1"
|
||||||
|
entrypoint: >
|
||||||
|
bash -c "KC_DB_PASSWORD=\"$$(cat /run/secrets/db_password)\" /opt/keycloak/bin/kc.sh start"
|
||||||
networks:
|
networks:
|
||||||
- proxy
|
- proxy
|
||||||
- internal
|
- internal
|
||||||
@ -11,27 +13,22 @@ services:
|
|||||||
- admin_password
|
- admin_password
|
||||||
- db_password
|
- db_password
|
||||||
environment:
|
environment:
|
||||||
- CUSTOM_THEME_ENABLED
|
- KC_DB=mariadb
|
||||||
- CUSTOM_THEME_URL
|
- KC_DB_URL_DATABASE=keycloak
|
||||||
- DB_ADDR=db
|
- KC_DB_URL_HOST=db
|
||||||
- DB_DATABASE=keycloak
|
- KC_HOSTNAME=${DOMAIN}
|
||||||
- DB_PASSWORD_FILE=/run/secrets/db_password
|
- KC_PROXY=edge
|
||||||
- DB_USER=keycloak
|
- KC_SPI_CONNECTIONS_JPA_LEGACY_MIGRATION_STRATEGY=update
|
||||||
- DB_VENDOR=mariadb
|
- KEYCLOAK_ADMIN=${ADMIN_USERNAME}
|
||||||
- KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_password
|
- KEYCLOAK_WELCOME_THEME=${WELCOME_THEME}
|
||||||
- KEYCLOAK_USER=${ADMIN_USERNAME}
|
|
||||||
- PROXY_ADDRESS_FORWARDING=true
|
|
||||||
configs:
|
|
||||||
- source: entrypoint_conf
|
|
||||||
target: /docker-entrypoint.sh
|
|
||||||
mode: 0555
|
|
||||||
entrypoint: /docker-entrypoint.sh
|
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "curl", "-f", "http://localhost:8080"]
|
test: ["CMD", "curl", "-f", "http://localhost:8080"]
|
||||||
interval: 30s
|
interval: 30s
|
||||||
timeout: 10s
|
timeout: 10s
|
||||||
retries: 10
|
retries: 10
|
||||||
start_period: 1m
|
start_period: 1m
|
||||||
|
volumes:
|
||||||
|
- "themes:/opt/jboss/keycloak/themes"
|
||||||
depends_on:
|
depends_on:
|
||||||
- mariadb
|
- mariadb
|
||||||
deploy:
|
deploy:
|
||||||
@ -47,7 +44,7 @@ services:
|
|||||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||||
- "coop-cloud.${STACK_NAME}.version=3.0.0+15.0.2"
|
- "coop-cloud.${STACK_NAME}.version=5.0.0+20.0.1"
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: "mariadb:10.6"
|
image: "mariadb:10.6"
|
||||||
@ -63,6 +60,12 @@ services:
|
|||||||
- "mariadb:/var/lib/mysql"
|
- "mariadb:/var/lib/mysql"
|
||||||
networks:
|
networks:
|
||||||
- internal
|
- internal
|
||||||
|
deploy:
|
||||||
|
labels:
|
||||||
|
backupbot.backup: "true"
|
||||||
|
backupbot.backup.pre-hook: 'mkdir -p /tmp/backup/ && mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" keycloak > /tmp/backup/backup.sql'
|
||||||
|
backupbot.backup.post-hook: "rm -rf /tmp/backup"
|
||||||
|
backupbot.backup.path: "/tmp/backup/"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
internal:
|
internal:
|
||||||
@ -82,9 +85,4 @@ secrets:
|
|||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
mariadb:
|
mariadb:
|
||||||
|
themes:
|
||||||
configs:
|
|
||||||
entrypoint_conf:
|
|
||||||
name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
|
|
||||||
file: entrypoint.sh.tmpl
|
|
||||||
template_driver: golang
|
|
||||||
|
|||||||
@ -1,12 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
{{ if eq (env "CUSTOM_THEME_ENABLED") "1" }}
|
|
||||||
microdnf update && microdnf install git
|
|
||||||
git clone "$CUSTOM_THEME_URL" "/opt/jboss/keycloak/themes/$CUSTOM_THEME_NAME"
|
|
||||||
{{ end }}
|
|
||||||
|
|
||||||
# upstream entrypoint
|
|
||||||
# https://github.com/keycloak/keycloak-containers/blob/aa2e5515ccb05116e49ab38839d8fcfdd17c45aa/server/Dockerfile#L30
|
|
||||||
/usr/local/bin/entrypoint.sh "$@"
|
|
||||||
12
release/4.0.0+16.1.0
Normal file
12
release/4.0.0+16.1.0
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
This major release comes with a blog post about a CVE:
|
||||||
|
|
||||||
|
https://www.keycloak.org/2021/12/cve.html
|
||||||
|
|
||||||
|
Not all versions are affected but they're suggesting that people upgrade soon.
|
||||||
|
|
||||||
|
As per usual, this upgrade didn't go too smoothly and I ended up having to
|
||||||
|
undeploy and deploy the new versions. The healtcheck kept failing on the new
|
||||||
|
instance when trying to deploy alongside the existing old version. Idk, some
|
||||||
|
docker weirdness.
|
||||||
|
|
||||||
|
No app data errors discovered after upgrade.
|
||||||
9
release/5.0.0+20.0.1
Normal file
9
release/5.0.0+20.0.1
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
You'll need to remove `/auth/` from your app SSO URLs, e.g.
|
||||||
|
|
||||||
|
https://foo.example.com/auth/realms/foo/protocol/openid-connect/auth
|
||||||
|
|
||||||
|
Would become:
|
||||||
|
|
||||||
|
https://foo.example.com/realms/foo/protocol/openid-connect/auth
|
||||||
|
|
||||||
|
-- decentral1se @ Autonomic
|
||||||
Reference in New Issue
Block a user