Initial commit
Integrate keycloak with opencloud LDAP Integrate with gitea TO DO: Change gitea group token claim name to reflect new token structure required by OpenCloud LDAP
This commit is contained in:
5
.gitignore
vendored
Normal file
5
.gitignore
vendored
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
.env
|
||||||
|
/data
|
||||||
|
/realm
|
||||||
|
/realm-backups
|
||||||
|
/truststore
|
||||||
73
docker-compose.yml
Normal file
73
docker-compose.yml
Normal file
@@ -0,0 +1,73 @@
|
|||||||
|
services:
|
||||||
|
keycloak:
|
||||||
|
image: quay.io/keycloak/keycloak:26.3.3 #latest
|
||||||
|
container_name: keycloak
|
||||||
|
user: "0"
|
||||||
|
command: start # start-dev
|
||||||
|
# --import-realm
|
||||||
|
# --features=scripts
|
||||||
|
# --log=console
|
||||||
|
# --log-level=DEBUG
|
||||||
|
# --log-console-output=default
|
||||||
|
# --optimized
|
||||||
|
environment:
|
||||||
|
KC_DB: ${KC_DB}
|
||||||
|
KC_DB_URL: ${KC_DB_URL}
|
||||||
|
KC_DB_USERNAME: ${KC_DB_USERNAME}
|
||||||
|
KC_DB_PASSWORD: ${KC_DB_PASSWORD}
|
||||||
|
|
||||||
|
# Keycloak admin user
|
||||||
|
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
|
||||||
|
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
|
||||||
|
|
||||||
|
# Hostname configuration
|
||||||
|
KC_HOSTNAME: ${HOSTNAME}
|
||||||
|
|
||||||
|
KEYCLOAK_FRONTEND_URL: https://${HOSTNAME}
|
||||||
|
|
||||||
|
# HTTP configuration
|
||||||
|
KC_HTTP_ENABLED: true
|
||||||
|
KC_HTTP_PORT: 80
|
||||||
|
# KC_HTTP_RELATIVE_PATH: /${PATH}
|
||||||
|
KC_HEALTH_ENABLED: true
|
||||||
|
KC_METRICS_ENABLED: true
|
||||||
|
|
||||||
|
KC_PROXY_HEADERS: xforwarded
|
||||||
|
KC_PROXY_ADDRESS_FORWARDING: true
|
||||||
|
|
||||||
|
# KC_LOG: console
|
||||||
|
# KC_LOG_LEVEL: INFO
|
||||||
|
# KC_LOG_CONSOLE_FORMAT: "%d{HH:mm:ss} %-5p [%c{1}] %s%e%n"
|
||||||
|
# KC_LOG_CONSOLE_COLOR: "true"
|
||||||
|
|
||||||
|
# KC_FEATURES: "scripts"
|
||||||
|
|
||||||
|
# KC_HTTPS_TRUST_STORE_FILE: /opt/keycloak/conf/truststore.jks
|
||||||
|
# KC_HTTPS_TRUST_STORE_PASSWORD: ${TRUSTSTORE_PASSWORD}
|
||||||
|
ports:
|
||||||
|
- "${PORT}:80"
|
||||||
|
volumes:
|
||||||
|
- ./data/conf:/opt/keycloak/conf
|
||||||
|
- ./data/data:/opt/keycloak/data
|
||||||
|
- ./data/providers:/opt/keycloak/providers
|
||||||
|
- ./data/themes:/opt/keycloak/themes
|
||||||
|
- ./realm:/opt/keycloak/data/import
|
||||||
|
# - ./truststore.jks:/opt/keycloak/conf/truststore.jks
|
||||||
|
networks:
|
||||||
|
- nginx
|
||||||
|
restart: unless-stopped
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "curl -f https://${HOSTNAME}/health/ready || exit 1"]
|
||||||
|
interval: 30s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 3
|
||||||
|
start_period: 60s
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
keycloak_data:
|
||||||
|
driver: local
|
||||||
|
|
||||||
|
networks:
|
||||||
|
nginx:
|
||||||
|
driver: bridge
|
||||||
|
external: true
|
||||||
Reference in New Issue
Block a user