config: keycloack TLS ingesteld
This commit is contained in:
Timo De Meyst
parent
dbc1da741c
commit
1bfb78a889
1 changed files with 6 additions and 2 deletions
|
|
@ -47,21 +47,25 @@ services:
|
||||||
file: ./compose.yml
|
file: ./compose.yml
|
||||||
service: idp
|
service: idp
|
||||||
# TODO Replace with proper production command
|
# TODO Replace with proper production command
|
||||||
command: ['start-dev', '--http-port', '7080', '--https-port', '7443', '--import-realm']
|
command: ['start', '--http-port', '7080', '--https-port', '7443', '--import-realm']
|
||||||
networks:
|
networks:
|
||||||
- dwengo-1
|
- dwengo-1
|
||||||
labels:
|
labels:
|
||||||
- 'traefik.enable=true'
|
- 'traefik.enable=true'
|
||||||
- 'traefik.http.routers.idp.rule=PathPrefix(`/idp`)'
|
- 'traefik.http.routers.idp.rule=PathPrefix(`/idp`)'
|
||||||
- 'traefik.http.services.idp.loadbalancer.server.port=7080'
|
- 'traefik.http.services.idp.loadbalancer.server.port=7080'
|
||||||
|
- "traefik.tcp.routers.idp.tls.passthrough=true" # Keycloak expects TLS in production mode, so it can't be terminated by the reverse proxy
|
||||||
|
volumes:
|
||||||
|
- /etc/keycloak:/opt/keycloak/
|
||||||
env_file:
|
env_file:
|
||||||
- ./config/idp/.env
|
- ./config/idp/.env
|
||||||
environment:
|
environment:
|
||||||
KC_HOSTNAME: 'sel2-1.ugent.be'
|
KC_HOSTNAME: 'sel2-1.ugent.be'
|
||||||
PROXY_ADDRESS_FORWARDING: 'true'
|
PROXY_ADDRESS_FORWARDING: 'true'
|
||||||
KC_PROXY_HEADERS: 'xforwarded'
|
KC_PROXY_HEADERS: 'xforwarded'
|
||||||
KC_HTTP_ENABLED: 'true'
|
|
||||||
KC_HTTP_RELATIVE_PATH: '/idp'
|
KC_HTTP_RELATIVE_PATH: '/idp'
|
||||||
|
KC_HTTPS_CERTIFICATE_FILE: '/opt/keycloak/cert.pem'
|
||||||
|
KC_HTTPS_CERTIFICATE_KEY_FILE: '/opt/keycloak/key.pem'
|
||||||
|
|
||||||
reverse-proxy:
|
reverse-proxy:
|
||||||
image: traefik:v3.3
|
image: traefik:v3.3
|
||||||
|
|
|
||||||
Reference in a new issue