Initial commit

2026-03-16 22:40:42 +03:00
commit 112a728d0b
5 changed files with 84 additions and 0 deletions
--- a/.env
+++ b/.env
@@ -0,0 +1,3 @@
+POSTGRES_USER=keycloak
+POSTGRES_PASSWORD=changeme
+POSTGRES_DB=keycloak
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,2 @@
+postgres
+keycloakify-starter
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,51 @@
+services:
+  keycloak:
+    image: keycloak/keycloak:26.1
+    container_name: keycloak
+    environment:
+      KC_BOOTSTRAP_ADMIN_USERNAME: admin
+      KC_BOOTSTRAP_ADMIN_PASSWORD: admin # temporay password to change when first time logged in
+      KC_DB: postgres
+      KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
+      KC_DB_USERNAME: ${POSTGRES_USER}
+      KC_DB_PASSWORD: ${POSTGRES_PASSWORD}
+      KC_METRICS_ENABLED: "true"
+      KC_HEALTH_ENABLED: "true"
+      KC_LOG_LEVEL: INFO
+      KC_HOSTNAME: http://auth.localhost
+      KC_PROXY: edge
+      KC_HTTP_ENABLED: "true"
+    volumes:
+      - ./keycloak/themes:/opt/keycloak/providers/
+    depends_on:
+      keycloak-database:
+        condition: service_healthy
+    command:
+      - start-dev
+      - --http-enabled=true
+      - --proxy-headers=xforwarded
+
+  keycloak-database:
+    image: postgres:17
+    container_name: postgres
+    environment:
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: ${POSTGRES_DB}
+    volumes:
+      - ./postgres/data:/var/lib/postgresql/data # save data in a volume
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  nginx:
+    image: nginx
+    container_name: nginx
+    ports:
+      - 80:80
+    volumes:
+      - ./nginx/conf.d:/etc/nginx/conf.d
+    depends_on:
+      - keycloak
--- a/keycloak/themes/keycloak-theme-for-kc-all-other-versions.jar
+++ b/keycloak/themes/keycloak-theme-for-kc-all-other-versions.jar
--- a/nginx/conf.d/keycloak.conf
+++ b/nginx/conf.d/keycloak.conf
@@ -0,0 +1,28 @@
+upstream keycloak {
+    server keycloak:8080;
+}
+
+server {
+    server_name auth.localhost;
+    listen 80;
+
+    # deny access to home page
+    # exposed path recommendations https://www.keycloak.org/server/reverseproxy#_exposed_path_recommendations
+    location = / {
+        deny all;
+        return 404;
+    }
+
+    location / {
+        proxy_buffering off;
+        proxy_buffer_size          128k;
+        proxy_buffers            4 256k;
+
+        proxy_pass http://keycloak;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+    }
+}