22062025 7 51 50 early morning

2025-06-23 05:50:57 +03:00
parent b6dc0a0ef7
commit 01eff2d54a
4 changed files with 49 additions and 18 deletions
@@ -104,26 +104,35 @@ services:
    restart: unless-stopped

  keycloak:
-    image: quay.io/keycloak/keycloak:latest
+    build:
+      context: ./keycloak
+      dockerfile: Dockerfile
    container_name: keycloak
    ports:
      - "8080:8080"
    profiles:
      - prod
      - dev
+      - kk
    environment:
-      KEYCLOAK_ADMIN: admin
-      KEYCLOAK_ADMIN_PASSWORD: admin
-      KC_HOSTNAME: localhost 
-      DB_VENDOR: postgres
-      DB_ADDR: kk_db  # Имя сервиса PostgreSQL
-      DB_DATABASE: keycloak
-      DB_USER: postgres
-      DB_PASSWORD: postgres
-      KC_HTTP_ENABLED: "true"
-    command: start-dev 
-    depends_on:
-      - kk_db
+      KEYCLOAK_USER: admin
+      KEYCLOAK_PASSWORD: admi
+      KC_DB: postgres
+      KC_DB_URL: jdbc:postgresql://kk_db:5432/keycloak
+      KC_DB_USERNAME: postgres
+      KC_DB_PASSWORD: postgres
+      KEYCLOAK_FRONTEND_URL: https://yalarba.ru/auth
+      PROXY_ADDRESS_FORWARDING: "true"
+      KEYCLOAK_LOGLEVEL: INFO
+      KEYCLOAK_HTTPS_PORT: 8443
+      KEYCLOAK_HTTP_PORT: 8080
+      KEYCLOAK_HTTP_PROXY: true
+      KEYCLOAK_HTTPS_REDIRECT: false
+      KC_HOSTNAME_STRICT: "false"
+      KC_PROXY: edge
+      KC_HOSTNAME: yalarba.ru
+      KC_HTTP_RELATIVE_PATH: /auth
+    command: start --optimized
    networks:
      - internal

@@ -0,0 +1,17 @@
+FROM quay.io/keycloak/keycloak:latest AS builder
+
+# Enable health and metrics support
+ENV KC_HEALTH_ENABLED=true
+ENV KC_METRICS_ENABLED=true
+
+# Configure a database vendor
+ENV KC_DB=postgres
+
+WORKDIR /opt/keycloak
+RUN /opt/keycloak/bin/kc.sh build
+
+FROM quay.io/keycloak/keycloak:latest
+COPY --from=builder /opt/keycloak/ /opt/keycloak/
+
+
+ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]
@@ -0,0 +1,5 @@
+#!/bin/sh
+set -e
+
+# Применяем начальную загрузку и устанавливаем необходимые переменные
+/opt/keycloak/bin/kc.sh build && /opt/keycloak/bin/kc.sh start
@@ -23,16 +23,16 @@ server {
        index index.html;
    }

-    location /auth/ {
-        proxy_pass http://keycloak:8080/;  # Имя сервиса из docker-compose
+    location /auth {
+        proxy_pass http://keycloak:8080/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
-
-        # Важно для Keycloak
-        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_connect_timeout 600;
+        proxy_send_timeout 600;
+        proxy_read_timeout 600;
    }

 }