77 lines
No EOL
3.1 KiB
Django/Jinja
77 lines
No EOL
3.1 KiB
Django/Jinja
services:
|
|
postgres:
|
|
image: {{ keycloak_postgres_image }}
|
|
restart: unless-stopped
|
|
environment:
|
|
POSTGRES_DB: {{ keycloak_postgres_db }}
|
|
POSTGRES_USER: {{ keycloak_postgres_user }}
|
|
POSTGRES_PASSWORD: {{ keycloak_postgres_password }}
|
|
volumes:
|
|
- {{ keycloak_docker_volume_dir }}/postgresql:/var/lib/postgresql/data
|
|
networks:
|
|
- {{ keycloak_backend_network }}
|
|
|
|
{{ keycloak_service_name }}:
|
|
image: {{ keycloak_image }}
|
|
restart: unless-stopped
|
|
entrypoint: /bin/sh
|
|
command:
|
|
- -c
|
|
- >
|
|
/opt/keycloak/bin/kc.sh build &&
|
|
/opt/keycloak/bin/kc.sh start --optimized
|
|
environment:
|
|
KC_DB: postgres
|
|
KC_DB_URL: jdbc:postgresql://postgres:5432/{{ keycloak_postgres_db }}
|
|
KC_DB_USERNAME: {{ keycloak_postgres_user }}
|
|
KC_DB_PASSWORD: {{ keycloak_postgres_password }}
|
|
KEYCLOAK_ADMIN: {{ keycloak_admin_user }}
|
|
KEYCLOAK_ADMIN_PASSWORD: {{ keycloak_admin_password }}
|
|
KC_LOG_LEVEL: {{ keycloak_log_level }}
|
|
KC_SPI_RESOURCE_ENCODING_GZIP_ENABLED: {{ keycloak_gzip_enabled | lower }}
|
|
KC_SPI_RESOURCE_ENCODING_GZIP_CACHE_DIR: /opt/keycloak/data/gzip-cache
|
|
KC_PROXY: {{ keycloak_proxy_mode }}
|
|
KC_HOSTNAME: {{ keycloak_domain }}
|
|
KC_HEALTH_ENABLED: "true"
|
|
{% if keycloak_truststore_certificates | length > 0 %}
|
|
KC_TRUSTSTORE_PATHS: "{{ keycloak_truststore_certificates | map('regex_replace', '^.*/(.*)$', '/opt/keycloak/certs/\\1') | join(',') }}"
|
|
{% endif %}
|
|
depends_on:
|
|
- postgres
|
|
volumes:
|
|
- {{ keycloak_docker_volume_dir }}/data:/opt/keycloak/data
|
|
{% for cert in keycloak_truststore_certificates %}
|
|
- {{ cert }}:/opt/keycloak/certs/{{ cert | basename }}:ro
|
|
{% endfor %}
|
|
networks:
|
|
- {{ keycloak_backend_network }}
|
|
- {{ keycloak_traefik_network }}
|
|
{% if keycloak_extra_hosts | length > 0 %}
|
|
extra_hosts:
|
|
{% for host in keycloak_extra_hosts %}
|
|
- "{{ host }}"
|
|
{% endfor %}
|
|
{% endif %}
|
|
tmpfs:
|
|
- /opt/keycloak/data/tmp:size=1024m
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.docker.network={{ keycloak_traefik_network }}
|
|
- traefik.http.routers.{{ keycloak_service_name }}.rule=Host(`{{ keycloak_domain }}`)
|
|
{% if keycloak_use_ssl %}
|
|
- traefik.http.routers.{{ keycloak_service_name }}.entrypoints=websecure
|
|
- traefik.http.routers.{{ keycloak_service_name }}.tls=true
|
|
{% else %}
|
|
- traefik.http.routers.{{ keycloak_service_name }}.entrypoints=web
|
|
{% endif %}
|
|
- traefik.http.services.{{ keycloak_service_name }}.loadbalancer.server.port={{ keycloak_port }}
|
|
# Middleware: Keycloak proxy headers
|
|
- traefik.http.routers.{{ keycloak_service_name }}.middlewares={{ keycloak_service_name }}-headers
|
|
- traefik.http.middlewares.{{ keycloak_service_name }}-headers.headers.customrequestheaders.X-Forwarded-Proto=https
|
|
- traefik.http.middlewares.{{ keycloak_service_name }}-headers.headers.customrequestheaders.X-Forwarded-Host={{ keycloak_domain }}
|
|
- traefik.http.middlewares.{{ keycloak_service_name }}-headers.headers.customrequestheaders.X-Forwarded-Port=443
|
|
|
|
networks:
|
|
{{ keycloak_backend_network }}:
|
|
{{ keycloak_traefik_network }}:
|
|
external: true |