mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-01-05 19:59:37 -06:00
77 lines
2.8 KiB
YAML
77 lines
2.8 KiB
YAML
---
|
|
services:
|
|
traefik:
|
|
networks:
|
|
opencloud-net:
|
|
aliases:
|
|
- ${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}
|
|
|
|
opencloud:
|
|
environment:
|
|
# Keycloak IDP specific configuration
|
|
PROXY_AUTOPROVISION_ACCOUNTS: "false"
|
|
PROXY_ROLE_ASSIGNMENT_DRIVER: "oidc"
|
|
OC_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}/realms/${KEYCLOAK_REALM:-openCloud}
|
|
PROXY_OIDC_REWRITE_WELLKNOWN: "true"
|
|
WEB_OIDC_CLIENT_ID: ${OC_OIDC_CLIENT_ID:-web}
|
|
PROXY_USER_OIDC_CLAIM: "uuid"
|
|
PROXY_USER_CS3_CLAIM: "userid"
|
|
WEB_OPTION_ACCOUNT_EDIT_LINK_HREF: "https://${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}/realms/${KEYCLOAK_REALM:-openCloud}/account"
|
|
# admin and demo accounts must be created in Keycloak
|
|
OC_ADMIN_USER_ID: ""
|
|
SETTINGS_SETUP_DEFAULT_ASSIGNMENTS: "false"
|
|
GRAPH_ASSIGN_DEFAULT_USER_ROLE: "false"
|
|
GRAPH_USERNAME_MATCH: "none"
|
|
KEYCLOAK_DOMAIN: ${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}
|
|
|
|
postgres:
|
|
image: postgres:alpine
|
|
networks:
|
|
opencloud-net:
|
|
volumes:
|
|
- keycloak_postgres_data:/var/lib/postgresql/data
|
|
environment:
|
|
POSTGRES_DB: keycloak
|
|
POSTGRES_USER: keycloak
|
|
POSTGRES_PASSWORD: keycloak
|
|
logging:
|
|
driver: ${LOG_DRIVER:-local}
|
|
restart: always
|
|
|
|
keycloak:
|
|
image: quay.io/keycloak/keycloak:25.0.0
|
|
networks:
|
|
opencloud-net:
|
|
command: ["start", "--proxy=edge", "--spi-connections-http-client-default-disable-trust-manager=${INSECURE:-false}", "--import-realm"]
|
|
entrypoint: ["/bin/sh", "/opt/keycloak/bin/docker-entrypoint-override.sh"]
|
|
volumes:
|
|
- "./config/keycloak/docker-entrypoint-override.sh:/opt/keycloak/bin/docker-entrypoint-override.sh"
|
|
- "./config/keycloak/opencloud-realm.dist.json:/opt/keycloak/data/import-dist/opencloud-realm.json"
|
|
environment:
|
|
OC_DOMAIN: ${OC_DOMAIN:-cloud.opencloud.test}
|
|
KC_HOSTNAME: ${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}
|
|
KC_DB: postgres
|
|
KC_DB_URL: "jdbc:postgresql://postgres:5432/keycloak"
|
|
KC_DB_USERNAME: keycloak
|
|
KC_DB_PASSWORD: keycloak
|
|
KC_FEATURES: impersonation
|
|
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN_USER:-admin}
|
|
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
|
|
ports:
|
|
- "8080:8080"
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.keycloak.entrypoints=https"
|
|
- "traefik.http.routers.keycloak.rule=Host(`${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}`)"
|
|
- "traefik.http.routers.keycloak.tls.certresolver=http"
|
|
- "traefik.http.routers.keycloak.service=keycloak"
|
|
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
|
|
depends_on:
|
|
- postgres
|
|
logging:
|
|
driver: ${LOG_DRIVER:-local}
|
|
restart: always
|
|
|
|
volumes:
|
|
keycloak_postgres_data:
|