services: keycloak: image: quay.io/keycloak/keycloak:latest container_name: keycloak_keycloak networks: keycloak: aliases: - keycloak web: aliases: - keycloak restart: "no" depends_on: - postgres command: start --hostname=keycloak.jafner.net secrets: - keycloak_KC_DB_PASSWORD - keycloak_DB_PASS - keycloak_KEYCLOAK_ADMIN_PASSWORD environment: KC_DB: postgres KC_DB_URL: jdbc:postgresql://postgres/keycloak KC_DB_USERNAME: keycloak KC_HOSTNAME_URL: https://keycloak.jafner.net KC_PROXY: edge KC_HEALTH_ENABLED: true KC_METRICS_ENABLED: true KEYCLOAK_ADMIN: Jafner KC_DB_PASSWORD: /run/secrets/keycloak_KC_DB_PASSWORD DB_PASS: /run/secrets/keycloak_DB_PASS KEYCLOAK_ADMIN_PASSWORD: /run/secrets/keycloak_KEYCLOAK_ADMIN_PASSWORD labels: traefik.http.routers.keycloak.rule: Host(`keycloak.jafner.net`) traefik.http.routers.keycloak.tls.certresolver: lets-encrypt traefik.http.routers.keycloak.middlewares: keycloak-redirect traefik.http.services.keycloak.loadbalancer.server.port: 8080 traefik.http.middlewares.keycloak-redirect.redirectregex.regex: ^https:\\/\\/([^\\//]+)\\/?$$" traefik.http.middlewares.keycloak-redirect.redirectregex.replacement: https://$$1/admin" forwardauth: image: mesosphere/traefik-forward-auth:latest container_name: keycloak_forwardauth networks: web: aliases: - forwardauth restart: "no" command: "./traefik-forward-auth" depends_on: - keycloak secrets: - forwardauth_CLIENT_SECRET - forwardauth_SECRET - forwardauth_ENCRYPTION_KEY environment: PROVIDER_URI: "https://keycloak.jafner.net/realms/Jafner.net" CLIENT_ID: "traefik-forward-auth" LOG_LEVEL: "debug" CLIENT_SECRET: /run/secrets/forwardauth_CLIENT_SECRET SECRET: /run/secrets/forwardauth_SECRET ENCRYPTION_KEY: /run/secrets/forwardauth_ENCRYPTION_KEY labels: - "traefik.enable=false" - "traefik.http.routers.forwardauth.rule=Path(`/_oauth`)" - "traefik.http.routers.forwardauth.tls.certresolver=lets-encrypt" forwardauth-privileged: image: mesosphere/traefik-forward-auth:latest container_name: keycloak_forwardauth-privileged networks: web: aliases: - forwardauth-privileged restart: "no" command: "./traefik-forward-auth --whitelist=jafner425@gmail.com" depends_on: - keycloak secrets: - forwardauth_privileged_CLIENT_SECRET - forwardauth_privileged_SECRET - forwardauth_privileged_ENCRYPTION_KEY environment: PROVIDER_URI: "https://keycloak.jafner.net/realms/Jafner.net" CLIENT_ID: "traefik-forward-auth-privileged" LOG_LEVEL: "debug" CLIENT_SECRET: /run/secrets/forwardauth_privileged_CLIENT_SECRET SECRET: /run/secrets/forwardauth_privileged_SECRET ENCRYPTION_KEY: /run/secrets/forwardauth_privileged_ENCRYPTION_KEY labels: - "traefik.enable=false" - "traefik.http.routers.forwardauth-privileged.rule=Path(`/_oauth`)" - "traefik.http.routers.forwardauth-privileged.tls.certresolver=lets-encrypt" postgres: image: postgres:latest container_name: keycloak_postgres networks: - keycloak secrets: - postgres_POSTGRES_USER - postgres_POSTGRES_PASSWORD environment: POSTGRES_DB: keycloak POSTGRES_USER: /run/secrets/postgres_POSTGRES_USER POSTGRES_PASSWORD: /run/secrets/postgres_POSTGRES_PASSWORD volumes: - postgres_data:/var/lib/postgresql/data networks: web: external: true keycloak: volumes: postgres_data: secrets: forwardauth_privileged_CLIENT_SECRET: file: ./secrets/forwardauth-privileged_CLIENT_SECRET.txt forwardauth_privileged_SECRET: file: ./secrets/forwardauth-privileged_SECRET.txt forwardauth_privileged_ENCRYPTION_KEY: file: ./secrets/forwardauth-privileged_ENCRYPTION_KEY.txt forwardauth_CLIENT_SECRET: file: ./secrets/forwardauth_CLIENT_SECRET.txt forwardauth_SECRET: file: ./secrets/forwardauth_SECRET.txt forwardauth_ENCRYPTION_KEY: file: ./secrets/forwardauth_ENCRYPTION_KEY.txt keycloak_KC_DB_PASSWORD: file: ./secrets/keycloak_KC_DB_PASSWORD.txt keycloak_DB_PASS: file: ./secrets/keycloak_DB_PASS.txt keycloak_KEYCLOAK_ADMIN_PASSWORD: file: ./secrets/keycloak_KEYCLOAK_ADMIN_PASSWORD.txt postgres_POSTGRES_USER: file: ./secrets/postgres_POSTGRES_USER.txt postgres_POSTGRES_PASSWORD: file: ./secrets/postgres_POSTGRES_PASSWORD.txt