From 81bed17c95d645bd0d23a2025cb7e415734957a4 Mon Sep 17 00:00:00 2001
From: LRVT <21357789+l4rm4nd@users.noreply.github.com>
Date: Tue, 27 Aug 2024 15:13:28 +0200
Subject: [PATCH] add keycloak

---
 README.md                            |  2 +-
 examples/keycloak/README.md          | 23 +++++++++
 examples/keycloak/docker-compose.yml | 76 ++++++++++++++++++++++++++++
 examples/keycloak/env.example        | 11 ++++
 4 files changed, 111 insertions(+), 1 deletion(-)
 create mode 100644 examples/keycloak/README.md
 create mode 100644 examples/keycloak/docker-compose.yml
 create mode 100644 examples/keycloak/env.example

diff --git a/README.md b/README.md
index 41039f4..ee98a7e 100644
--- a/README.md
+++ b/README.md
@@ -120,7 +120,7 @@ A [proxy](https://en.wikipedia.org/wiki/Proxy_server) is a server application th
 
 - [Authelia](examples/authelia) - Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies by allowing, denying, or redirecting requests. Recommended to combine with [Traefik](examples/traefik).
 - [Authentik](examples/authentik) - Authentik is an open-source Identity Provider focused on flexibility and versatility.
-- [Keycloak](https://github.com/keycloak/keycloak-containers/tree/main/docker-compose-examples) - Keycloak is an open-source Identity and Access Management (IAM) solution for modern applications and services.
+- [Keycloak](examples/keycloak) - Keycloak is an open-source Identity and Access Management (IAM) solution for modern applications and services.
 - [lldap](examples/lldap) - lldap is a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication. It integrates with many backends, from KeyCloak to Authelia to Nextcloud and more.
 
 ### Large Language Models & AI
diff --git a/examples/keycloak/README.md b/examples/keycloak/README.md
new file mode 100644
index 0000000..b415b07
--- /dev/null
+++ b/examples/keycloak/README.md
@@ -0,0 +1,23 @@
+# References
+
+- https://github.com/keycloak/keycloak
+- https://www.keycloak.org/getting-started/getting-started-docker
+
+# Notes
+
+````
+# copy example env file
+cp env.example .env
+
+# adjust env to your needs
+# adjust the compose.yml to your needs
+nano .env
+nano docker-compose.yml
+
+# create docker networks
+docker network create proxy
+docker network create keycloak-internal
+
+# spawn the stack
+docker compose up -d
+````
diff --git a/examples/keycloak/docker-compose.yml b/examples/keycloak/docker-compose.yml
new file mode 100644
index 0000000..74bbe4c
--- /dev/null
+++ b/examples/keycloak/docker-compose.yml
@@ -0,0 +1,76 @@
+version: '3.7'
+
+services:
+  postgres:
+    image: postgres:16-alpine
+    container_name: keycloak-db
+    restart: always
+    expose:
+      - 5432
+    volumes:
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/keycloak/database:/var/lib/postgresql/data
+    environment:
+      POSTGRES_DB: ${POSTGRES_DB}
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+    healthcheck:
+      test: [ "CMD", "pg_isready", "-q", "-d", "${KEYCLOAK_DB_NAME}", "-U", "${KEYCLOAK_DB_USER}" ]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 60s      
+    networks:
+      - keycloak-internal
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:25.0
+    container_name: keycloak-app
+    command: start
+    environment:
+      KC_HOSTNAME: ${KEYCLOAK_HOSTNAME}
+      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
+      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+      KC_DB: postgres
+      KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB}
+      KC_DB_USERNAME: ${POSTGRES_USER}
+      KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
+      KC_PROXY_HEADERS: 'xforwarded'
+      KC_HTTP_ENABLED: true
+      KC_HEALTH_ENABLED: true
+      PROXY_ADDRESS_FORWARDING: 'true'
+    healthcheck:
+      test:
+      - "CMD-SHELL"
+      - |
+        exec 3<>/dev/tcp/localhost/9000 &&
+        echo -e 'GET /health/ready HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n' >&3 &&
+        cat <&3 | tee /tmp/healthcheck.log | grep -q '200 OK'
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 90s
+    ports:
+      - 8080:8080
+    expose:
+      - 8080 # web ui http
+      - 9000 # health endpoint
+    restart: always
+    depends_on:
+      postgres:
+        condition: service_healthy
+    networks:
+      - keycloak-internal
+    #  - proxy
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.docker.network=proxy
+    #  - traefik.http.routers.keycloak.rule=Host(`keycloak.example.com`)
+    #  - traefik.http.services.keycloak.loadbalancer.server.port=8080
+    #  # Optional part for traefik middlewares
+    #  - traefik.http.routers.keycloak.middlewares=local-ipwhitelist@file
+
+networks:
+  keycloak-internal:
+    internal: true
+  #proxy:
+  #  external: true    
\ No newline at end of file
diff --git a/examples/keycloak/env.example b/examples/keycloak/env.example
new file mode 100644
index 0000000..a5ba4e9
--- /dev/null
+++ b/examples/keycloak/env.example
@@ -0,0 +1,11 @@
+# define FQDN hostname
+KEYCLOAK_HOSTNAME=keycloak.example.com
+
+# define login credentials
+KEYCLOAK_ADMIN=admin
+KEYCLOAK_ADMIN_PASSWORD=password
+
+# define database credentials
+POSTGRES_DB=keycloak_db
+POSTGRES_USER=keycloak_db_user
+POSTGRES_PASSWORD=keycloak_db_user_password