| ... |
... |
@@ -13,68 +13,66 @@ |
| 13 |
13 |
|
| 14 |
14 |
###### docker-compose.yml |
| 15 |
15 |
|
| 16 |
|
-```yaml |
| 17 |
|
-version: '3' |
| 18 |
|
- |
| 19 |
|
-services: |
| 20 |
|
- traefik: |
| 21 |
|
- image: "traefik:v2.9" |
| 22 |
|
- container_name: keycloak-traefik |
| 23 |
|
- command: |
| 24 |
|
- - "--api.insecure=true" |
| 25 |
|
- - "--providers.docker=true" |
| 26 |
|
- - "--providers.docker.exposedbydefault=false" |
| 27 |
|
- - "--entrypoints.websecure.address=:443" |
| 28 |
|
- - "--certificatesresolvers.myresolver.acme.tlschallenge=true" |
| 29 |
|
- - "--certificatesresolvers.myresolver.acme.email=<your-email>" |
| 30 |
|
- - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" |
| 31 |
|
- # Uncomment for generating fake certificates and enabling debugging. Used for development, not production. |
| 32 |
|
- # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" |
| 33 |
|
- #- "--log.level=DEBUG" |
| 34 |
|
- ports: |
| 35 |
|
- - "443:443" |
|
16 |
+ version: '3' |
|
17 |
+ |
|
18 |
+ services: |
|
19 |
+ traefik: |
|
20 |
+ image: "traefik:v2.9" |
|
21 |
+ container_name: keycloak-traefik |
|
22 |
+ command: |
|
23 |
+ - "--api.insecure=true" |
|
24 |
+ - "--providers.docker=true" |
|
25 |
+ - "--providers.docker.exposedbydefault=false" |
|
26 |
+ - "--entrypoints.websecure.address=:443" |
|
27 |
+ - "--certificatesresolvers.myresolver.acme.tlschallenge=true" |
|
28 |
+ - "--certificatesresolvers.myresolver.acme.email=<your-email>" |
|
29 |
+ - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" |
|
30 |
+ # Uncomment for generating fake certificates and enabling debugging. Used for development, not production. |
|
31 |
+ # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" |
|
32 |
+ #- "--log.level=DEBUG" |
|
33 |
+ ports: |
|
34 |
+ - "443:443" |
|
35 |
+ volumes: |
|
36 |
+ - "./data/letsencrypt:/letsencrypt" |
|
37 |
+ - "/var/run/docker.sock:/var/run/docker.sock:ro" |
|
38 |
+ |
|
39 |
+ keycloak-postgres: |
|
40 |
+ image: postgres:13.2 |
|
41 |
+ container_name: keycloak-postgres |
|
42 |
+ volumes: |
|
43 |
+ - keycloak-postgres:/var/lib/postgresql/data |
|
44 |
+ environment: |
|
45 |
+ POSTGRES_DB: keycloak |
|
46 |
+ POSTGRES_USER: keycloak |
|
47 |
+ POSTGRES_PASSWORD: <enter-postgres-password> |
|
48 |
+ |
|
49 |
+ mykeycloak: |
|
50 |
+ build: ./ |
|
51 |
+ image: mykeycloak |
|
52 |
+ container_name: keycloak-keycloak |
|
53 |
+ command: |
|
54 |
+ - start --optimized --proxy edge |
|
55 |
+ environment: |
|
56 |
+ KC_HOSTNAME: <subdomain> |
|
57 |
+ KEYCLOAK_ADMIN: admin |
|
58 |
+ KEYCLOAK_ADMIN_PASSWORD: <enter-admin-password> |
|
59 |
+ KC_DB: postgres |
|
60 |
+ KC_DB_URL: jdbc:postgresql://keycloak-postgres:5432/keycloak |
|
61 |
+ KC_DB_USERNAME: keycloak |
|
62 |
+ KC_DB_PASSWORD: <enter-postgres-password> |
|
63 |
+ # KC_LOG_LEVEL: DEBUG |
|
64 |
+ depends_on: |
|
65 |
+ - keycloak-postgres |
|
66 |
+ labels: |
|
67 |
+ - "traefik.enable=true" |
|
68 |
+ - "traefik.http.routers.keycloak.rule=Host(`<subdomain>`)" |
|
69 |
+ - "traefik.http.routers.keycloak.entrypoints=websecure" |
|
70 |
+ - "traefik.http.routers.keycloak.tls.certresolver=myresolver" |
|
71 |
+ - "traefik.http.services.keycloak.loadbalancer.server.port=8080" |
|
72 |
+ |
| 36 |
36 |
volumes: |
| 37 |
|
- - "./data/letsencrypt:/letsencrypt" |
| 38 |
|
- - "/var/run/docker.sock:/var/run/docker.sock:ro" |
|
74 |
+ keycloak-postgres: |
| 39 |
39 |
|
| 40 |
|
- keycloak-postgres: |
| 41 |
|
- image: postgres:13.2 |
| 42 |
|
- container_name: keycloak-postgres |
| 43 |
|
- volumes: |
| 44 |
|
- - keycloak-postgres:/var/lib/postgresql/data |
| 45 |
|
- environment: |
| 46 |
|
- POSTGRES_DB: keycloak |
| 47 |
|
- POSTGRES_USER: keycloak |
| 48 |
|
- POSTGRES_PASSWORD: <enter-postgres-password> |
| 49 |
|
- |
| 50 |
|
- mykeycloak: |
| 51 |
|
- build: ./ |
| 52 |
|
- image: mykeycloak |
| 53 |
|
- container_name: keycloak-keycloak |
| 54 |
|
- command: |
| 55 |
|
- - start --optimized --proxy edge |
| 56 |
|
- environment: |
| 57 |
|
- KC_HOSTNAME: <subdomain> |
| 58 |
|
- KEYCLOAK_ADMIN: admin |
| 59 |
|
- KEYCLOAK_ADMIN_PASSWORD: <enter-admin-password> |
| 60 |
|
- KC_DB: postgres |
| 61 |
|
- KC_DB_URL: jdbc:postgresql://keycloak-postgres:5432/keycloak |
| 62 |
|
- KC_DB_USERNAME: keycloak |
| 63 |
|
- KC_DB_PASSWORD: <enter-postgres-password> |
| 64 |
|
- # KC_LOG_LEVEL: DEBUG |
| 65 |
|
- depends_on: |
| 66 |
|
- - keycloak-postgres |
| 67 |
|
- labels: |
| 68 |
|
- - "traefik.enable=true" |
| 69 |
|
- - "traefik.http.routers.keycloak.rule=Host(`<subdomain>`)" |
| 70 |
|
- - "traefik.http.routers.keycloak.entrypoints=websecure" |
| 71 |
|
- - "traefik.http.routers.keycloak.tls.certresolver=myresolver" |
| 72 |
|
- - "traefik.http.services.keycloak.loadbalancer.server.port=8080" |
| 73 |
|
- |
| 74 |
|
-volumes: |
| 75 |
|
- keycloak-postgres: |
| 76 |
|
-``` |
| 77 |
|
- |
| 78 |
78 |
###### Instructions |
| 79 |
79 |
|
| 80 |
80 |
* Execute `docker-compose up -d` |
