-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathkeycloak.yml
89 lines (86 loc) · 2.36 KB
/
keycloak.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
version: "3.7"
services:
keycloak_db:
image: postgres:12.12-alpine
networks:
- keycloak
volumes:
- "${HTPC_CONFIG_DIR}/keycloak_db:/var/lib/postgresql/data"
environment:
- PUID=${PUID}
- PGID=${GROUP_ID_DOWNLOADERS}
- TZ=${TZ}
- POSTGRES_DB=keycloak
- POSTGRES_USER=keycloak
- POSTGRES_PASSWORD=password
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 2m
timeout: 5s
retries: 3
start_period: 3m
deploy:
restart_policy:
condition: on-failure
keycloak:
image: jboss/keycloak:16.1.1
networks:
- overlay_network
- keycloak
secrets:
- keycloak_admin_password
environment:
- PUID=${PUID}
- PGID=${GROUP_ID_DOWNLOADERS}
- TZ=${TZ}
env_file:
- keycloak.env
depends_on:
- keycloak_db
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/auth/"]
interval: 2m
timeout: 5s
retries: 3
start_period: 3m
deploy:
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
- traefik.http.routers.keycloak.entrypoints=websecure
- traefik.http.routers.keycloak.rule=Host(`keycloak.${HTPC_DOMAIN}`)
- traefik.http.routers.keycloak.tls=true
- traefik.http.services.keycloak.loadbalancer.server.port=8080
forward-auth:
image: thomseddon/traefik-forward-auth:2.2
networks:
- overlay_network
environment:
- PUID=${PUID}
- PGID=${GROUP_ID_DOWNLOADERS}
- TZ=${TZ}
- PROVIDERS_OIDC_ISSUER_URL=https://keycloak.${HTPC_DOMAIN}/auth/realms/${HTPC_KEYCLOAK_REALM}
- COOKIE_DOMAIN=${HTPC_DOMAIN}
- AUTH_HOST=auth.${HTPC_DOMAIN}
env_file:
- forward-auth.env
depends_on:
- keycloak
deploy:
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
- traefik.http.routers.forward-auth.entrypoints=websecure
- traefik.http.routers.forward-auth.rule=Host(`auth.${HTPC_DOMAIN}`)
- traefik.http.routers.forward-auth.tls=true
- traefik.http.routers.forward-auth.middlewares=auth
- traefik.http.services.forward-auth.loadbalancer.server.port=4181
secrets:
keycloak_admin_password:
external: true
networks:
keycloak:
overlay_network:
external: true