94 lines
3.9 KiB
YAML
94 lines
3.9 KiB
YAML
captainVersion: 4
|
|
services:
|
|
$$cap_appname-db:
|
|
image: postgres:$$cap_postgres_version
|
|
volumes:
|
|
- $$cap_appname-db-data:/var/lib/postgresql/data
|
|
restart: always
|
|
environment:
|
|
POSTGRES_USER: keycloak
|
|
POSTGRES_PASSWORD: $$cap_pg_pass
|
|
POSTGRES_DB: keycloak
|
|
caproverExtra:
|
|
notExposeAsWebApp: 'true'
|
|
$$cap_appname:
|
|
depends_on:
|
|
- $$cap_appname-db
|
|
restart: always
|
|
environment:
|
|
KEYCLOAK_ADMIN: $$cap_keycloak_admin
|
|
KEYCLOAK_ADMIN_PASSWORD: $$cap_keycloak_password
|
|
KC_DB_PASSWORD: $$cap_pg_pass
|
|
caproverExtra:
|
|
containerHttpPort: '8080'
|
|
dockerfileLines:
|
|
- FROM quay.io/keycloak/keycloak:$$cap_keycloak_version as builder
|
|
- ENV KC_HEALTH_ENABLED=true
|
|
- ENV KC_METRICS_ENABLED=false
|
|
- ENV KC_FEATURES=token-exchange,recovery-codes
|
|
- ENV KC_DB=postgres
|
|
- RUN /opt/keycloak/bin/kc.sh build
|
|
|
|
- FROM quay.io/keycloak/keycloak:$$cap_keycloak_version
|
|
- COPY --from=builder /opt/keycloak/ /opt/keycloak/
|
|
- WORKDIR /opt/keycloak
|
|
- ENV KC_DB_URL=jdbc:postgresql://srv-captain--$$cap_appname-db/keycloak
|
|
- ENV KC_DB_USERNAME=keycloak
|
|
- ENV KC_DB_PASSWORD=$$cap_pg_pass
|
|
- ENV KC_HOSTNAME=$$cap_appname.$$cap_root_domain
|
|
- ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start", "--optimized", "--proxy=edge"]
|
|
|
|
caproverOneClickApp:
|
|
variables:
|
|
- id: $$cap_postgres_version
|
|
label: Postgres Version
|
|
defaultValue: '15'
|
|
description: Check out Keycloak DB page for any valid major tested https://www.keycloak.org/server/db
|
|
validRegex: /^([^\s^\/])+$/
|
|
- id: $$cap_keycloak_version
|
|
label: Keycloak Version
|
|
defaultValue: '23.0.1'
|
|
description: v23.0.1 current as of 2023-12-06. Check out Keycloak Docker page for the valid tags https://quay.io/repository/keycloak/keycloak?tab=tags
|
|
validRegex: /^([^\s^\/])+$/
|
|
- id: $$cap_pg_pass
|
|
label: Postgres Password
|
|
description: 'App-to-app database credential. 12-20 characters.'
|
|
defaultValue: $$cap_gen_random_hex(20)
|
|
validRegex: /.{12,20}/
|
|
- id: $$cap_keycloak_admin
|
|
label: Keycloak admin user
|
|
description: 'Login username for the admin web user.'
|
|
defaultValue: 'admin'
|
|
validRegex: /.{1,}/
|
|
- id: $$cap_keycloak_password
|
|
label: Keycloak admin password
|
|
description: 'Login password for the admin web user. 12-20 characters.'
|
|
defaultValue: $$cap_gen_random_hex(20)
|
|
validRegex: /.{12,20}/
|
|
instructions:
|
|
start: >-
|
|
Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services. It makes it easy to secure applications and services with little to no code.
|
|
|
|
For documentation, see: https://www.keycloak.org/documentation.html
|
|
|
|
For source code, see: https://github.com/keycloak/keycloak
|
|
|
|
For docker image, see: https://quay.io/repository/keycloak/keycloak
|
|
|
|
Enter your Keycloak Configuration parameters and click on next.
|
|
end: >
|
|
Keycloak is deployed and available as $$cap_appname.
|
|
|
|
Before starting using Keycloak, you'll need to
|
|
|
|
- Enable HTTPS
|
|
|
|
- Force HTTPS by redirecting all HTTP traffic to HTTPS
|
|
|
|
|
|
IMPORTANT: It will take up to 1 minutes for Keycloak to be ready. Before that, you might see 502 error page.
|
|
displayName: 'Keycloak'
|
|
isOfficial: true
|
|
description: Keycloak is an open source identity and access management solution
|
|
documentation: Taken from https://github.com/keycloak/keycloak-containers/blob/main/docker-compose-examples/keycloak-postgres.yml
|