Up version of MariaDb to LTS

Merge pull request 'Pull request from main' (#1 ) from coop-cloud/keycloak:master into master
Reviewed-on: #1
2022-11-30 07:56:31 +00:00 · 2022-11-30 07:51:48 +00:00 · 2022-11-16 19:37:17 +01:00 · 2022-11-16 18:16:25 +01:00 · 2022-05-18 14:54:35 +02:00 · 2022-02-10 11:02:13 +01:00
5 changed files with 65 additions and 15 deletions
--- a/.env.sample
+++ b/.env.sample
@ -6,6 +6,7 @@ DOMAIN=keycloak.example.com
 LETS_ENCRYPT_ENV=production

 ADMIN_USERNAME=admin
+WELCOME_THEME=keycloak

 SECRET_DB_ROOT_PASSWORD_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
--- a/README.md
+++ b/README.md
@ -6,12 +6,12 @@

 <!-- metadata -->
 * **Category**: Apps
-* **Status**: ❷💛
-* **Image**: [`jboss/keycloak`](https://hub.docker.com/r/jboss/keycloak), ❶💚, upstream
+* **Status**: 2, beta
+* **Image**: [`jboss/keycloak`](https://hub.docker.com/r/jboss/keycloak), 4, upstream
 * **Healthcheck**: Yes
 * **Backups**: ?
-* **Email**: ❸🍎
-* **Tests**: ❷💛
+* **Email**: 1
+* **Tests**: 2
 * **SSO**: N/A
 <!-- endmetadata -->

@ -25,5 +25,22 @@
   your Docker swarm box
 5. `abra app YOURAPPDOMAIN deploy`

+## How do I setup a custom theme?
+
+Check [this approach](https://git.autonomic.zone/ruangrupa/login.lumbung.space).
+
+## How do I create another admin user?
+
+- Under the `Master` realm > `Users` > `Add user`
+- Create the user and set a temporary password
+- Under the `Role Mappings` tab, move `admin` from `Available Roles` into `Assigned Roles`
+
+## How do I configure Keycloak login for..
+
+- [Nextcloud][nextcloud]
+- [Peertube][peertube]
+
+[nextcloud]: https://git.coopcloud.tech/coop-cloud/nextcloud
+[peertube]: https://git.coopcloud.tech/coop-cloud/peertube
 [abra]: https://git.autonomic.zone/autonomic-cooperative/abra
 [cc-traefik]: https://git.autonomic.zone/coop-cloud/traefik
--- a/compose.yml
+++ b/compose.yml
@ -3,7 +3,9 @@ version: "3.8"

 services:
  app:
-    image: "jboss/keycloak:15.0.2"
+    image: "keycloak/keycloak:20.0.1"
+    entrypoint: >
+      bash -c "KC_DB_PASSWORD=\"$$(cat /run/secrets/db_password)\" /opt/keycloak/bin/kc.sh start"
    networks:
      - proxy
      - internal
@ -11,20 +13,22 @@ services:
      - admin_password
      - db_password
    environment:
-      - DB_ADDR=db
-      - DB_DATABASE=keycloak
-      - DB_PASSWORD_FILE=/run/secrets/db_password
-      - DB_USER=keycloak
-      - DB_VENDOR=mariadb
-      - KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_password
-      - KEYCLOAK_USER=${ADMIN_USERNAME}
-      - PROXY_ADDRESS_FORWARDING=true
+      - KC_DB=mariadb
+      - KC_DB_URL_DATABASE=keycloak
+      - KC_DB_URL_HOST=db
+      - KC_HOSTNAME=${DOMAIN}
+      - KC_PROXY=edge
+      - KC_SPI_CONNECTIONS_JPA_LEGACY_MIGRATION_STRATEGY=update
+      - KEYCLOAK_ADMIN=${ADMIN_USERNAME}
+      - KEYCLOAK_WELCOME_THEME=${WELCOME_THEME}
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080"]
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 1m
+    volumes:
+      - "themes:/opt/jboss/keycloak/themes"
    depends_on:
      - mariadb
    deploy:
@ -40,10 +44,10 @@ services:
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=3.0.0+15.0.2"
+        - "coop-cloud.${STACK_NAME}.version=5.0.1+20.0.1"

  db:
-    image: "mariadb:10.6"
+    image: "mariadb:10.6.11"
    environment:
      - MYSQL_DATABASE=keycloak
      - MYSQL_USER=keycloak
@ -56,6 +60,12 @@ services:
      - "mariadb:/var/lib/mysql"
    networks:
      - internal
+    deploy:
+      labels:
+          backupbot.backup: "true"
+          backupbot.backup.pre-hook: 'mkdir -p /tmp/backup/ && mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" keycloak > /tmp/backup/backup.sql'
+          backupbot.backup.post-hook: "rm -rf /tmp/backup"
+          backupbot.backup.path: "/tmp/backup/"

 networks:
  internal:
@ -75,3 +85,4 @@ secrets:

 volumes:
  mariadb:
+  themes:
--- a/release/4.0.0+16.1.0
+++ b/release/4.0.0+16.1.0
@ -0,0 +1,12 @@
+This major release comes with a blog post about a CVE:
+
+    https://www.keycloak.org/2021/12/cve.html
+
+Not all versions are affected but they're suggesting that people upgrade soon.
+
+As per usual, this upgrade didn't go too smoothly and I ended up having to
+undeploy and deploy the new versions. The healtcheck kept failing on the new
+instance when trying to deploy alongside the existing old version. Idk, some
+docker weirdness.
+
+No app data errors discovered after upgrade.
--- a/release/5.0.0+20.0.1
+++ b/release/5.0.0+20.0.1
@ -0,0 +1,9 @@
+You'll need to remove `/auth/` from your app SSO URLs, e.g.
+
+    https://foo.example.com/auth/realms/foo/protocol/openid-connect/auth
+
+Would become:
+
+    https://foo.example.com/realms/foo/protocol/openid-connect/auth
+
+-- decentral1se @ Autonomic
Author	SHA1	Message	Date
Javielico	bd218450f3	Up version of MariaDb to LTS	2022-11-30 07:56:31 +00:00
javielico	cb0bb0bc18	Merge pull request 'Pull request from main' (#1 ) from coop-cloud/keycloak:master into master Reviewed-on: #1	2022-11-30 07:51:48 +00:00
decentral1se	2ac47abfcd	feat!: new 20.x release	2022-11-16 19:37:17 +01:00
decentral1se	ef6ffd9985	feat: backup labels for mysql	2022-11-16 18:16:25 +01:00
Philipp Rothmann	38bdef2fd0	adds welcome_theme env	2022-05-18 14:54:35 +02:00
decentral1se	2de7006106	chore: publish 4.0.1+16.1.1 release	2022-02-10 11:02:13 +01:00
cellarspoon	0edb882a06	release: expand notes	2022-01-03 16:09:47 +01:00
cellarspoon	2c29c75398	release: add notes	2022-01-02 15:57:16 +01:00
cellarspoon	d32ea20cff	chore: publish 4.0.0+16.1.0 release	2022-01-02 15:53:12 +01:00
3wc	4e2c0013ce	Goodbye, emojis! 😢 [ci skip]	2021-11-23 12:19:05 +02:00
3wc	45918d2451	Add app config tips from docs	2021-10-30 17:27:31 +02:00
decentral1se	1f2ed7932b	feat: support storing themes persistently	2021-10-21 14:16:23 +02:00
decentral1se	6326aff4f0	Revert "feat: custom theme loading" This reverts commit 3b9d0237b2f462fd56ed209c3977d6fec396acc4. This doesn't work because we can't get into the root account in the entrypoint and we need that to use microdnf. Another approach is needed.	2021-10-21 14:14:16 +02:00
decentral1se	f4220652a7	Merge pull request 'Custom theme loading' (#10 ) from custom-theme-loading into master Reviewed-on: coop-cloud/keycloak#10	2021-10-21 11:48:21 +00:00
decentral1se	3b9d0237b2	feat: custom theme loading	2021-10-21 12:55:39 +02:00