version: '3'

volumes:
  mysql_data:
      driver: local

services:
  mysql:
      image: mysql:5.7
      volumes:
        - ../data/keycloak/database:/var/lib/mysql
      environment:
        MYSQL_ROOT_PASSWORD: root
        MYSQL_DATABASE: keycloak
        MYSQL_USER: keycloak
        MYSQL_PASSWORD: password

  keycloak:
      image: quay.io/keycloak/keycloak:18.0.0
      entrypoint: /opt/keycloak/bin/kc.sh start --hostname="$${KEYCLOAK_HOSTNAME}" --proxy=edge
      user: "0:0" # otherwise the persistent data directory is not writable
      env_file:
        - ../env.production
        - env.production
        - ../data/keycloak/env.secrets
      environment:
        DB_VENDOR: MYSQL
        DB_ADDR: mysql
        DB_DATABASE: keycloak
        DB_USER: keycloak
        DB_PASSWORD: password
        KEYCLOAK_ADMIN: admin
        # KEYCLOAK_ADMIN_PASSWORD should be set in env.secrets
        PROXY_ADDRESS_FORWARDING: 'true'
      volumes:
        - ../data/keycloak/certs:/etc/x509/https
        - ../data/keycloak/keycloak:/opt/keycloak/data
      ports:
        - 8080:8080
      depends_on:
        - mysql