NUSMods' auth service is a Dockerized, self-hosted instance of the Keycloak Identity and Access Manangement Solution deployed to Dokku. It is based off Keycloak's official docker image with some slight modifications. This repository was originally forked from https://github.com/mieckert/keycloak-heroku, which adapted Keycloak to work with Heroku.
This section contains instructions to deploy this service to NUSMods production servers.
- On server: Install Dokku
- At this point, you may have to whitelist an SSH key with Dokku.
- On server:
dokku domains:set-global 2.nusmods.com
- On server:
sudo dokku plugin:install https://github.com/dokku/dokku-postgres.git
- On server:
sudo dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git
- On server:
dokku apps:create keycloak
- On server:
dokku postgres:create keycloakdb
- On server:
dokku postgres:link keycloakdb keycloak
- On your machine:
git clone https://github.com/nusmodifications/nusmods-auth-service.git
- On your machine:
cd nusmods-auth-service
- On your machine:
git remote add dokku dokku@nusmods2:keycloak
- On your machine:
git push dokku master
- On server:
dokku proxy:ports-set keycloak http:80:8080
- On server:
dokku letsencrypt keycloak
- On server:
dokku config:set keycloak KEYCLOAK_USER=<admin user> KEYCLOAK_PASSWORD=<admin password> PROXY_ADDRESS_FORWARDING=true
(not sure if PAF is neccesary) - On server:
dokku proxy:ports-set keycloak http:80:8080 https:443:8080
(don't use Keycloak's port 8443 as it will try to do HTTPS itself instead of letting our reverse proxy do it for us)
On your machine:
cd nusmods-auth-service
git pull
- Update the
jboss/keycloak
image version in Dockerfile and commit the changes. - Deploy:
git push dokku master
- Update the origin repo:
git push origin master