wiki-cafe
/
keycloak
forked from coop-cloud/keycloak
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
keycloak/compose.yaml

84 lines
2.6 KiB
YAML
Raw Permalink Blame History

services:
app:
image: "keycloak/keycloak:22.0.3"
entrypoint: >
bash -c "KEYCLOAK_ADMIN_PASSWORD=\"$$(cat /run/secrets/admin_password)\" KC_DB_PASSWORD=\"$$(cat /run/secrets/db_password)\" /opt/keycloak/bin/kc.sh start"
networks:
- proxy
- internal
secrets:
- admin_password
- db_password
environment:
- KC_DB=mariadb
- KC_DB_URL_DATABASE=keycloak
- KC_DB_URL_HOST=db
- KC_HOSTNAME=${DOMAIN}
- KC_PROXY=edge
- KEYCLOAK_ADMIN=${ADMIN_USERNAME}
- KEYCLOAK_WELCOME_THEME=${WELCOME_THEME}
# healthcheck:
# https://www.keycloak.org/server/health
# Use external health checks
volumes:
- "themes:/opt/keycloak/themes"
depends_on:
- mariadb
deploy:
update_config:
failure_action: rollback
order: start-first
labels:
- "traefik.enable=true"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
- "traefik.http.routers.keycloak.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
- "traefik.http.routers.keycloak.entrypoints=web-secure"
- "traefik.http.routers.keycloak.tls.certresolver=${LETS_ENCRYPT_ENV}"
- "traefik.http.routers.keycloak.middlewares=keycloak-redirect"
- "traefik.http.middlewares.keycloak-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.keycloak-redirect.headers.SSLHost=${DOMAIN}"
db:
image: "mariadb:10.11"
environment:
- MYSQL_DATABASE=keycloak
- MYSQL_USER=keycloak
- MYSQL_PASSWORD_FILE=/run/secrets/db_password
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
secrets:
- db_password
- db_root_password
volumes:
- "mariadb:/var/lib/mysql"
networks:
- internal
deploy:
labels:
backupbot.backup: "true"
backupbot.backup.path: "/tmp/dump.sql.gz"
backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
backupbot.backup.pre-hook: "sh -c 'mysqldump -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak | gzip > /tmp/dump.sql.gz'"
backupbot.restore.pre-hook: "sh -c 'cd /tmp && gzip -d dump.sql.gz'"
backupbot.restore: "true"
backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak < /tmp/dump.sql && rm -f /tmp/dump.sql'"
networks:
internal:
proxy:
external: true
secrets:
admin_password:
name: keycloak_admin_password
external: true
db_password:
name: keycloak_db_password
external: true
db_root_password:
name: keycloak_db_root_password
external: true
volumes:
mariadb:
themes:
Reference in New Issue View Git Blame Copy Permalink