Compare commits

...

11 Commits

Author SHA1 Message Date
knoflook c9ce66e7fa switch to postgres 2022-06-02 12:08:54 +02:00
decentral1se 2de7006106 chore: publish 4.0.1+16.1.1 release 2022-02-10 11:02:13 +01:00
decentral1se 0edb882a06 release: expand notes 2022-01-03 16:09:47 +01:00
decentral1se 2c29c75398 release: add notes 2022-01-02 15:57:16 +01:00
decentral1se d32ea20cff chore: publish 4.0.0+16.1.0 release 2022-01-02 15:53:12 +01:00
3wordchant 4e2c0013ce Goodbye, emojis! 😢
[ci skip]
2021-11-23 12:19:05 +02:00
3wordchant 45918d2451 Add app config tips from docs 2021-10-30 17:27:31 +02:00
d1admin 1f2ed7932b feat: support storing themes persistently 2021-10-21 14:16:23 +02:00
d1admin 6326aff4f0 Revert "feat: custom theme loading"
This reverts commit 3b9d0237b2.

This doesn't work because we can't get into the root account in the
entrypoint and we need that to use microdnf. Another approach is needed.
2021-10-21 14:14:16 +02:00
decentral1se f4220652a7 Merge pull request 'Custom theme loading' (#10) from custom-theme-loading into master
Reviewed-on: coop-cloud/keycloak#10
2021-10-21 11:48:21 +00:00
d1admin 3b9d0237b2 feat: custom theme loading 2021-10-21 12:55:39 +02:00
4 changed files with 133 additions and 15 deletions
+21 -4
View File
@@ -6,12 +6,12 @@
<!-- metadata -->
* **Category**: Apps
* **Status**: ❷💛
* **Image**: [`jboss/keycloak`](https://hub.docker.com/r/jboss/keycloak), ❶💚, upstream
* **Status**: 2, beta
* **Image**: [`jboss/keycloak`](https://hub.docker.com/r/jboss/keycloak), 4, upstream
* **Healthcheck**: Yes
* **Backups**: ?
* **Email**: ❸🍎
* **Tests**: ❷💛
* **Email**: 1
* **Tests**: 2
* **SSO**: N/A
<!-- endmetadata -->
@@ -25,5 +25,22 @@
your Docker swarm box
5. `abra app YOURAPPDOMAIN deploy`
## How do I setup a custom theme?
Check [this approach](https://git.autonomic.zone/ruangrupa/login.lumbung.space).
## How do I create another admin user?
- Under the `Master` realm > `Users` > `Add user`
- Create the user and set a temporary password
- Under the `Role Mappings` tab, move `admin` from `Available Roles` into `Assigned Roles`
## How do I configure Keycloak login for..
- [Nextcloud][nextcloud]
- [Peertube][peertube]
[nextcloud]: https://git.coopcloud.tech/coop-cloud/nextcloud
[peertube]: https://git.coopcloud.tech/coop-cloud/peertube
[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
[cc-traefik]: https://git.autonomic.zone/coop-cloud/traefik
+81
View File
@@ -0,0 +1,81 @@
---
version: "3.8"
services:
app:
image: "jboss/keycloak:16.1.1"
networks:
- proxy
- internal
secrets:
- admin_password
- db_password
environment:
- DB_ADDR=db
- JBDC_PARAMS="useSSL=false"
- DB_DATABASE=keycloak
- DB_PASSWORD_FILE=/run/secrets/db_password
- DB_USER=keycloak
- DB_VENDOR=mariadb
- KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_password
- KEYCLOAK_USER=${ADMIN_USERNAME}
- PROXY_ADDRESS_FORWARDING=true
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080"]
interval: 30s
timeout: 10s
retries: 10
start_period: 1m
volumes:
- "themes:/opt/jboss/keycloak/themes"
depends_on:
- mariadb
deploy:
update_config:
failure_action: rollback
order: start-first
labels:
- "traefik.enable=true"
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- "coop-cloud.${STACK_NAME}.version=4.0.1+16.1.1"
db:
image: "mariadb:10.8"
environment:
- MYSQL_DATABASE=keycloak
- MYSQL_USER=keycloak
- MYSQL_PASSWORD_FILE=/run/secrets/db_password
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
secrets:
- db_password
- db_root_password
volumes:
- "mariadb:/var/lib/mysql"
networks:
- internal
networks:
internal:
proxy:
external: true
secrets:
admin_password:
name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}
external: true
db_password:
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
external: true
db_root_password:
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
external: true
volumes:
mariadb:
themes:
+19 -11
View File
@@ -3,7 +3,7 @@ version: "3.8"
services:
app:
image: "jboss/keycloak:15.0.2"
image: "jboss/keycloak:16.1.1"
networks:
- proxy
- internal
@@ -12,10 +12,11 @@ services:
- db_password
environment:
- DB_ADDR=db
- JBDC_PARAMS="useSSL=false"
- DB_DATABASE=keycloak
- DB_PASSWORD_FILE=/run/secrets/db_password
- DB_USER=keycloak
- DB_VENDOR=mariadb
- DB_VENDOR=postgres
- KEYCLOAK_PASSWORD_FILE=/run/secrets/admin_password
- KEYCLOAK_USER=${ADMIN_USERNAME}
- PROXY_ADDRESS_FORWARDING=true
@@ -25,6 +26,8 @@ services:
timeout: 10s
retries: 10
start_period: 1m
volumes:
- "themes:/opt/jboss/keycloak/themes"
depends_on:
- mariadb
deploy:
@@ -40,20 +43,23 @@ services:
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- "coop-cloud.${STACK_NAME}.version=3.0.0+15.0.2"
- "coop-cloud.${STACK_NAME}.version=4.0.1+16.1.1"
db:
image: "mariadb:10.6"
environment:
- MYSQL_DATABASE=keycloak
- MYSQL_USER=keycloak
- MYSQL_PASSWORD_FILE=/run/secrets/db_password
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
image: postgres:11
networks:
- backend
secrets:
- db_password
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
secrets:
- db_password
- db_root_password
volumes:
- "mariadb:/var/lib/mysql"
- "postgres_data:/var/lib/postgresql/data"
networks:
- internal
@@ -75,3 +81,5 @@ secrets:
volumes:
mariadb:
themes:
postgres_data:
+12
View File
@@ -0,0 +1,12 @@
This major release comes with a blog post about a CVE:
https://www.keycloak.org/2021/12/cve.html
Not all versions are affected but they're suggesting that people upgrade soon.
As per usual, this upgrade didn't go too smoothly and I ended up having to
undeploy and deploy the new versions. The healtcheck kept failing on the new
instance when trying to deploy alongside the existing old version. Idk, some
docker weirdness.
No app data errors discovered after upgrade.