Jafner/homelab
1
1
Fork 0
Code Issues 15 Pull Requests Actions Packages Projects Releases Wiki Activity

#113 Update to working config

Browse Source
This commit is contained in:
Joey Hafner 2024-01-05 17:42:09 -08:00
parent 42929cc542
commit 9e2dcf0135
4 changed files with 36 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
fighter/config/keycloak/Dockerfile
View File

@ -5,7 +5,7 @@ ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
# Configure a database vendor
ENV KC_DB=${DB:-postgres}
ENV KC_DB=postgres
WORKDIR /opt/keycloak
# for demonstration purposes only, please make sure to use proper certificates in production instead
@ -16,9 +16,10 @@ FROM quay.io/keycloak/keycloak:latest
COPY --from=builder /opt/keycloak/ /opt/keycloak/
# change these values to point to a running postgres instance
ENV KC_DB=${DB:-postgres}
ENV KC_DB_URL=${DB_URL:-postgres}
ENV KC_DB_USERNAME=${DB_USER:-keycloak}
ENV KC_DB_PASSWORD=${DB_PASS:-changeme}
ENV KC_HOSTNAME=${HOST:-keycloak}
ENV KC_DB=${DB}
ENV KC_DB_URL=${DB_URL}
ENV KC_DB_USERNAME=${DB_USER}
ENV KC_DB_PASSWORD=${DB_PASS}
ENV KC_HOSTNAME=${HOST}
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]

25
fighter/config/keycloak/docker-compose.yml
View File

@ -66,34 +66,39 @@ services:
- "traefik.http.routers.forwardauth-privileged.tls.certresolver=lets-encrypt"
keycloak-wip:
build:
dockerfile: Dockerfile
context: .
image: quay.io/keycloak/keycloak:23.0
container_name: keycloak_keycloak-wip
volumes:
- $KEYCLOAK_DATA/import:/opt/keycloak/data/import
networks:
keycloak:
aliases:
- keycloak-wip
web:
aliases:
- keycloak
keycloak:
- keycloak-wip
restart: "no"
depends_on:
- postgres
command: start
env_file:
- keycloak-wip.env
- keycloak-wip_secrets.env
labels:
traefik.http.routers.keycloak.rule: Host(`keycloak-wip.jafner.net`)
traefik.http.routers.keycloak.tls.certresolver: lets-encrypt
traefik.http.routers.keycloak.middlewares: lan-only@file
traefik.http.services.keycloak.loadbalancer.server.port: 8080
traefik.http.routers.keycloak-wip.rule: Host(`keycloak-wip.jafner.net`)
traefik.http.routers.keycloak-wip.tls.certresolver: lets-encrypt
traefik.http.routers.keycloak-wip.middlewares: keycloak-redirect
traefik.http.services.keycloak-wip.loadbalancer.server.port: 8080
traefik.http.middlewares.keycloak-redirect.redirectregex.regex: ^https:\\/\\/([^\\//]+)\\/?$$"
traefik.http.middlewares.keycloak-redirect.redirectregex.replacement: https://$$1/admin"
postgres:
image: postgres:13
image: postgres:15
container_name: keycloak_postgres
networks:
- keycloak
env_file:
- postgres.env
- postgres_secrets.env
volumes:
- postgres_data:/var/lib/postgresql/data

11
fighter/config/keycloak/keycloak-wip.env
View File

@ -1,9 +1,6 @@
KC_DB=postgres
KC_DB_URL=postgres
KC_DB_URL=jdbc:postgresql://postgres/keycloak
KC_DB_USERNAME=keycloak
KC_HOSTNAME=keycloak
DB=postgres
DB_URL=http://postgres:5432
DB_USER=keycloak
DB_PASS=weakpassword
KC_HOSTNAME_URL=https://keycloak-wip.jafner.net
KC_PROXY=edge
KEYCLOAK_ADMIN=Jafner

26
fighter/config/traefik/config/config_addons.yaml
View File

@ -8,22 +8,6 @@ http:
simple-auth:
basicAuth:
usersFile: "/.htpasswd"
authentik:
forwardauth:
address: http://authentik-server:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
securityheaders:
headers:
customResponseHeaders:
@ -82,6 +66,16 @@ http:
permanent: true
regex: "https://(.*)/.well-known/(card|cal)dav"
replacement: "https://${1}/remote.php/dav/"
keycloak:
headers:
customResponseHeaders:
X-Robots-Tag: "noindex, nofollow"
referrerPolicy: "same-origin"
hostsProxyHeaders:
- "X-Forwarded-Host"
customRequestHeaders:
X-Forwarded-Proto: "https"
X-Scheme: https
serversTransports:
insecureskipverify: