Initial commit

Integrate keycloak with opencloud LDAP Integrate with gitea TO DO: Change gitea group token claim name to reflect new token structure required by OpenCloud LDAP
2026-03-25 17:28:08 +00:00
commit da1f20a767
2 changed files with 78 additions and 0 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,73 @@
+services:
+  keycloak:
+    image: quay.io/keycloak/keycloak:26.3.3 #latest
+    container_name: keycloak
+    user: "0"
+    command: start # start-dev
+            # --import-realm
+            # --features=scripts 
+            # --log=console
+            # --log-level=DEBUG
+            # --log-console-output=default
+            # --optimized
+    environment:
+      KC_DB: ${KC_DB}
+      KC_DB_URL: ${KC_DB_URL}
+      KC_DB_USERNAME: ${KC_DB_USERNAME}
+      KC_DB_PASSWORD: ${KC_DB_PASSWORD}
+      
+      # Keycloak admin user
+      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
+      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+      
+      # Hostname configuration
+      KC_HOSTNAME: ${HOSTNAME}
+
+      KEYCLOAK_FRONTEND_URL: https://${HOSTNAME}
+      
+      # HTTP configuration
+      KC_HTTP_ENABLED: true
+      KC_HTTP_PORT: 80
+      # KC_HTTP_RELATIVE_PATH: /${PATH}
+      KC_HEALTH_ENABLED: true
+      KC_METRICS_ENABLED: true
+
+      KC_PROXY_HEADERS: xforwarded
+      KC_PROXY_ADDRESS_FORWARDING: true
+
+      # KC_LOG: console
+      # KC_LOG_LEVEL: INFO
+      # KC_LOG_CONSOLE_FORMAT: "%d{HH:mm:ss} %-5p [%c{1}] %s%e%n"
+      # KC_LOG_CONSOLE_COLOR: "true"
+
+      # KC_FEATURES: "scripts"
+
+      # KC_HTTPS_TRUST_STORE_FILE: /opt/keycloak/conf/truststore.jks
+      # KC_HTTPS_TRUST_STORE_PASSWORD: ${TRUSTSTORE_PASSWORD}
+    ports:
+      - "${PORT}:80"
+    volumes:
+      - ./data/conf:/opt/keycloak/conf
+      - ./data/data:/opt/keycloak/data
+      - ./data/providers:/opt/keycloak/providers
+      - ./data/themes:/opt/keycloak/themes
+      - ./realm:/opt/keycloak/data/import 
+      # - ./truststore.jks:/opt/keycloak/conf/truststore.jks
+    networks:
+      - nginx
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "curl -f https://${HOSTNAME}/health/ready || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 60s
+
+volumes:
+  keycloak_data:
+    driver: local
+
+networks:
+  nginx:
+    driver: bridge
+    external: true