#113 Init built Keycloak image

fighter/config/keycloak/Dockerfile

@@ -0,0 +1,24 @@
+FROM quay.io/keycloak/keycloak:23.0 as builder
+
+# Enable health and metrics support
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=true
+
+# Configure a database vendor
+ENV KC_DB=${DB:-keycloak}
+
+WORKDIR /opt/keycloak
+# for demonstration purposes only, please make sure to use proper certificates in production instead
+RUN keytool -genkeypair -storepass password -storetype PKCS12 -keyalg RSA -keysize 8192 -dname "CN=server" -alias server -ext "SAN:c=DNS:localhost,IP:127.0.0.1" -keystore conf/server.keystore
+RUN /opt/keycloak/bin/kc.sh build
+
+FROM quay.io/keycloak/keycloak:latest
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+# change these values to point to a running postgres instance
+ENV KC_DB=${DB:-keycloak}
+ENV KC_DB_URL=${DB_URL:-postgres}
+ENV KC_DB_USERNAME=${DB_USER:-keycloak}
+ENV KC_DB_PASSWORD=${DB_PASS:-changeme}
+ENV KC_HOSTNAME=${HOST:-keycloak}
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]

fighter/config/keycloak/README.md

@@ -16,4 +16,16 @@ We'll assume the new service is hosted at `https://web.jafner.net`.
 1. Open the [traefik-forward-auth client configuration page](https://keycloak.jafner.net/admin/master/console/#/Jafner.net/clients/90760ab3-f77f-48da-9dc1-df5ea6eed3a3/settings) and add the new site (appended with `/_oauth`) to the list of valid redirect URIs. E.g. `https://web.jafner.net/_oauth`.
 2. Add the `traefik-forward-auth@file` Traefik middleware to the service. 
 3. Start up the new service. Open a new private window and navigate to the new service (`https://web.jafner.net`). It should redirect to Keycloak with a login prompt.
-4. If applicable, disable any local auth. 
+4. If applicable, disable any local auth. 
+
+# Export and Import Realms
+[Docs on Keycloak.org](https://www.keycloak.org/server/importExport)
+
+## Export Realms
+With the docker container offline, run: `docker-compose run --entrypoint="/opt/keycloak/bin/kc.sh export --dir /opt/keycloak/data/export --users realm_file" keycloak`
+
+This will export the contents of each realm to a `json` file in the `export/` directory. `/opt/keycloak/data` should be the directory that is mounted to the host.
+
+## Import Realms
+To import realms at startup, replace the startup command with `start --import-realm`
+Additionally, you'll need to map the directory containing the files to import (e.g. `$KEYCLOAK_DATA/import`) to the `/opt/keycloak/data/import` inside the container.

fighter/config/keycloak/docker-compose.yml

@@ -2,10 +2,12 @@ version: '3'
 
 services:
   keycloak:
-    image: quay.io/keycloak/keycloak:23.0
+    #image: quay.io/keycloak/keycloak:19.0
+    build:
+      dockerfile: Dockerfile
     container_name: keycloak_keycloak
     volumes:
-      - $KEYCLOAK_DATA:/opt/keycloak/data
+      - $KEYCLOAK_DATA/import:/opt/keycloak/data/import
     networks:
       web:
         aliases:
@@ -57,6 +59,16 @@ services:
       - "traefik.enable=false"
       - "traefik.http.routers.forwardauth-privileged.rule=Path(`/_oauth`)"
       - "traefik.http.routers.forwardauth-privileged.tls.certresolver=lets-encrypt"
+  
+  postgres:
+    image: postgres:13
+    container_name: keycloak_postgres
+    networks:
+      - keycloak
+    env_file:
+      - postgres_secrets.env
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
 
 networks:
   web: