## Secrets: # # Secrets should be provided via the relevant `x_secrets.env` files to the # containers. Options to be set are documented by commented out environment # variables. # ## Links & Resources: # # https://www.keycloak.org/ # https://www.keycloak.org/documentation # https://www.keycloak.org/getting-started/getting-started-docker # https://www.keycloak.org/server/configuration # https://www.keycloak.org/server/containers # https://www.keycloak.org/server/configuration-production # https://www.keycloak.org/server/db # https://hub.docker.com/_/postgres # https://github.com/docker-library/docs/blob/master/postgres/README.md # https://www.keycloak.org/server/hostname # https://www.keycloak.org/server/reverseproxy # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded # https://www.keycloak.org/server/all-config services: keycloak: build: context: . dockerfile_inline: | FROM quay.io/keycloak/keycloak:23.0 as builder ENV KC_DB=postgres WORKDIR /opt/keycloak RUN /opt/keycloak/bin/kc.sh build FROM quay.io/keycloak/keycloak:23.0 COPY --from=builder /opt/keycloak/ /opt/keycloak/ # Runtime options set in compose directly. ENTRYPOINT ["/opt/keycloak/bin/kc.sh"] restart: unless-stopped command: start --optimized depends_on: - db networks: - keycloak environment: KEYCLOAK_ADMIN: admin KEYCLOAK_ADMIN_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KEYCLOAK_ADMIN_PASSWORD", create=false, missing="error") }} KC_DB: postgres KC_DB_URL_HOST: db KC_DB_USERNAME: keycloak KC_DB_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/KC_DB_PASSWORD", create=false, missing="error") }} KC_HOSTNAME: id.hamburg.ccc.de KC_HOSTNAME_STRICT_BACKCHANNEL: true KC_HOSTNAME_ADMIN: keycloak-admin.hamburg.ccc.de KC_PROXY: edge ports: - "8080:8080" db: image: postgres:15.2 restart: always networks: - keycloak volumes: - "./database:/var/lib/postgresql/data" environment: POSTGRES_USER: keycloak POSTGRES_PASSWORD: {{ lookup("community.general.passwordstore", "noc/vm-secrets/chaosknoten/keycloak/POSTGRES_PASSWORD", create=false, missing="error") }} POSTGRES_DB: keycloak networks: keycloak: external: false