60 lines
1.5 KiB
Django/Jinja
60 lines
1.5 KiB
Django/Jinja
services:
|
|
db:
|
|
image: postgres:16
|
|
restart: always
|
|
environment:
|
|
- POSTGRES_USER=${DB_USER}
|
|
- POSTGRES_PASSWORD=${DB_PASSWORD}
|
|
- POSTGRES_DB=keycloak
|
|
networks:
|
|
- default
|
|
volumes:
|
|
- {{ service_directory }}/data/db:/var/lib/postgresql/data
|
|
|
|
keycloak:
|
|
image: quay.io/keycloak/keycloak:26.4.0
|
|
environment:
|
|
- USER_UID={{ service_user_id }}
|
|
- USER_GID={{ service_group_id }}
|
|
|
|
# Admin-Bootstrap
|
|
- KC_BOOTSTRAP_ADMIN_USERNAME=admin
|
|
- KC_BOOTSTRAP_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD}
|
|
|
|
# DB
|
|
- KC_DB=postgres
|
|
- KC_DB_URL=jdbc:postgresql://db:5432/keycloak
|
|
- KC_DB_USERNAME=${DB_USER}
|
|
- KC_DB_PASSWORD=${DB_PASSWORD}
|
|
|
|
# Reverse-Proxy / Hostname
|
|
- KC_HOSTNAME=auth.lehmannhaus.de # <- deine Domain
|
|
- KC_PROXY=edge # erwartet TLS am Proxy
|
|
- KC_HTTP_ENABLED=true # intern Klartext (NPM macht TLS)
|
|
- KC_HOSTNAME_STRICT_HTTPS=true
|
|
|
|
# optional: Health/Metrics
|
|
- KC_HEALTH_ENABLED=true
|
|
- KC_METRICS_ENABLED=true
|
|
|
|
restart: always
|
|
volumes:
|
|
- {{ service_directory }}/data/keycloak:/opt/keycloak/data
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
ports:
|
|
- "8080:8080"
|
|
depends_on:
|
|
db:
|
|
command: ["start"]
|
|
networks:
|
|
- default
|
|
|
|
networks:
|
|
default:
|
|
ipam:
|
|
driver: default
|
|
config:
|
|
- subnet: 172.10.0.0/16
|
|
gateway: 172.10.0.1
|