mirror of
https://github.com/Haxxnet/Compose-Examples
synced 2024-10-05 20:39:34 +00:00
add keycloak
This commit is contained in:
LRVT
parent
8d5bbf0214
commit
81bed17c95
|
|
@ -120,7 +120,7 @@ A [proxy](https://en.wikipedia.org/wiki/Proxy_server) is a server application th
|
|||
|
||||
- [Authelia](examples/authelia) - Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies by allowing, denying, or redirecting requests. Recommended to combine with [Traefik](examples/traefik).
|
||||
- [Authentik](examples/authentik) - Authentik is an open-source Identity Provider focused on flexibility and versatility.
|
||||
- [Keycloak](https://github.com/keycloak/keycloak-containers/tree/main/docker-compose-examples) - Keycloak is an open-source Identity and Access Management (IAM) solution for modern applications and services.
|
||||
- [Keycloak](examples/keycloak) - Keycloak is an open-source Identity and Access Management (IAM) solution for modern applications and services.
|
||||
- [lldap](examples/lldap) - lldap is a lightweight authentication server that provides an opinionated, simplified LDAP interface for authentication. It integrates with many backends, from KeyCloak to Authelia to Nextcloud and more.
|
||||
|
||||
### Large Language Models & AI
|
||||
|
|
|
|||
23
examples/keycloak/README.md
Normal file
23
examples/keycloak/README.md
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
# References
|
||||
|
||||
- https://github.com/keycloak/keycloak
|
||||
- https://www.keycloak.org/getting-started/getting-started-docker
|
||||
|
||||
# Notes
|
||||
|
||||
````
|
||||
# copy example env file
|
||||
cp env.example .env
|
||||
|
||||
# adjust env to your needs
|
||||
# adjust the compose.yml to your needs
|
||||
nano .env
|
||||
nano docker-compose.yml
|
||||
|
||||
# create docker networks
|
||||
docker network create proxy
|
||||
docker network create keycloak-internal
|
||||
|
||||
# spawn the stack
|
||||
docker compose up -d
|
||||
````
|
||||
76
examples/keycloak/docker-compose.yml
Normal file
76
examples/keycloak/docker-compose.yml
Normal file
|
|
@ -0,0 +1,76 @@
|
|||
version: '3.7'
|
||||
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:16-alpine
|
||||
container_name: keycloak-db
|
||||
restart: always
|
||||
expose:
|
||||
- 5432
|
||||
volumes:
|
||||
- ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/keycloak/database:/var/lib/postgresql/data
|
||||
environment:
|
||||
POSTGRES_DB: ${POSTGRES_DB}
|
||||
POSTGRES_USER: ${POSTGRES_USER}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
healthcheck:
|
||||
test: [ "CMD", "pg_isready", "-q", "-d", "${KEYCLOAK_DB_NAME}", "-U", "${KEYCLOAK_DB_USER}" ]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
start_period: 60s
|
||||
networks:
|
||||
- keycloak-internal
|
||||
|
||||
keycloak:
|
||||
image: quay.io/keycloak/keycloak:25.0
|
||||
container_name: keycloak-app
|
||||
command: start
|
||||
environment:
|
||||
KC_HOSTNAME: ${KEYCLOAK_HOSTNAME}
|
||||
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
|
||||
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
|
||||
KC_DB: postgres
|
||||
KC_DB_URL: jdbc:postgresql://postgres/${POSTGRES_DB}
|
||||
KC_DB_USERNAME: ${POSTGRES_USER}
|
||||
KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
|
||||
KC_PROXY_HEADERS: 'xforwarded'
|
||||
KC_HTTP_ENABLED: true
|
||||
KC_HEALTH_ENABLED: true
|
||||
PROXY_ADDRESS_FORWARDING: 'true'
|
||||
healthcheck:
|
||||
test:
|
||||
- "CMD-SHELL"
|
||||
- |
|
||||
exec 3<>/dev/tcp/localhost/9000 &&
|
||||
echo -e 'GET /health/ready HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n' >&3 &&
|
||||
cat <&3 | tee /tmp/healthcheck.log | grep -q '200 OK'
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
start_period: 90s
|
||||
ports:
|
||||
- 8080:8080
|
||||
expose:
|
||||
- 8080 # web ui http
|
||||
- 9000 # health endpoint
|
||||
restart: always
|
||||
depends_on:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- keycloak-internal
|
||||
# - proxy
|
||||
#labels:
|
||||
# - traefik.enable=true
|
||||
# - traefik.docker.network=proxy
|
||||
# - traefik.http.routers.keycloak.rule=Host(`keycloak.example.com`)
|
||||
# - traefik.http.services.keycloak.loadbalancer.server.port=8080
|
||||
# # Optional part for traefik middlewares
|
||||
# - traefik.http.routers.keycloak.middlewares=local-ipwhitelist@file
|
||||
|
||||
networks:
|
||||
keycloak-internal:
|
||||
internal: true
|
||||
#proxy:
|
||||
# external: true
|
||||
11
examples/keycloak/env.example
Normal file
11
examples/keycloak/env.example
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
# define FQDN hostname
|
||||
KEYCLOAK_HOSTNAME=keycloak.example.com
|
||||
|
||||
# define login credentials
|
||||
KEYCLOAK_ADMIN=admin
|
||||
KEYCLOAK_ADMIN_PASSWORD=password
|
||||
|
||||
# define database credentials
|
||||
POSTGRES_DB=keycloak_db
|
||||
POSTGRES_USER=keycloak_db_user
|
||||
POSTGRES_PASSWORD=keycloak_db_user_password
|
||||
Loading…
Reference in New Issue
Block a user