env/keycloak.yaml

version: '3'
services:
  keycloak-db:
      image: mysql:5.7
      restart: always
      container_name: keycloak-db
      volumes:
        - ./data/keycloak/database:/var/lib/mysql
      environment:
        MYSQL_ROOT_PASSWORD: root
        MYSQL_DATABASE: keycloak
        MYSQL_USER: keycloak
        MYSQL_PASSWORD: password

  keycloak:
      image: quay.io/keycloak/keycloak:18.0
      restart: always
      container_name: keycloak
      entrypoint: /opt/keycloak/bin/kc.sh start --hostname="$${KEYCLOAK_HOSTNAME}.$${DOMAIN_NAME}" --proxy=edge
#      healthcheck:
#        test: ["CMD", "curl", "-f", "http://localhost:8080"]
#        interval: 30s
#        timeout: 10s
#        retries: 3
      user: "0:0" # otherwise the persistent data directory is not writable
      environment:
        DB_VENDOR: MYSQL
        DB_ADDR: keycloak-db
        DB_DATABASE: keycloak
        DB_USER: keycloak
        DB_PASSWORD: password
        KEYCLOAK_ADMIN: admin
        KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
        PROXY_ADDRESS_FORWARDING: 'true'
      env_file:
        - ./env.production
      volumes:
        - ./data/keycloak/certs:/etc/x509/https
        - ./data/keycloak/keycloak:/opt/keycloak/data
        - ./keycloak/client-create:/bin/client-create:ro
        - ./keycloak/client-get:/bin/client-get:ro
        - ./keycloak/create-user:/bin/create-user:ro
        - ./keycloak/remind-user:/bin/remind-user:ro
        - ./keycloak/keycloak-login.sh:/bin/keycloak-login.sh:ro
        - ./keycloak/entrypoint-setup.sh:/setup.sh:ro
        - ./keycloak/mail-setup.sh:/keycloak-setup/mail-setup.sh:ro
        - ./keycloak/mapper-setup.sh:/keycloak-setup/mapper-setup.sh:ro
        - ./secrets:/run/secrets:ro
      depends_on:
        - keycloak-db

  # add the keycloak nginx configuration into the nginx volume
  nginx:
    volumes:
      - ./keycloak/nginx.conf:/etc/nginx/templates/keycloak.conf.template:ro
prod: lots of little hacks to get things working on the prod server 2 years ago			`version: '3'`
collapse everything into one docker-compose environment and enable prometheus logging 2 years ago			`services:`
			`keycloak-db:`
			`image: mysql:5.7`
			`restart: always`
			`container_name: keycloak-db`
			`volumes:`
			`- ./data/keycloak/database:/var/lib/mysql`
			`environment:`
			`MYSQL_ROOT_PASSWORD: root`
			`MYSQL_DATABASE: keycloak`
			`MYSQL_USER: keycloak`
			`MYSQL_PASSWORD: password`

			`keycloak:`
prod: lots of little hacks to get things working on the prod server 2 years ago			`image: quay.io/keycloak/keycloak:18.0`
collapse everything into one docker-compose environment and enable prometheus logging 2 years ago			`restart: always`
			`container_name: keycloak`
			`entrypoint: /opt/keycloak/bin/kc.sh start --hostname="$${KEYCLOAK_HOSTNAME}.$${DOMAIN_NAME}" --proxy=edge`
			`# healthcheck:`
			`# test: ["CMD", "curl", "-f", "http://localhost:8080"]`
			`# interval: 30s`
			`# timeout: 10s`
			`# retries: 3`
			`user: "0:0" # otherwise the persistent data directory is not writable`
			`environment:`
			`DB_VENDOR: MYSQL`
			`DB_ADDR: keycloak-db`
			`DB_DATABASE: keycloak`
			`DB_USER: keycloak`
			`DB_PASSWORD: password`
			`KEYCLOAK_ADMIN: admin`
prod: lots of little hacks to get things working on the prod server 2 years ago			`KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}`
collapse everything into one docker-compose environment and enable prometheus logging 2 years ago			`PROXY_ADDRESS_FORWARDING: 'true'`
prod: lots of little hacks to get things working on the prod server 2 years ago			`env_file:`
			`- ./env.production`
collapse everything into one docker-compose environment and enable prometheus logging 2 years ago			`volumes:`
			`- ./data/keycloak/certs:/etc/x509/https`
			`- ./data/keycloak/keycloak:/opt/keycloak/data`
prod: lots of little hacks to get things working on the prod server 2 years ago			`- ./keycloak/client-create:/bin/client-create:ro`
keycloak: do not recreate an existing client, create roles for admin 2 years ago			`- ./keycloak/client-get:/bin/client-get:ro`
keycloak: scripts to create a new user 2 years ago			`- ./keycloak/create-user:/bin/create-user:ro`
keycloak: create and remind user of their password 2 years ago			`- ./keycloak/remind-user:/bin/remind-user:ro`
keycloak: scripts to create a new user 2 years ago			`- ./keycloak/keycloak-login.sh:/bin/keycloak-login.sh:ro`
prod: lots of little hacks to get things working on the prod server 2 years ago			`- ./keycloak/entrypoint-setup.sh:/setup.sh:ro`
			`- ./keycloak/mail-setup.sh:/keycloak-setup/mail-setup.sh:ro`
keycloak: enable roles in userinfo endpoint 2 years ago			`- ./keycloak/mapper-setup.sh:/keycloak-setup/mapper-setup.sh:ro`
keycloak: map secrets directory instead of per-service mappings 2 years ago			`- ./secrets:/run/secrets:ro`
collapse everything into one docker-compose environment and enable prometheus logging 2 years ago			`depends_on:`
			`- keycloak-db`

			`# add the keycloak nginx configuration into the nginx volume`
			`nginx:`
			`volumes:`
			`- ./keycloak/nginx.conf:/etc/nginx/templates/keycloak.conf.template:ro`