wiki-cafe
/
keycloak
forked from coop-cloud/keycloak
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

un-abra-ify.

This commit is contained in:
Christian Galo 2023-08-14 07:24:41 +00:00
parent 2bdc8f8d1e
commit 8d0149f128
4 changed files with 22 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.env.sample
View File

@ -1,13 +0,0 @@
TYPE=keycloak
DOMAIN=keycloak.example.com
## Domain aliases
#EXTRA_DOMAINS=', `www.keycloak.example.com`'
LETS_ENCRYPT_ENV=production
ADMIN_USERNAME=admin
WELCOME_THEME=keycloak
SECRET_DB_ROOT_PASSWORD_VERSION=v1
SECRET_DB_PASSWORD_VERSION=v1
SECRET_ADMIN_PASSWORD_VERSION=v1

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.env

12
README.md
View File

@ -8,11 +8,17 @@ Wiki Cafe's configuration for a Keycloak deployment. Originally slimmed down fro
Set the environment variables from the .env file during the shell session.
```
set -a && source .env && set +a^C
set -a && source .env && set +a
```
Deploy using the `-c` flag to specify multiple compose files.
Set the secrets.
```
docker stack deploy traefik -c compose.yaml -c compose.googledomains.yaml
printf "SECRET_HERE" | docker secret create SECRET_NAME -
```
Deploy using the `-c` flag to specify one or multiple compose files.
```
docker stack deploy keycloak -c compose.yaml
```

34
compose.yaml
View File

@ -1,6 +1,3 @@
---
version: "3.8"
services:
app:
image: "keycloak/keycloak:22.0.1"
@ -18,17 +15,11 @@ services:
- KC_DB_URL_HOST=db
- KC_HOSTNAME=${DOMAIN}
- KC_PROXY=edge
- KC_SPI_CONNECTIONS_JPA_LEGACY_MIGRATION_STRATEGY=update
- KEYCLOAK_ADMIN=${ADMIN_USERNAME}
- KEYCLOAK_WELCOME_THEME=${WELCOME_THEME}
# NOTE(3wc): disabled due to missing curl binary, see
# https://git.coopcloud.tech/coop-cloud/keycloak/issues/15
# healthcheck:
# test: ["CMD", "curl", "-f", "http://localhost:8080"]
# interval: 30s
# timeout: 10s
# retries: 10
# start_period: 1m
# https://www.keycloak.org/server/health
# Use external health checks
volumes:
- "themes:/opt/keycloak/themes"
depends_on:
@ -39,14 +30,13 @@ services:
order: start-first
labels:
- "traefik.enable=true"
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8080"
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- "coop-cloud.${STACK_NAME}.version=7.0.0+22.0.1"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
- "traefik.http.routers.keycloak.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
- "traefik.http.routers.keycloak.entrypoints=web-secure"
- "traefik.http.routers.keycloak.tls.certresolver=${LETS_ENCRYPT_ENV}"
- "traefik.http.routers.keycloak.middlewares=keycloak-redirect"
- "traefik.http.middlewares.keycloak-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.keycloak-redirect.headers.SSLHost=${DOMAIN}"
db:
image: "mariadb:10.11"
@ -79,13 +69,13 @@ networks:
secrets:
admin_password:
name: ${STACK_NAME}_admin_password_${SECRET_ADMIN_PASSWORD_VERSION}
name: keycloak_admin_password
external: true
db_password:
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
name: keycloak_db_password
external: true
db_root_password:
name: ${STACK_NAME}_db_root_password_${SECRET_DB_ROOT_PASSWORD_VERSION}
name: keycloak_db_root_password
external: true
volumes: