version: '3.3'

networks:
  keycloak_network:

services:
  nginx_proxy:
    image: nginx:1.22.0
    container_name: keycloak_nginx_proxy
    restart: unless-stopped
    networks:
      - keycloak_network
    volumes:
      - /opt/nginx-proxy/nginx.conf:/etc/nginx/nginx.conf
      - /opt/nginx-proxy/acme:/acme:ro
      - /opt/nginx-proxy/certs:/certs:ro
    ports:
      - 80:80
      - 443:443

  postgres:
    image: postgres:14.5
    container_name: keycloak_postgresql
    restart: unless-stopped
    networks:
      - keycloak_network
    volumes:
      - /opt/volumes/postgres/data:/var/lib/postgresql/data
      - /etc/localtime:/etc/localtime:ro
    environment:
      - POSTGRES_DB=${POSTGRES_DB}
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}

  keycloak:
    image: quay.io/keycloak/keycloak:19.0.1
    container_name: keycloak
    restart: unless-stopped
    networks:
      - keycloak_network
    depends_on:
      - nginx_proxy
      - postgres
    command: start --optimized --hostname=${KEYCLOAK_HOSTNAME} --proxy=edge --hostname-strict-https=false
    volumes:
      - /etc/localtime:/etc/localtime:ro
    environment:
      - PROXY_ADDRESS_FORWARDING=true           # Important for reverse proxy
      - KEYCLOAK_ADMIN=${KEYCLOAK_USER}
      - KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_PASSWORD}
      - DB_VENDOR=POSTGRES
      - DB_ADDR=postgres
      - DB_SCHEMA=public
      - DB_DATABASE=${POSTGRES_DB}
      - DB_USER=${POSTGRES_USER}
      - DB_PASSWORD=${POSTGRES_PASSWORD}