-
-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy path02-keycloak-outline-docker-compose.yml
117 lines (113 loc) · 4.28 KB
/
02-keycloak-outline-docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
networks:
outline-network:
external: true
keycloak-network:
external: true
traefik-network:
external: true
volumes:
keycloak-postgres:
keycloak-postgres-backup:
keycloak-database-backups:
services:
postgres-keycloak:
image: ${KEYCLOAK_POSTGRES_IMAGE_TAG}
volumes:
- keycloak-postgres:/var/lib/postgresql/data
environment:
POSTGRES_DB: ${KEYCLOAK_DB_NAME}
POSTGRES_USER: ${KEYCLOAK_DB_USER}
POSTGRES_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
networks:
- keycloak-network
healthcheck:
test: [ "CMD", "pg_isready", "-q", "-d", "${KEYCLOAK_DB_NAME}", "-U", "${KEYCLOAK_DB_USER}" ]
interval: 10s
timeout: 5s
retries: 3
start_period: 60s
restart: unless-stopped
keycloak:
image: ${KEYCLOAK_IMAGE_TAG}
command: start
environment:
KC_DB: postgres
KC_DB_URL_HOST: postgres-keycloak
KC_DB_URL_DATABASE: ${KEYCLOAK_DB_NAME}
KC_DB_USERNAME: ${KEYCLOAK_DB_USER}
KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
KC_DB_SCHEMA: public
KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN_USERNAME}
KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
KC_HEALTH_ENABLED: 'true'
KC_HOSTNAME: ${KEYCLOAK_HOSTNAME}
KC_HTTP_ENABLED: 'true'
KC_PROXY_HEADERS: 'xforwarded'
PROXY_ADDRESS_FORWARDING: 'true'
networks:
- keycloak-network
- traefik-network
healthcheck:
test:
- "CMD-SHELL"
- |
exec 3<>/dev/tcp/localhost/9000 &&
echo -e 'GET /health/ready HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n' >&3 &&
cat <&3 | tee /tmp/healthcheck.log | grep -q '200 OK'
interval: 10s
timeout: 5s
retries: 3
start_period: 90s
labels:
# Enable Traefik for this container
- "traefik.enable=true"
# Match incoming requests on a specific hostname
- "traefik.http.routers.keycloak.rule=Host(`${KEYCLOAK_HOSTNAME}`)"
# Assign the router to a named Traefik service
- "traefik.http.routers.keycloak.service=keycloak"
# Use the 'websecure' (HTTPS) entry point
- "traefik.http.routers.keycloak.entrypoints=websecure"
# Define the internal container port for routing
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
# Enable TLS on this router
- "traefik.http.routers.keycloak.tls=true"
# Use Let's Encrypt for certificate management
- "traefik.http.routers.keycloak.tls.certresolver=letsencrypt"
# Pass the original Host header to the container
- "traefik.http.services.keycloak.loadbalancer.passhostheader=true"
# Apply a compression middleware
- "traefik.http.routers.keycloak.middlewares=compresstraefik"
# Define settings for the compression middleware
- "traefik.http.middlewares.compresstraefik.compress=true"
# Specify which Docker network Traefik should use for routing
- "traefik.docker.network=traefik-network"
restart: unless-stopped
depends_on:
postgres-keycloak:
condition: service_healthy
backups-keycloak:
image: ${KEYCLOAK_POSTGRES_IMAGE_TAG}
command: >-
sh -c 'sleep $KEYCLOAK_BACKUP_INIT_SLEEP &&
while true; do
pg_dump -h postgres-keycloak -p 5432 -d $KEYCLOAK_DB_NAME -U $KEYCLOAK_DB_USER | gzip > $KEYCLOAK_POSTGRES_BACKUPS_PATH/$KEYCLOAK_POSTGRES_BACKUP_NAME-$(date "+%Y-%m-%d_%H-%M").gz &&
find $KEYCLOAK_POSTGRES_BACKUPS_PATH -type f -mtime +$KEYCLOAK_POSTGRES_BACKUP_PRUNE_DAYS | xargs rm -f &&
sleep $KEYCLOAK_BACKUP_INTERVAL; done'
volumes:
- keycloak-postgres-backup:/var/lib/postgresql/data
- keycloak-database-backups:${KEYCLOAK_POSTGRES_BACKUPS_PATH}
environment:
KEYCLOAK_DB_NAME: ${KEYCLOAK_DB_NAME}
KEYCLOAK_DB_USER: ${KEYCLOAK_DB_USER}
PGPASSWORD: ${KEYCLOAK_DB_PASSWORD}
KEYCLOAK_BACKUP_INIT_SLEEP: ${KEYCLOAK_BACKUP_INIT_SLEEP}
KEYCLOAK_BACKUP_INTERVAL: ${KEYCLOAK_BACKUP_INTERVAL}
KEYCLOAK_POSTGRES_BACKUP_PRUNE_DAYS: ${KEYCLOAK_POSTGRES_BACKUP_PRUNE_DAYS}
KEYCLOAK_POSTGRES_BACKUPS_PATH: ${KEYCLOAK_POSTGRES_BACKUPS_PATH}
KEYCLOAK_POSTGRES_BACKUP_NAME: ${KEYCLOAK_POSTGRES_BACKUP_NAME}
networks:
- keycloak-network
restart: unless-stopped
depends_on:
postgres-keycloak:
condition: service_healthy