Compare commits
11 Commits
5.0.2+20.0
...
7.2.0+22.0
| Author | SHA1 | Date | |
|---|---|---|---|
| e7360c2a16 | |||
| 5b83f487ec | |||
| 3d42a26b9e | |||
| 6aac16ebd6 | |||
| a5aae68446 | |||
| 82f6ad5d52 | |||
| 04b584ab4f | |||
| d2b9fffc46 | |||
| b682264613 | |||
| be3980d66f | |||
| 157d3beaab |
@ -8,6 +8,11 @@ LETS_ENCRYPT_ENV=production
|
|||||||
ADMIN_USERNAME=admin
|
ADMIN_USERNAME=admin
|
||||||
WELCOME_THEME=keycloak
|
WELCOME_THEME=keycloak
|
||||||
|
|
||||||
|
COMPOSE_FILE="compose.yml"
|
||||||
|
|
||||||
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||||
SECRET_DB_PASSWORD_VERSION=v1
|
SECRET_DB_PASSWORD_VERSION=v1
|
||||||
SECRET_ADMIN_PASSWORD_VERSION=v1
|
SECRET_ADMIN_PASSWORD_VERSION=v1
|
||||||
|
|
||||||
|
# Enable persistent theme volume, if you want to apply a custom theme
|
||||||
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.theme.yml"
|
||||||
|
|||||||
10
compose.theme.yml
Normal file
10
compose.theme.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
---
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
volumes:
|
||||||
|
- "themes:/opt/keycloak/themes"
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
themes:
|
||||||
29
compose.yml
29
compose.yml
@ -3,9 +3,9 @@ version: "3.8"
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: "keycloak/keycloak:20.0.3"
|
image: "keycloak/keycloak:22.0.5"
|
||||||
entrypoint: >
|
entrypoint: >
|
||||||
bash -c "KC_DB_PASSWORD=\"$$(cat /run/secrets/db_password)\" /opt/keycloak/bin/kc.sh start"
|
bash -c "KEYCLOAK_ADMIN_PASSWORD=\"$$(cat /run/secrets/admin_password)\" KC_DB_PASSWORD=\"$$(cat /run/secrets/db_password)\" /opt/keycloak/bin/kc.sh start"
|
||||||
networks:
|
networks:
|
||||||
- proxy
|
- proxy
|
||||||
- internal
|
- internal
|
||||||
@ -21,14 +21,16 @@ services:
|
|||||||
- KC_SPI_CONNECTIONS_JPA_LEGACY_MIGRATION_STRATEGY=update
|
- KC_SPI_CONNECTIONS_JPA_LEGACY_MIGRATION_STRATEGY=update
|
||||||
- KEYCLOAK_ADMIN=${ADMIN_USERNAME}
|
- KEYCLOAK_ADMIN=${ADMIN_USERNAME}
|
||||||
- KEYCLOAK_WELCOME_THEME=${WELCOME_THEME}
|
- KEYCLOAK_WELCOME_THEME=${WELCOME_THEME}
|
||||||
healthcheck:
|
# NOTE(3wc): disabled due to missing curl binary, see
|
||||||
test: ["CMD", "curl", "-f", "http://localhost:8080"]
|
# https://git.coopcloud.tech/coop-cloud/keycloak/issues/15
|
||||||
interval: 30s
|
# healthcheck:
|
||||||
timeout: 10s
|
# test: ["CMD", "curl", "-f", "http://localhost:8080"]
|
||||||
retries: 10
|
# interval: 30s
|
||||||
start_period: 1m
|
# timeout: 10s
|
||||||
|
# retries: 10
|
||||||
|
# start_period: 1m
|
||||||
volumes:
|
volumes:
|
||||||
- "themes:/opt/keycloak/themes"
|
- "providers:/opt/keycloak/providers"
|
||||||
depends_on:
|
depends_on:
|
||||||
- mariadb
|
- mariadb
|
||||||
deploy:
|
deploy:
|
||||||
@ -44,10 +46,10 @@ services:
|
|||||||
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||||
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||||
- "coop-cloud.${STACK_NAME}.version=5.0.2+20.0.3"
|
- "coop-cloud.${STACK_NAME}.version=7.2.0+22.0.5"
|
||||||
|
|
||||||
db:
|
db:
|
||||||
image: "mariadb:10.6"
|
image: "mariadb:10.11"
|
||||||
environment:
|
environment:
|
||||||
- MYSQL_DATABASE=keycloak
|
- MYSQL_DATABASE=keycloak
|
||||||
- MYSQL_USER=keycloak
|
- MYSQL_USER=keycloak
|
||||||
@ -66,6 +68,9 @@ services:
|
|||||||
backupbot.backup.path: "/tmp/dump.sql.gz"
|
backupbot.backup.path: "/tmp/dump.sql.gz"
|
||||||
backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
|
backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
|
||||||
backupbot.backup.pre-hook: "sh -c 'mysqldump -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak | gzip > /tmp/dump.sql.gz'"
|
backupbot.backup.pre-hook: "sh -c 'mysqldump -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak | gzip > /tmp/dump.sql.gz'"
|
||||||
|
backupbot.restore.pre-hook: "sh -c 'cd /tmp && gzip -d dump.sql.gz'"
|
||||||
|
backupbot.restore: "true"
|
||||||
|
backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" keycloak < /tmp/dump.sql && rm -f /tmp/dump.sql'"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
internal:
|
internal:
|
||||||
@ -85,4 +90,4 @@ secrets:
|
|||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
mariadb:
|
mariadb:
|
||||||
themes:
|
providers:
|
||||||
|
|||||||
2
release/6.0.0+21.0.2
Normal file
2
release/6.0.0+21.0.2
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
Healthchecks are disabled, see
|
||||||
|
https://git.coopcloud.tech/coop-cloud/keycloak/issues/15
|
||||||
5
release/7.2.0+22.0.5
Normal file
5
release/7.2.0+22.0.5
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
A persistent volume for themes is now optional, and not enabled by default.
|
||||||
|
|
||||||
|
If you are using a custom theme, consult the recipe `.env.sample` to see the new
|
||||||
|
variables you need to add. You can use `abra app check ...` to verify that
|
||||||
|
they've been added correctly.
|
||||||
Reference in New Issue
Block a user