forked from coop-cloud/keycloak
decentral1se
6326aff4f0
This reverts commit 3b9d0237b2f462fd56ed209c3977d6fec396acc4. This doesn't work because we can't get into the root account in the entrypoint and we need that to use microdnf. Another approach is needed.
78 lines
2.1 KiB
YAML
78 lines
2.1 KiB
YAML
---
|
|
version: "3.8"
|
|
|
|
services:
|
|
app:
|
|
image: "jboss/keycloak:15.0.2"
|
|
networks:
|
|
- proxy
|
|
- internal
|
|
secrets:
|
|
- admin_password
|
|
- db_password
|
|
environment:
|
|
- DB_ADDR=db
|
|
- DB_DATABASE=keycloak
|
|
- DB_PASSWORD_FILE=/run/secrets/db_password
|
|
- DB_USER=keycloak
|
|
- DB_VENDOR=mariadb
|
|
- KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_password
|
|
- KEYCLOAK_USER=${ADMIN_USERNAME}
|
|
- PROXY_ADDRESS_FORWARDING=true
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-f", "http://localhost:8080"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 10
|
|
start_period: 1m
|
|
depends_on:
|
|
- mariadb
|
|
deploy:
|
|
update_config:
|
|
failure_action: rollback
|
|
order: start-first
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
|
|
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
|
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
|
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
|
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
|
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
|
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
|
- "coop-cloud.${STACK_NAME}.version=3.0.0+15.0.2"
|
|
|
|
db:
|
|
image: "mariadb:10.6"
|
|
environment:
|
|
- MYSQL_DATABASE=keycloak
|
|
- MYSQL_USER=keycloak
|
|
- MYSQL_PASSWORD_FILE=/run/secrets/db_password
|
|
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
|
|
secrets:
|
|
- db_password
|
|
- db_root_password
|
|
volumes:
|
|
- "mariadb:/var/lib/mysql"
|
|
networks:
|
|
- internal
|
|
|
|
networks:
|
|
internal:
|
|
proxy:
|
|
external: true
|
|
|
|
secrets:
|
|
admin_password:
|
|
name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}
|
|
external: true
|
|
db_password:
|
|
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
|
|
external: true
|
|
db_root_password:
|
|
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
|
|
external: true
|
|
|
|
volumes:
|
|
mariadb:
|