config: keycloack TLS ingesteld
This commit is contained in:
Timo De Meyst
parent
dbc1da741c
commit
1bfb78a889
1 changed files with 6 additions and 2 deletions
|
|
@ -47,21 +47,25 @@ services:
|
|||
file: ./compose.yml
|
||||
service: idp
|
||||
# TODO Replace with proper production command
|
||||
command: ['start-dev', '--http-port', '7080', '--https-port', '7443', '--import-realm']
|
||||
command: ['start', '--http-port', '7080', '--https-port', '7443', '--import-realm']
|
||||
networks:
|
||||
- dwengo-1
|
||||
labels:
|
||||
- 'traefik.enable=true'
|
||||
- 'traefik.http.routers.idp.rule=PathPrefix(`/idp`)'
|
||||
- 'traefik.http.services.idp.loadbalancer.server.port=7080'
|
||||
- "traefik.tcp.routers.idp.tls.passthrough=true" # Keycloak expects TLS in production mode, so it can't be terminated by the reverse proxy
|
||||
volumes:
|
||||
- /etc/keycloak:/opt/keycloak/
|
||||
env_file:
|
||||
- ./config/idp/.env
|
||||
environment:
|
||||
KC_HOSTNAME: 'sel2-1.ugent.be'
|
||||
PROXY_ADDRESS_FORWARDING: 'true'
|
||||
KC_PROXY_HEADERS: 'xforwarded'
|
||||
KC_HTTP_ENABLED: 'true'
|
||||
KC_HTTP_RELATIVE_PATH: '/idp'
|
||||
KC_HTTPS_CERTIFICATE_FILE: '/opt/keycloak/cert.pem'
|
||||
KC_HTTPS_CERTIFICATE_KEY_FILE: '/opt/keycloak/key.pem'
|
||||
|
||||
reverse-proxy:
|
||||
image: traefik:v3.3
|
||||
|
|
|
|||
Reference in a new issue