digitaldemocratic/dd-sso/docker-compose-parts/keycloak.yml

72 lines
2.9 KiB
YAML

#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
version: '3.7'
services:
dd-sso-keycloak:
image: ${KEYCLOAK_IMG}
build:
context: ${BUILD_SSO_ROOT_PATH}/docker/keycloak
args:
- IMG=${KEYCLOAK_IMG}
container_name: dd-sso-keycloak
hostname: sso.${DOMAIN}
volumes:
- /etc/localtime:/etc/localtime:ro
# - ${BUILD_SSO_ROOT_PATH}/init/keycloak/jsons/realm:/opt/keycloak/data/import/
# - ${BUILD_SSO_ROOT_PATH}/init/keycloak/scripts/:/opt/keycloak/startup-scripts/
- ${CUSTOM_PATH}/custom/img:/opt/keycloak/themes/dd/login/resources/custom-img
- ${BUILD_SSO_ROOT_PATH}/docker/keycloak/themes/dd-custom:/opt/keycloak/themes/dd-custom
# - ${BUILD_SSO_ROOT_PATH}/docker/keycloak/extensions/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear:/opt/keycloak/standalone/deployments/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear
environment:
- AVATARS_SERVER_URL=http://dd-sso-avatars:9000
- AVATARS_ACCESS_KEY=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE}
- AVATARS_SECRET_KEY=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY}
- KEYCLOAK_IMPORT=/opt/keycloak/data/import/realm.json
- KC_DB=postgres
- KC_DB_URL=jdbc:postgresql://${KEYCLOAK_DB_ADDR}:5432/${KEYCLOAK_DB_DATABASE}
- KC_DB_USERNAME=${KEYCLOAK_DB_USER}
- KC_DB_PASSWORD=${KEYCLOAK_DB_PASSWORD}
- KC_TRANSACTION_XA_ENABLED=false
- KC_HOSTNAME_STRICT=false
- KC_HTTP_ENABLED=true
- KC_HTTP_PORT=8080
- KC_HOSTNAME_STRICT_HTTPS=false
- KEYCLOAK_ADMIN=${KEYCLOAK_USER}
- KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_PASSWORD}
# - PROXY_ADDRESS_FORWARDING=true
- KC_HOSTNAME_URL=https://sso.${DOMAIN}/auth/
- KC_HOSTNAME_ADMIN_URL=https://sso.${DOMAIN}/auth/
- DDADMIN_USER=${DDADMIN_USER}
- DDADMIN_PASSWORD=${DDADMIN_PASSWORD}
- DDDOMAIN=${DOMAIN}
# - JAVA_OPTS_APPEND=-Dkeycloak.migration.strategy=OVERWRITE_EXISTING
command:
- start --proxy edge --hostname-strict=false --import-realm --http-relative-path=/auth
depends_on:
- ${KEYCLOAK_DB_ADDR}
restart: unless-stopped
networks:
- dd_net
logging:
driver: "json-file"
options:
max-size: "5m"
max-file: "10"