version: '3' services: keycloak-db: image: mysql:5.7 restart: always container_name: keycloak-db volumes: - ./data/keycloak/database:/var/lib/mysql environment: MYSQL_ROOT_PASSWORD: root MYSQL_DATABASE: keycloak MYSQL_USER: keycloak MYSQL_PASSWORD: password keycloak: image: quay.io/keycloak/keycloak:18.0 restart: always container_name: keycloak entrypoint: /opt/keycloak/bin/kc.sh start --hostname="$${KEYCLOAK_HOSTNAME}.$${DOMAIN_NAME}" --proxy=edge # healthcheck: # test: ["CMD", "curl", "-f", "http://localhost:8080"] # interval: 30s # timeout: 10s # retries: 3 user: "0:0" # otherwise the persistent data directory is not writable environment: DB_VENDOR: MYSQL DB_ADDR: keycloak-db DB_DATABASE: keycloak DB_USER: keycloak DB_PASSWORD: password KEYCLOAK_ADMIN: admin KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD} PROXY_ADDRESS_FORWARDING: 'true' env_file: - ./env.production volumes: - ./data/keycloak/certs:/etc/x509/https - ./data/keycloak/keycloak:/opt/keycloak/data - ./keycloak/client-create:/bin/client-create:ro - ./keycloak/client-get:/bin/client-get:ro - ./keycloak/create-user:/bin/create-user:ro - ./keycloak/remind-user:/bin/remind-user:ro - ./keycloak/keycloak-login.sh:/bin/keycloak-login.sh:ro - ./keycloak/entrypoint-setup.sh:/setup.sh:ro - ./keycloak/mail-setup.sh:/keycloak-setup/mail-setup.sh:ro - ./keycloak/mapper-setup.sh:/keycloak-setup/mapper-setup.sh:ro - ./secrets:/run/secrets:ro depends_on: - keycloak-db # add the keycloak nginx configuration into the nginx volume nginx: volumes: - ./keycloak/nginx.conf:/etc/nginx/templates/keycloak.conf.template:ro