sophia/ansible-infra
0
0
Fork 0
forked from CCCHH/ansible-infra
Code Pull requests Activity
ansible-infra/playbooks/files/configs/keycloak/compose.yaml
Jannik Beyerstedt 7710bf384d Keycloak: Fix restart condition
2023-05-04 23:39:51 +02:00

79 lines
2.2 KiB
YAML
Raw Blame History

## Secrets:
#
# Secrets should be provided via the relevant `x_secrets.env` files to the
# containers. Options to be set are documented by commented out environment
# variables.
#
## Links & Resources:
#
# https://www.keycloak.org/
# https://www.keycloak.org/documentation
# https://www.keycloak.org/getting-started/getting-started-docker
# https://www.keycloak.org/server/configuration
# https://www.keycloak.org/server/containers
# https://www.keycloak.org/server/configuration-production
# https://www.keycloak.org/server/db
# https://hub.docker.com/_/postgres
# https://github.com/docker-library/docs/blob/master/postgres/README.md
# https://www.keycloak.org/server/hostname
# https://www.keycloak.org/server/reverseproxy
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Forwarded
# https://www.keycloak.org/server/all-config
services:
keycloak:
build:
context: .
dockerfile_inline: |
FROM quay.io/keycloak/keycloak:21.1 as builder
ENV KC_DB=postgres
WORKDIR /opt/keycloak
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak:21.1
COPY --from=builder /opt/keycloak/ /opt/keycloak/
# Runtime options set in compose directly.
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
restart: unless-stopped
command: start --optimized
depends_on:
- db
networks:
- keycloak
environment:
KEYCLOAK_ADMIN: admin
# KEYCLOAK_ADMIN_PASSWORD: in secrets file
KC_DB: postgres
KC_DB_URL_HOST: db
KC_DB_USERNAME: keycloak
# KC_DB_PASSWORD: in secrets file
KC_HOSTNAME: id.ccchh.net
KC_HOSTNAME_STRICT_BACKCHANNEL: true
KC_HOSTNAME_ADMIN: keycloak-admin.ccchh.net
KC_PROXY: edge
ports:
- "8080:8080"
env_file:
- keycloak_secrets.env # Must be managed by the admin manually. Not managed by Ansible.
db:
image: postgres:15.2
restart: always
networks:
- keycloak
volumes:
- "./database:/var/lib/postgresql/data"
environment:
POSTGRES_USER: keycloak
# POSTGRES_PASSWORD: in secrets file
POSTGRES_DB: keycloak
env_file:
- db_secrets.env # Must be managed by the admin manually. Not managed by Ansible.
networks:
keycloak:
external: false
View git blame Copy permalink